password_needs_reset Expiry

Go to solution
Wade Clairmont
Tera Guru

‎02-17-2015 09:39 AM

Anyone how there have a script that they would like to share that checks the user table on a regular basis, and expires "password_needs_reset"?

Our Audit team requires us now to provide a 7 day window after the password_needs_reset is updated to true.   After that time expires, we now are required to auto-reset that field to false, forcing the user to call the service desk for another password reset.

Any help would be appreciated.

Thanks,

Wade

Labels:
0 Helpfuls
  • 1,423 Views
1 ACCEPTED SOLUTION

Go to solution
Zach Biewend1
Giga Expert

‎02-17-2015 11:38 AM

First add a Date field to sys_user table called 'u_password_needs_reset_date', or something.




Second, create a Business Rule on the same table (on update, before) like this: 




if ( current.password_needs_reset == false )



         current.u_password_needs_reset_date = '';



else



         if ( current.u_password_needs_reset_date != '' )



                   current.u_password_needs_reset_date = gs.now();


Third, create a Scheduled Job that executes a script periodically (probably every night):



var user = new GlideRecord('sys_user');



user.addQuery('active', true);



user.addQuery('password_needs_reset', true);



user.query();






while ( user.next() ) {



         if ( user.u_password_needs_reset_date < gs.daysAgo(7) ) {



                   user.password_needs_reset = false;



                   user.locked_out = true;



                   user.u_password_needs_reset_date = '';



                   user.update();



         }



}


I haven't built and tested this but it should work. (be sure to test it to make sure it doesn't mass lock out your users...)


View solution in original post

0 Helpfuls
6 REPLIES 6

Go to solution
Wade Clairmont
Tera Guru
In response to Zach Biewend1

‎02-20-2015 05:38 AM

I created the field, populated on password reset = true, created the BR, and the scheduled job, but it does not seem to lock the record when the job runs every morning.   I will do a little more investigation, and hopefully find the reason why there was no lock on expiry.



Thanks for checking in.


0 Helpfuls

Go to solution
Wade Clairmont
Tera Guru
In response to Zach Biewend1

‎02-20-2015 05:50 AM

Well success, seems that my schedule was a little out of alignment.   Now sure how I created the job the first time, but I deleted, recreated, and executed, success!



Thank you so much for your assistance, I really appreciate it!


0 Helpfuls