Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.

Configure Password Reset properties

Log in to subscribe to topics and get notified when content changes.

Configure Password Reset properties

You can specify properties that configure the Password Reset experience for end users.

Before you begin

Role required: password_reset_admin

About this task

While there are no range limits for the values you can enter for properties, consider using only positive integer values starting at 1. When you determine the limit for the upper range of a property, consider the task that the user is performing.

For example, you would not want to allow 100 attempts for users to verify their identity. A more common value is 3 attempts. Similarly, you may not want to force users who are completing the enrollment process to spend time selecting and answering 30 security questions. The more commonly used number of security questions is between 5 and 7.

Procedure

  1. Navigate to Password Reset > Properties.
  2. Update settings as needed and then click Save.
    Table 1. Password Reset properties
    Property Label Property Name Description
    Password Reset Global properties
    Email template for reminders to users who need to enroll for the password reset process password_reset.enrollment_reminder.email_template Template to use for the email messages that remind users to enroll for the password reset process. See Send email to remind users to enroll for Password Reset.
    Workflow polling frequency password_reset.wf.refresh_rate Time period in milliseconds between checks on status of the Password Reset workflow.
    • Type: integer
    • Default value: 500
    Workflow expiration password_reset.wf.timeout Maximum wait time in milliseconds for the workflow to complete. The workflow is triggered during the password reset request when the user clicks Submit.
    • Type: integer
    • Default value: 90000
    Disable CAPTCHA validation functionality password_reset.captcha.ignore Enables or disables CAPTCHA functionality.
    • Type: true|false
    • Default value: false

    The Password Reset application uses Google re-CAPTCHA as the default CAPTCHA service. To use the base system CAPTCHA, change the password_reset.captcha.google.enabled system property to false.

    See Configure Google reCAPTCHA

    Password Reset Request properties
    Number of unsuccessful attempts allowed to reset/change password password_reset.request.max_attempt Number of password reset attempts a user is allowed before they are locked out for a period determined by the value in max_attempt_window.
    • Type: integer
    • Default value: 3 (attempts)
    Number of minutes a user must wait to reset/change password after exceeding the maximum allowed unsuccessful attempts password_reset.request.max_attempt_window Time period that users are blocked or prevented from changing their passwords after trying the maximum number of times.
    • Type: integer
    • Default value: 1440 (minutes)
    Number of minutes a user must wait to reset/change password after the last successful reset/change password_reset.request.success_window Time period that a user must wait after successfully resetting the password to reset the password again.
    • Type: integer
    • Default value: 1440 (minutes)
    Number of minutes a user must wait to start a reset request after the last successful unlock account password_reset.request.unlock_window Time period that a user must wait after a successful unlock operation before starting a new request.
    • Type: integer
    • Default value: 1440 (minutes)
    Number of minutes before a password reset request expires password_reset.request.expiry Time period during which a user must perform the Password Reset process.
    • Type: integer
    • Default value: 10 (minutes)
    Note: This setting takes precedence over the glide.pwd_reset.onetime.token.validity property (that has a 12-hour default).
    Password Reset Security Question properties
    Minimum number of characters in any answer password_reset.qa.ans_min_len Minimum number of alphanumeric characters that the user must enter in the answer text box for any security question.

