How does password reset works for users with multiple accounts in one domain?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tuesday
How does password reset works for users with multiple accounts in one domain?
User is using different username
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tuesday
Hi there!
The process depends entirely on how your Identity Provider (IdP) like Active Directory or Azure AD is configured.
Common Scenario (Active Directory):
Self-Service Password Reset (SSPR) Portal: The user goes to the SSPR portal (e.g., Microsoft's password reset page).
Identity Discovery: The user enters one identifier, which is usually their primary email address or mobile number that is registered with their account.
Account Selection: The IdP searches the directory. If the same email/phone is linked to multiple user accounts in the same domain, the IdP will typically present a list of those accounts to the user.
User Action: The user must select the specific account for which they want to reset the password.
Verification & Reset: The standard verification process (via email, SMS, security questions) continues for the selected account, and the password is reset only for that specific username.
Key Point: The user does not reset the password for all accounts at once. They must reset it for each account individually, and the IdP uses the shared contact information (email/phone) to discover and let them choose the correct account.
Admin Note: Having multiple accounts with the same contact information can cause confusion. It's often better to clean up or consolidate accounts for a smoother user experience.
Hope this helps!
Thanks & Regards,
Muhammad Iftikhar
If my response helped, please mark it helpful & accept the solution so others can benefit as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tuesday
THanks Muhammad for your response.
In my case, I am using the OOB spoke for Reset User Password. This spoke grab the userID from the user record in ServiceNow. What if the user ID is different?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 hours ago
Hi JLeong,
Great question! For ServiceNow's OOB Reset User Password spoke, here's how it works with multiple accounts:
How it handles different User IDs:
The spoke uses the user_id field from each user record as the unique identifier
If the same person has multiple accounts with different user_id values, each account is treated separately
The password reset process will need to be run individually for each user_id
Example Scenario:
If John Doe has two accounts:
Account 1: user_id = johndoe
Account 2: user_id = johndoe_admin
The spoke will reset passwords for these as two completely separate users, even if they have the same email address.
Best Practice Tip:
To avoid confusion, it's better to consolidate duplicate accounts or establish a clear naming convention when multiple accounts are necessary.
Hope this helps!
Thanks & Regards,
Muhammad Iftikhar
If my response helped, please mark it helpful & accept the solution so others can benefit as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
an hour ago
So that means we need create user record for each account? That will mess up the user table.
When users create an incident they will see multiple records of them, correct?
