Creating and sending password in Flow Designer

tom1111
Tera Contributor

Hi guys, 

i have a flow, where user can order item, than it goes to approval, and if its approved, new user should be created and the credentials for log in should be send to the user. Everything in the flow works perfectely, the only issue is password. If i add in ,,create user record,, action the password field, and add script to the field to auto generate random number, the password is generated. But when I put it in the ,,send email,, action, so i can send i to the user together with the Sys Id and he can log in, the ,,password,, looks like this in the email: ***********. I tried to add encrypting action, which i found, but it didn't work and the password was blank. Can please someone help me how can i solve it? I really spend so much time on it, but I am still not able to solve it. I can provide some detailed informations or screenshots, but now I have no idea what to add to this post. Thank you very much 

1 REPLY 1

pratikjagtap
Giga Guru

Hi @tom1111 ,

 

This issue occurs because ServiceNow automatically masks password fields (including auto-generated passwords) for security reasons. When you retrieve a password field from a user record, it is displayed as *********** to prevent exposure.

 

Solutions to Send the Password via Email

Use the "Send Notification" Action with One-Time Password Link

Instead of trying to send the password directly, use the Password Reset Module in ServiceNow.

  • When creating the user, leave the password blank.

  • In the "Send Email" action, include a password reset link instead of the password itself.

  • The user will receive an email to set their own password securely.

Example URL for password reset (modify as needed):

https://your-instance.service-now.com/password_reset.do?sys_id=<User_Sys_ID>

 

Store Password in a Temporary Field (Not Recommended for Security Reasons)

If you absolutely must send the password via email (which is not best practice):

  • Store the generated password in a custom, non-password field (e.g., u_temp_password).

  • Use that field in the email body instead of the actual password field.

  • Make sure to clear the u_temp_password field after sending the email to maintain security.

Use a Business Rule to Capture and Store the Password Temporarily

  • Write a Business Rule that triggers after the user creation and stores the generated password in a secure way (e.g., a temporary table).

  • Retrieve this stored value for the email.

  • Ensure the password gets deleted after the email is sent.

Use Scripted Email Notification (Advanced)

If you are scripting the email notification, try storing the generated password in a variable before inserting it into the user record, then pass that variable into the email body instead of pulling it from the record.

 

If this solution helps you then, mark it as accepted solution ‌‌✔️ and give thumbs up 👍 !

 

Regards,

Pratik