    Default value: 3 characters

    Number of security questions required during the password reset request password_reset.qa.num_reset
    Number of security questions that are displayed on the Verify page while a user is attempting to reset the password. The user must answer all questions correctly to verify identity. The questions are selected at random and are presented in random order.
    • Type: integer
    • Default value: 3 (questions)
    • Possible values: Integers that are less than the number specified for the Number of security questions required during enrollment property (the num_enroll parameter).
    Note: You can override this property setting for a Password Reset process by configuring the num_reset parameter. See Specify the number of required security questions.
    Number of security questions required during enrollment password_reset.qa.num_enroll
    Number of questions that a user must provide answers to while enrolling for the Password Reset process.
    • Type: integer
    • Default value: 5
    • Possible values: Integers that are greater than or equal to the number specified for the Number of security questions required during enrollment property (the num_reset parameter).
    Note: While attempting to verify identity, if a user answers a question incorrectly, the application refreshes with a random set of the specified questions in random order. You should, therefore, require more questions than specified for the Number of security questions required during enrollment property (the num_reset parameter).
    Note: You can override this property setting for a Password Reset process by configuring the num_enroll parameter. See Specify the number of required security questions.
    Password Reset SMS Code properties
    Maximum number of SMS codes sent for verification per day password_reset.sms.max_per_day
    Maximum number of SMS codes that are sent to a user within one 24-hour period. The 24-hour period begins when a user clicks Send Code.
    • Type: integer
    • Default value: 10 (per day)
    Note: You can override this SMS code property by adding the max_per_day parameter in the SMS code verification.
    Number of minutes before the user can attempt to send another SMS code for verification password_reset.sms.pause_window
    Time that must pass before another SMS code can be sent to a user.
    • Type: integer
    • Default value: 2 (minutes)
    Note: You can override this SMS code property by adding the pause_window parameter in the SMS code verification.
    Number of digits in the SMS code sent to the user password_reset.sms.default_complexity
    Number of characters required for a user to reset their password.
    • Type: integer
    • Default value: 4 (digits)

    You can override this SMS code property by adding the complexity parameter in the SMS code verification.

    Number of minutes before the SMS code expires password_reset.sms.expiry
    Time, in minutes, until the SMS code sent to the user expires.
    • Type: integer
    • Default value: 5 (minutes)
    Note: You can override this SMS code property by the expiry parameter in the SMS code verification.
    Password Reset Monitoring and Reporting properties
    Time interval, in minutes, for counting blocked users password_reset.activity_monitor.incident_window Time window to count the number of blocked users.
    • Type: integer
    • Default value: 60 (minutes)
    Number of blocked users, in the defined time interval, that triggers a system log event password_reset.activity_monitor.incident_threshold Number of blocked (or locked) users, within the specified time window, that triggers a system log event.
    • Type: integer
    • Default value: 10 (blocked users)
    Password Reset Style Sheet
    Style sheet to apply to end-user pages during the password reset process. password_reset.stylesheet Name of a custom CSS style sheet in the Style Sheet [content_css] table. You can use the default style sheet as a template for the custom style sheet. You cannot add element definitions to the style sheet.
    • Type: string
    • Default value: css_pwd_reset_default
    Email template for reminder emails password_reset.email_template_default Template to use to specify the subject and body of the email messages to remind users to enroll for the Password Reset process. For example:
    • [Subject] Reminder: Enroll in the Password Reset program
    • [Body] Click here to enroll for the password reset service.
    Note: You must create an email template in the password_reset table to use it as a reminder.
    • Type: string
    • Default value: email_template_default
    Note: Several components in the Self Service Password Reset (com.snc.password_reset) plugin and the Password Reset (com.glideapp.password_reset) plugin control the password reset flow. The following properties affect Password Reset, but do not appear on the Password Reset > Properties page:
    • You can add the glide.pwd_reset.onetime.token.validity property to the System Properties [sys_properties] table to specify the number of hours that the Password Reset token should be valid. Default: 12.
      Note: The setting for the password_reset.request.expiry property (time period during which a user must perform the Password Reset process) takes precedence over the setting for glide.pwd_reset.onetime.token.validity.

    Properties accessible from the System Properties [sys_properties] table:

    • For Password Reset on mobile devices, you can specify the URL that the user is taken to when user taps the Forgot password? button. See the glide.security.password_reset.uri property in High Security Settings . Default: /$pwd_reset.do?sysparm_url=ss_default
    • If glide.security.forgot_password.display.link is set to true, displays the Forgot Password? link on the login page.
Feedback