Password Reset After XX Days

igeekforyou
Kilo Expert

‎01-05-2018 08:41 AM

This is an updated walkthrough since the following is no longer available, and was not ported to the Docs site: https://community.servicenow.com/external-link.jspa?url=http%3A//wiki.servicenow.com/index.php%3Ftit...

Scenario: Customer wants all users to have to reset their password every XX days (in my case, I use 90). Note, this solution is for local accounts accessed without SSO in play.

Solution: You will need

  • A custom date/time field called (Password Last Reset). I chose to make mine Read Only.
  • A Business Rule (to update the user record with that date/time when the password changes)
  • A Scheduled Job (to check to see if that date populated is older than 90 days).

Explanation: The business rule checks on update as to whether the user has changed their password. If so, the custom date/time field you created will be populated with the current date/time. The Scheduled Job (in my case) runs daily in the early AM to see if the date/time in that field is older than 90 days. If so, it will mark the record as "Password Needs Reset = true". This will prompt the user to reset their password upon next login.

Business Rule

12.png

13.png

Scheduled Job

14.png

Labels:
Preview file
10 KB
Preview file
17 KB
Preview file
29 KB
0 Helpfuls
  • 5,288 Views
10 REPLIES 10

Sumanth Now
Tera Expert

‎02-26-2019 05:37 AM

Hi @igeek

Thanks for your solution, however, it doesn't work if the user is already logged in?

I have tested with 60 secs instead of 90 days, and when I refresh after 60 secs, it doesn't ask me to reset. Only if I close that session and reopen, then it asks me to reset(though this is using Incognito window)

Any ideas?

Also with the same solution, can you advise how to send reminder notifications if it reaches 45 days(when expiry is 60 days)

 

Thanks,

Suman

0 Helpfuls

Kvark
Giga Expert
In response to Sumanth Now

‎05-30-2019 06:53 AM

terminate user session after check and set password should be change

0 Helpfuls

haydnwisegpc
Kilo Contributor
In response to Kvark

‎10-29-2019 06:43 PM

How do you achieve the session termination after a password expires?

0 Helpfuls

Kvark
Giga Expert
In response to haydnwisegpc

‎11-12-2019 06:45 AM

set a BR to check expiration field if its true then something like that:

var id = gs.getSessionID();
ar gr = new GlideRecord('v_user_session');
if (gr.get('session_id',id)) {
   gr.locked = true;
   gr.update();
}

 

0 Helpfuls

Rob Sestito
Mega Sage
In response to Kvark

‎12-20-2019 07:02 AM

Has this been tested and determined to work?

Should this BR be a Before or After?

Would we use v_user_session table or sys_user table?

When I try this script, I have an error that says "Parsing error: Unexpected token gr" - and I am unable to find why.

Would the ar gr = new GlideRecord('v_user_session'); part be a typo? Should it be var gr = new GlideRecord('v_user_session'); ?

Cheers!

-Rob

 

0 Helpfuls