The Password Reset application
enables an end user to reset or change a password using a self-service process. Alternatively,
your organization can implement a process that requires a service desk agent to reset
passwords for end users.
Watch the video: Introducing Password Reset (video)
Password Reset processes
Users
with the password_reset_admin role configure how the process of resetting a password works for
an end user.
- Self-service process: Users reset passwords over the Internet
using a browser on any supported interface, including mobile devices.
- Service desk-assisted process: A user requests the assistance of
a service desk agent, over the phone or in person. Users do not reset passwords.
Elements of a password reset process
You configure the following elements of the process for your organization:
- A connection to the credential store for your organization where user credentials (like
username/password) are securely stored.
- One or more user groups on the ServiceNow instance that can use the
password reset process.
- The type of identification that users must enter to identify themselves
(typically username or email address).
- One or more verifications — methods to verify the identity of the user.
Examples:
- Answer a question that only the user knows how to answer — the QA
Verification (based on the Security Question
verification type).
- Enter a code number that was emailed to the user — the Email
verification.
- Enter a code number that was texted to a mobile device — the SMS
verification.
- Enter a code number that appears on the Google Authenticator app on a mobile device
— the Google Authenticator
verification.
How you implement a password reset process
- Plan your implementation: Ensure that all applicable organizational guidelines, security
policies, and areas of the organization are considered.
- Set up the elements of the password reset and password change processes according to the
plan:
- Connection to the credential store.
- User groups that will use the password reset process.
- Identification type to use.
- Verifications to use.
- In the service desk-assisted model, assign service desk agents to monitor and reset
passwords as needed.
- Monitor password reset activity to identify security threats and to ensure compliance
with the password policy requirements of your organization.
Password Reset Windows Application
If a user forgets the password or gets locked out of a Windows computer, the user can reset
the password directly from the Windows login screen. The user clicks the Forgot
Password? link and is then guided through the process of resetting the
password. To learn more, see Password Reset Windows Application.
Password Change application
The Password Change
application extends the Password Reset
application by letting admins define how users change their passwords. Only a self-service
process is supported and an admin must publish the URL to the password change form.
- The user logs in to the instance and then selects the Change
Password module or link from the user profile
record. Password change is
supported on mobile devices.
- On the Change Password page, the user selects the credential
store where the password resides.
- The user enters the old password and then enters and confirms a new password.
- Workflows validate the old password and then implement the new password.
- The system notifies the user that the password was changed.