Password Reset After XX Days

igeekforyou
Kilo Expert

‎01-05-2018 08:41 AM

This is an updated walkthrough since the following is no longer available, and was not ported to the Docs site: https://community.servicenow.com/external-link.jspa?url=http%3A//wiki.servicenow.com/index.php%3Ftit...

Scenario: Customer wants all users to have to reset their password every XX days (in my case, I use 90). Note, this solution is for local accounts accessed without SSO in play.

Solution: You will need

  • A custom date/time field called (Password Last Reset). I chose to make mine Read Only.
  • A Business Rule (to update the user record with that date/time when the password changes)
  • A Scheduled Job (to check to see if that date populated is older than 90 days).

Explanation: The business rule checks on update as to whether the user has changed their password. If so, the custom date/time field you created will be populated with the current date/time. The Scheduled Job (in my case) runs daily in the early AM to see if the date/time in that field is older than 90 days. If so, it will mark the record as "Password Needs Reset = true". This will prompt the user to reset their password upon next login.

Business Rule

12.png

13.png

Scheduled Job

14.png

Labels:
Preview file
10 KB
Preview file
17 KB
Preview file
29 KB
0 Helpfuls
  • 5,286 Views
10 REPLIES 10

Archana Reddy2
Tera Guru

‎06-07-2018 09:25 AM

Hi,

I have a requirement that requires a solution that you have explained in this post.

But, my concern was if running a Scheduled Job every day causes any issues(My Scheduled Job's condition may return true only around 10 times a year).

Running it daily is a good practice in my case or not?

Thanks in advance!

0 Helpfuls

Jeremy Duncan1
Kilo Contributor
In response to Archana Reddy2

‎06-07-2018 12:27 PM

Archana,

The solution above supports a business requirement that a user must reset their password every XX days. Let's say it's 90 days. Not every user will reset on the same day, therefore to ensure that you address each user as though they have reset on different days at different times, it would be necessary to run daily. I would say that it's ok to run this script daily. Set it for off-hours where your user table isn't seeing much activity. 

Archana Reddy2
Tera Guru
In response to Jeremy Duncan1

‎06-07-2018 01:05 PM

Thanks for the info. This helped me in clearing the doubt I had in mind.
0 Helpfuls

Edward Rosario
Mega Sage
Mega Sage
In response to Jeremy Duncan1

‎01-27-2022 08:16 AM

Hey Jeremy,

What if you want to do this but only for users with the admin role?

0 Helpfuls