Hi Community,
I am configuring the Password Reset process using the "Local ServiceNow Instance" Credential Store type. I have a question regarding the logic of password validation when no specific policy is selected.
Current Configuration:
Credential Store Type: Local ServiceNow Instance
Password policy field: Left Empty (Blank).
Enable password policy checkbox: Checked.
System Property: glide.enable.password_policy is set to true.
Observation:
Even though the "Password policy" field is empty on the Credential Store record, when I test the Password Reset flow, the UI still enforces specific complexity rules (e.g., Minimum 8 characters, at least 1 uppercase, 1 digit, etc.).
My Question:
Since the policy field is empty, what is the standard fallback behavior for the Local ServiceNow Instance credential store?
Does it automatically default to the record named "Default" in the Password Policies table (sys_password_policy)?
Or is it pulling these rules from somewhere else?
I noticed glide.enable.password_policy is true, which suggests the sys_password_policy table is being used, but I want to confirm the hierarchy when the specific field is left blank.
Any official documentation or explanation on this fallback logic would be appreciated.
Thanks!
