Find your people. Pick a challenge. Ship something real. The CreatorCon Hackathon is coming to the Community Pavilion for one epic night. Every skill level, every role welcome. Join us on May 5th and learn more here.

password_needs_reset Expiry

Go to solution
Wade Clairmont
Tera Guru

‎02-17-2015 09:39 AM

Anyone how there have a script that they would like to share that checks the user table on a regular basis, and expires "password_needs_reset"?

Our Audit team requires us now to provide a 7 day window after the password_needs_reset is updated to true.   After that time expires, we now are required to auto-reset that field to false, forcing the user to call the service desk for another password reset.

Any help would be appreciated.

Thanks,

Wade

Labels:
0 Helpfuls
  • 2,147 Views
1 ACCEPTED SOLUTION

Go to solution
Zach Biewend1
Giga Expert

‎02-17-2015 11:38 AM

First add a Date field to sys_user table called 'u_password_needs_reset_date', or something.




Second, create a Business Rule on the same table (on update, before) like this: 




if ( current.password_needs_reset == false )



         current.u_password_needs_reset_date = '';



else



         if ( current.u_password_needs_reset_date != '' )



                   current.u_password_needs_reset_date = gs.now();


Third, create a Scheduled Job that executes a script periodically (probably every night):



var user = new GlideRecord('sys_user');



user.addQuery('active', true);



user.addQuery('password_needs_reset', true);



user.query();






while ( user.next() ) {



         if ( user.u_password_needs_reset_date < gs.daysAgo(7) ) {



                   user.password_needs_reset = false;



                   user.locked_out = true;



                   user.u_password_needs_reset_date = '';



                   user.update();



         }



}


I haven't built and tested this but it should work. (be sure to test it to make sure it doesn't mass lock out your users...)


View solution in original post

0 Helpfuls
6 REPLIES 6

Go to solution
Wade Clairmont
Tera Guru
In response to Zach Biewend1

‎02-20-2015 05:38 AM

I created the field, populated on password reset = true, created the BR, and the scheduled job, but it does not seem to lock the record when the job runs every morning.   I will do a little more investigation, and hopefully find the reason why there was no lock on expiry.



Thanks for checking in.


0 Helpfuls

Go to solution
Wade Clairmont
Tera Guru
In response to Zach Biewend1

‎02-20-2015 05:50 AM

Well success, seems that my schedule was a little out of alignment.   Now sure how I created the job the first time, but I deleted, recreated, and executed, success!



Thank you so much for your assistance, I really appreciate it!


0 Helpfuls