AD Password Reset when SSO is configured

Jay130
Kilo Contributor

Im looking to implement an AD password reset for a ServiceNow client.

User currently access their ServiceNow portal via SSO (ADFS).

So they access ServiceNow via an SSO link which logs them into ServiceNow.

But if they have forgotten their windows password, how can they access ServiceNow if ADFS cannot get their credentials?

 

With SSO configured they cannot login to ServiceNow to reset an AD password if they cant login to windows.

So is there a way that users can login to ServiceNow with a username and password and SSO. 

 

The whole reason why they want password reset is so they dont have to call the Helpdesk to change their AD password, but if they use SSO and forget their AD password they will prob have forgotten their ServiceNow password anyway and have that and the AD password reset by the helpdesk. Am i missing something here?

1 ACCEPTED SOLUTION

Great. Can you mark it answered, so that it will be useful for others?


Please mark this response as correct or helpful if it assisted you with your question.

View solution in original post

6 REPLIES 6

Carl Fransen1
Tera Guru

Hi Jay,

Check out the documentation here.  This allows the ability to change the password using SSO from the login screen itself, it uses Orchestration to do the actual reset.  This means they could use the URL on their phone. tablet or any device if they can't login to their workstation it can be done on their other devices.

Hope this helps.

Thanks Carl, 

But they cant use the SSO url unless they are connected to their network (logged into AD) as their adfs server is not accessible externally. So the SSO url would try to take any other device to the adfs server which is only accessible when logged in to the network.

Maybe im not understanding something here, but the users need to access the AD password reset functionality on ServiceNow, but at the moment the only way they can get in to serviceNow is by being logged in to AD and accessing the SSO link

We have SSO authentication enabled here and we can link to the ServiceNow instance from anywhere - it just won't log me in automatically if I'm on my home PC, but I can login manually as the ServiceNow instance speaks directly to your SSO provider.  This then also allow a passowrd to be reset as the Orchestration runs between ServiceNow and your SSO to perform the reset.

If you have a local URL to SSO than I don't think you have it setup correctly.  We are using the 'Multi-Provider SSO' module for this with a SAML2 authentication method and our provider is Microsoft Azure.  Check out this doco for the standard way of setting it up.

SanjivMeher
Kilo Patron
Kilo Patron

You need ServiceNow Orchestration to do that.

And there should be a separate link for them which should take them to the reset password page, which will allow them to enter the user name.

 

I think there is a page already which can directly take them to the password reset page and SSO wont redirect them since pwd_reset is a public page.

 

https://your-instance.service-now.com/nav_to.do?uri=%2F$pwd_reset.do%3Fsysparm_url%3Dss_default


Please mark this response as correct or helpful if it assisted you with your question.