Password Reset Enrollment

vamsisai · ‎10-12-2017

Hi All,

I'm trying to use the password reset application for that i created a new process and used email and QA verification types to identify the user, is there any way to force a user to enroll in password reset on first login so that user can answer the security questions and reset their password with out any error.

Thanks for your time on this.

Regards,

Vamsi.

vamsisai · ‎07-26-2021

Hello GB,

Please follow the below steps to force the user to answer the security questions.

1) Create a UI Page:

Page Name: enroll_page

HTML:

<?xml version="1.0" encoding="utf-8" ?>
<j:jelly trim="false" xmlns:j="jelly:core" xmlns:g="glide" xmlns:j2="null" xmlns:g2="null">
<span> 
<p> <h2> You must enroll in Password Reset Management before you can access ServiceNow. To enroll click on the enrollment URL. Answer the three security questions. If you have any questions please contact the Help Desk. </h2> </p> 
</span>
<a href="javascript:showLink();" >Click here to Enroll in Password Reset.</a>
</j:jelly>

Client Script:

function showLink()
{
var url = window.location.href;
  var str = url.split(".")[0];
 window.open(str+'.service-now.com/$pwd_enrollment_form_container.do','_parent');
}

2) Create a UI Script with the below code to call the script include to validate the logged In user.

addLoadEvent( function() {

if(window.frameElement){
if(window.frameElement.id == 'gsft_main'){
checkPreference();
}

}
});

function checkPreference() {
var ga = new GlideAjax('checkEnroll');
ga.addParam('sysparm_name','getQuestionsPopUp');
ga.getXML(showQuestionPopUp);
}


function showQuestionPopUp(response) {

var answer = response.responseXML.documentElement.getAttribute("answer");
var url = window.parent.location.href;


if(answer == 'false' && url.indexOf("login_cpw.do") <0){ //

var featwin = new GlideDialogWindow('enroll_page');
featwin.setTitle('Password Reset Enrollment');
featwin.setSize(700,500);
//remove the X in the upper right corner
featwin.removeCloseDecoration();
featwin.render();
//This fixes another color on the background behind the window and some opacity
$j('#grayBackground').css('opacity','0.90');
$j('#grayBackground').css('background-color','#130d06');
//Need this to make the whole glideDialogWindow to the same background as the ui page has.
$j('#newfeature table').css('background-color','#E4DBBF');
}



}

3) Create a script include to validate the logged in user in pwd_enrollment table.

Script Include: checkEnroll

var checkEnroll = Class.create();
checkEnroll.prototype = Object.extendsObject(AbstractAjaxProcessor, {

getQuestionsPopUp : function(){
var userEnrol = new GlideRecord('pwd_enrollment');
userEnrol.addQuery('user',gs.getUserID());
userEnrol.addQuery('status',1);
userEnrol.query();
while(!userEnrol.next())
{
return false ;
}
},


type: 'checkEnroll'
});

Before all the above steps please configure the password reset process as well.

Regards,

Vamsi

GB14 · ‎07-27-2021

Hello @vamsisai
Thank you very much for your response and for sharing the solution.

How and where the user will get the popup to enroll?

I added the above but not getting the message to enroll upon login.

The password reset process is already configured.

Any suggestions?

Thanks again

vamsisai · ‎07-27-2021

Hi GB,

Impersonate the user who is part of the password reset process. UI Script will get executed first and it'll call the script include to validate whether the impersonated user is already answered the security questions or not by checking in the "pwd_enrollment" table based on the return result to the UI Script pop up will appear to the user on initial login.

Regards,

Vamsi

GB14 · ‎07-27-2021

How is the UI script being called? Do I need anything else for the script to get executed?

it's not working for some reason and I have tested with a brand new user (not enrolled)

vamsisai · ‎07-27-2021

Can you please provide the image of password reset process and UI Script and Script include. Please add some logs in the script include and check whether script include is working or not.

Regards,

Vamsi