You create a Password Reset credential store record to configure access to your credential store server while a user is changing or resetting a password. In addition to host connection information, you can specify the password hints that users should see, restrictions on password reuse, the allowed number of failed reset attempts, and other settings.

1. Navigate to Password Reset > Credential Stores.
2. Select one of the following sample credential stores:
   • Local ServiceNow Instance credential store.
   • Remote (SOAP) ServiceNow credential store (installed with the Orchestration Add-on).
3. Enter a unique and meaningful Name and Description, and then fill in the form.

   Type	Type of credential store that you are connecting to. A ServiceNow credential store type is a template that provides the required set of capabilities for a particular kind of credential store. Credential stores inherit the functionality of the credential store type. Note: For an AD credential store, skip this procedure and see Integrate Password Reset with your Active Directory service. The Password Reset Windows Application supports only AD credential stores.
   Auto-generate password	Script include that generates a temporary password for use during the reset process. If you select the Enforce history policy check box, then you must specify a value for Auto-generate password.
   Enforce history policy	Appears only if you select a credential store Type of AD Credential Store or Local ServiceNow Instance. For information on configuring the setting for an AD credential store, see Configure the connection to an AD credential store. Select the Enforce history policy check box to ensure that users do not reuse passwords. For example, you might configure the history policy to not allow the user to reuse any of the previous 10 passwords. Follow this procedure: Select the Enforce history policy check box. In the Password Reset Credential Store Parameters related list, create a password_history_limit parameter. Set the value of the parameter to the number of previous passwords that cannot be used (maximum 10). The default value of 0 (zero) enables use of any previous password.
   Hostname	URL or IP address of the credential store.
   User account lookup	Script include that maps the user ServiceNow platform ID to the user credential store ID. A default script, PwdDefaultUserAccountLookup, returns the user ServiceNow platform user name.
   Password rule hint	Specify the text that appears on the password reset page to help the user to create a password that meets all requirements. The Password rule script enforces the requirements. Note: The Password Reset Windows Application supports newline characters in the hint. Other formatting is not supported (bold, underline, hyperlink, and so on).
   Password rule	Specify the client script that validates the new password that the user enters. The script is invoked when the user enters a new password and clicks Password Reset. You can use the script to enforce password strength/complexity requirements.
   Enable Password Strength	Select the check box to: Display the text box for the Strength rule script so you can update the script. Display the graphical Password Strength bar to the user while the user changes or resets the password. Note: The Password Reset Windows Application does not support Password Strength.
   Strength rule	This text box appears only if you select Enable Password Strength. Specify the client script that calculates the strength/complexity of the password that the user enters. The script is invoked when the user begins to enter a new password during the reset process. Default settings: Selected for local ServiceNow credential stores Not selected for other credential stores Note: To guide the user during the reset process, the system displays a graphical bar labeled Password Strength under the New password field. Note: The Password Reset Windows Application does not support Password Strength.

4. Click Submit.
5. If you use the Local ServiceNow Instance credential store and you selected the Enforce history policy check box, then follow these steps:
   1. Open the Password Reset process that is associated with the credential store: Password Reset > Processes.
   2. On the Password Reset Details tab of the Password Reset Process form, clear the Auto-generate password check box and then save the process definition.
6. Test the connection to the credential store.