How to auto-login after the password reset has been done by user?

rubesh_u · 3 weeks ago

In the External User-Self registration plugin. After when the user resets the password is redirecting to the home (or) login page and the user is not logged-in. How to auto login the user after when the user click "Reset Password" button.

Animesh Das2 · 3 weeks ago

Hi @rubesh_u ,

It is as per best practice across every online portal, the user has to login with the new credential after password reset is done. Actually setting password(while password reset) and validating password (while login) are completely two different events.

When you reset password system validates your old password and update that with the new one after. However, when you login system just validate the password you entered with the one system has in database against your username.

I don't think this is feasible as per the best security practice across any online portal.

If this address your question, please don't forget to mark this response correct by clicking on Accept as Solution and/or Kudos.

You may mark this helpful as well if it helps you.

Thanks,

Animesh Das

View solution in original post

kaushal_snow · 3 weeks ago

Hi @rubesh_u ,

In the External User Self registration plugin, once a user resets their password, ServiceNow intentionally does not auto authenticate them. This separation of actions upholds security best practices:

The password reset process verifies the user’s identity and updates credentials.
Logging in, however, is a separate action that requires validation to ensure authenticity and maintain session security......

Automatically logging in bypasses important verification steps and can expose vulnerabilities especially in scenarios where security and compliance are critical....

If you found my response helpful, please mark it as ‘Accept as Solution’ and ‘Helpful’. This helps other community members find the right answer more easily and supports the community.

Thanks and Regards,
Kaushal Kumar Jha - ServiceNow Consultant - Lets connect on Linkedin: https://www.linkedin.com/in/kaushalkrjha/

View solution in original post

Animesh Das2 · 3 weeks ago

Hi @rubesh_u ,

It is as per best practice across every online portal, the user has to login with the new credential after password reset is done. Actually setting password(while password reset) and validating password (while login) are completely two different events.

When you reset password system validates your old password and update that with the new one after. However, when you login system just validate the password you entered with the one system has in database against your username.

I don't think this is feasible as per the best security practice across any online portal.

If this address your question, please don't forget to mark this response correct by clicking on Accept as Solution and/or Kudos.

You may mark this helpful as well if it helps you.

Thanks,

Animesh Das

kaushal_snow · 3 weeks ago

Hi @rubesh_u ,

In the External User Self registration plugin, once a user resets their password, ServiceNow intentionally does not auto authenticate them. This separation of actions upholds security best practices:

The password reset process verifies the user’s identity and updates credentials.
Logging in, however, is a separate action that requires validation to ensure authenticity and maintain session security......

Automatically logging in bypasses important verification steps and can expose vulnerabilities especially in scenarios where security and compliance are critical....

If you found my response helpful, please mark it as ‘Accept as Solution’ and ‘Helpful’. This helps other community members find the right answer more easily and supports the community.

Thanks and Regards,
Kaushal Kumar Jha - ServiceNow Consultant - Lets connect on Linkedin: https://www.linkedin.com/in/kaushalkrjha/