Find your people. Pick a challenge. Ship something real. The CreatorCon Hackathon is coming to the Community Pavilion for one epic night. Every skill level, every role welcome. Join us on May 5th and learn more here.

password_needs_reset Expiry

Go to solution
Wade Clairmont
Tera Guru

‎02-17-2015 09:39 AM

Anyone how there have a script that they would like to share that checks the user table on a regular basis, and expires "password_needs_reset"?

Our Audit team requires us now to provide a 7 day window after the password_needs_reset is updated to true.   After that time expires, we now are required to auto-reset that field to false, forcing the user to call the service desk for another password reset.

Any help would be appreciated.

Thanks,

Wade

Labels:
0 Helpfuls
  • 2,139 Views
1 ACCEPTED SOLUTION

Go to solution
Zach Biewend1
Giga Expert

‎02-17-2015 11:38 AM

First add a Date field to sys_user table called 'u_password_needs_reset_date', or something.




Second, create a Business Rule on the same table (on update, before) like this: 




if ( current.password_needs_reset == false )



         current.u_password_needs_reset_date = '';



else



         if ( current.u_password_needs_reset_date != '' )



                   current.u_password_needs_reset_date = gs.now();


Third, create a Scheduled Job that executes a script periodically (probably every night):



var user = new GlideRecord('sys_user');



user.addQuery('active', true);



user.addQuery('password_needs_reset', true);



user.query();






while ( user.next() ) {



         if ( user.u_password_needs_reset_date < gs.daysAgo(7) ) {



                   user.password_needs_reset = false;



                   user.locked_out = true;



                   user.u_password_needs_reset_date = '';



                   user.update();



         }



}


I haven't built and tested this but it should work. (be sure to test it to make sure it doesn't mass lock out your users...)


View solution in original post

0 Helpfuls
6 REPLIES 6

Go to solution
Zach Biewend1
Giga Expert

‎02-17-2015 09:55 AM

It sounds like you want to set locked_out to TRUE if password_needs_reset is TRUE for 7 days?


0 Helpfuls

Go to solution
Wade Clairmont
Tera Guru
In response to Zach Biewend1

‎02-17-2015 10:23 AM

Sure what ever works.... is there a script or other than I can use? Or that you know of?


0 Helpfuls

Go to solution
Zach Biewend1
Giga Expert

‎02-17-2015 11:38 AM

First add a Date field to sys_user table called 'u_password_needs_reset_date', or something.




Second, create a Business Rule on the same table (on update, before) like this: 




if ( current.password_needs_reset == false )



         current.u_password_needs_reset_date = '';



else



         if ( current.u_password_needs_reset_date != '' )



                   current.u_password_needs_reset_date = gs.now();


Third, create a Scheduled Job that executes a script periodically (probably every night):



var user = new GlideRecord('sys_user');



user.addQuery('active', true);



user.addQuery('password_needs_reset', true);



user.query();






while ( user.next() ) {



         if ( user.u_password_needs_reset_date < gs.daysAgo(7) ) {



                   user.password_needs_reset = false;



                   user.locked_out = true;



                   user.u_password_needs_reset_date = '';



                   user.update();



         }



}


I haven't built and tested this but it should work. (be sure to test it to make sure it doesn't mass lock out your users...)


0 Helpfuls

Go to solution
Zach Biewend1
Giga Expert
In response to Zach Biewend1

‎02-19-2015 06:32 PM

Any luck with this?


0 Helpfuls