Update Password Action in Flow Designer

Geoff_T · ‎08-27-2020

I'm looking at triggering a flow from a catalog item. The aim is to reset user password. User submits catalog request with new password, trigger the flow and run the Update Password action.

This action only accepts a 'password2 type pill' which doesn't exist as a variable type in a catalog request.

Is this catalog solution possible?

Andrew Albury-D · ‎09-03-2020

Hi Geoff,

This is definitely doable! You might need to create a new custom action which converts a string (the input from the catalog item) into a Password2 type field. Luckily, I've whipped one of these up already! Here's one I prepared earlier:

Input of a string:

script step to encrypt it:

Output items to pills:

IN this case I've opted to output it as both a password2 and plaintext, in case you wanted to email it, but it might be worth adding a "true/false" input to show plaintext or not, and checking that in your script.

Remember, anything where you save a password is inherently unsafe, and this will write the passwords to a flow context which will be accessible by anyone with read access to flows.

Hope that helps,

Andrew

View solution in original post

Andrew Albury-D · ‎09-03-2020

Hi Geoff,

This is definitely doable! You might need to create a new custom action which converts a string (the input from the catalog item) into a Password2 type field. Luckily, I've whipped one of these up already! Here's one I prepared earlier:

Input of a string:

script step to encrypt it:

Output items to pills:

IN this case I've opted to output it as both a password2 and plaintext, in case you wanted to email it, but it might be worth adding a "true/false" input to show plaintext or not, and checking that in your script.

Remember, anything where you save a password is inherently unsafe, and this will write the passwords to a flow context which will be accessible by anyone with read access to flows.

Hope that helps,

Andrew

Geoff_T · ‎09-03-2020

Thanks for the response Andrew; makes perfect sense.

One last question if I can bounce it off you.. any suggestions on how I could use the Update Password action to update passwords in lower environments - having submitted the catalog request in Prod? I could just call the user table and update the password with a table api call. If I could handle this with the in built action however i'd prefer that.

Thanks for the help!

NStefanisko · ‎05-12-2022

Corollary: If the input is a Masked value, it is not necessary to base64 encode it before passing to the password2 output variable.

Hitoshi Ozawa · ‎09-03-2020

I haven't tested this, but probably would do the following.

Since it's a password, I would use type "Masked" as the variable type in the catalog item to avoid security risk. I think this is "Mask Code" type in Flow Designer.

Check the following page on using "Masked" in Service Catalog.

https://hi.service-now.com/kb_view.do?sysparm_article=KB0681163

Would need to create a custom Action to convert Masked to Password2. Probably would use GlideEncrypter.encrypt().

https://developer.servicenow.com/dev.do#!/reference/api/orlando/server_legacy/GlideEncrypterAPI#Glid...