- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-27-2018 01:02 PM
Im looking to implement an AD password reset for a ServiceNow client.
User currently access their ServiceNow portal via SSO (ADFS).
So they access ServiceNow via an SSO link which logs them into ServiceNow.
But if they have forgotten their windows password, how can they access ServiceNow if ADFS cannot get their credentials?
With SSO configured they cannot login to ServiceNow to reset an AD password if they cant login to windows.
So is there a way that users can login to ServiceNow with a username and password and SSO.
The whole reason why they want password reset is so they dont have to call the Helpdesk to change their AD password, but if they use SSO and forget their AD password they will prob have forgotten their ServiceNow password anyway and have that and the AD password reset by the helpdesk. Am i missing something here?
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-28-2018 01:04 PM
Great. Can you mark it answered, so that it will be useful for others?
Please mark this response as correct or helpful if it assisted you with your question.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-27-2018 01:05 PM
Hi Jay,
Check out the documentation here. This allows the ability to change the password using SSO from the login screen itself, it uses Orchestration to do the actual reset. This means they could use the URL on their phone. tablet or any device if they can't login to their workstation it can be done on their other devices.
Hope this helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-27-2018 01:14 PM
Thanks Carl,
But they cant use the SSO url unless they are connected to their network (logged into AD) as their adfs server is not accessible externally. So the SSO url would try to take any other device to the adfs server which is only accessible when logged in to the network.
Maybe im not understanding something here, but the users need to access the AD password reset functionality on ServiceNow, but at the moment the only way they can get in to serviceNow is by being logged in to AD and accessing the SSO link

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-27-2018 01:24 PM
We have SSO authentication enabled here and we can link to the ServiceNow instance from anywhere - it just won't log me in automatically if I'm on my home PC, but I can login manually as the ServiceNow instance speaks directly to your SSO provider. This then also allow a passowrd to be reset as the Orchestration runs between ServiceNow and your SSO to perform the reset.
If you have a local URL to SSO than I don't think you have it setup correctly. We are using the 'Multi-Provider SSO' module for this with a SAML2 authentication method and our provider is Microsoft Azure. Check out this doco for the standard way of setting it up.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-27-2018 04:16 PM
You need ServiceNow Orchestration to do that.
And there should be a separate link for them which should take them to the reset password page, which will allow them to enter the user name.
I think there is a page already which can directly take them to the password reset page and SSO wont redirect them since pwd_reset is a public page.
https://your-instance.service-now.com/nav_to.do?uri=%2F$pwd_reset.do%3Fsysparm_url%3Dss_default
Please mark this response as correct or helpful if it assisted you with your question.