Password Reset Application

Go to solution
Jim Coyne
Kilo Patron

‎08-13-2014 08:23 PM

Anyone try using the new Password Reset application in Dublin / Eureka?   I was wondering how easy it is to integrate with AD.   How long did it take to get up and running?   Pros?   Cons?   Any hidden issues?

 

I'm also wondering if the "Password Reset - Orchestration Add-on" requires the Orchestration plugin as well.   I would assume so, the wiki does not explicitly say so, but I don't like to assume anything with SN licensing anymore.  

 

Thanks

Jim

Labels:
0 Helpfuls
  • 8,816 Views
1 ACCEPTED SOLUTION

Go to solution
TrevorK
Kilo Sage

‎08-19-2014 01:30 PM

One of the challenges we found with the AD Password Reset is that, using the built-in ServiceNow workflow items, the account needed to be a Domain Administrator (which our AD Team would not allow).   We ended up having to develop our own powershell command to do the password reset on the MID Server, rather than using the SN way of calling out to the DC. Not hard, but frustrating. It appears that those who do Discovery had the same sort of issues when I did a search at the time.



You can do the AD Password Reset without Orchestration as far as I recall when you write your own commands to work with the Powershell probe on the MID Server. We had to do this and I seem to recall thinking that it is a loophole or something, because you can write everything through the MID Server without much trouble.



One other thing we also found is that the ServiceNow SMS feature did not text to phone number, it texted to 11122233333@att.com, and thus required the carrier information to be present. We ended up just coding a call to Twilio, which was easy enough, and it handles the text to phone number (as our phone numbers sync from an external system).



We really found it was shoe-horning ServiceNow into a world where we could perform the tasks we need much better without ServiceNow (we need to share data with ERPs), and just use a web service to feed the data into ServiceNow about what is being done (failed attempts, successful attempts, etc). I also seem to recall that SN had a Password Reset app (above and beyond Orchestration) but you paid a monthly fee for each user in your system, and with 180,000+ users, that was not going to work too well for us.



I am using words like "I recall" and a lot of past tense because we are going a different route for password reset. But I have it all developed (without the use of Orchestration workflow items even though we have Orchestration) and such in our instance to demo the functionality of it.



Oh - I should also state I have only used this in Dublin/Calgary, not Eureka. We do not have that loaded yet.



Hopefully that helps. As you can tell, sometimes I ramble on too much.


View solution in original post

36 REPLIES 36

Go to solution
No NaME
Mega Guru
In response to moses5

‎03-13-2017 08:11 PM

Hi moses,



Is it possible that you can share the implementation document for this activity(password reset- AD orchestration).


Go to solution
moses5
Kilo Expert
In response to No NaME

‎03-14-2017 04:13 AM

Hi Munish,



We pretty much followed the details documented in the here.



- Your MID server: the account to use would need to have rights to reset password in your AD, and must be able to run the MID Server service on the MID server


- Your Verification Method: You have a choice of 4 OOB, If you are going to use SMS, check out the Notify application. You may also want to consider additional verification method. Take a look at the Multi factor authentication


- We also implemented the reset on Windows Systems



If I can give any advise, it will be that you setup a Test environment to mimic your production environment, DO NOT test this on your production environment. Set up a MID server in this environment and connect the MID Server, ServiceNow Dev instance and your AD together. Test, Test and Test :-). Good luck. Happy to help if you have any specific questions.



Regards



Moses


Go to solution
No NaME
Mega Guru
In response to moses5

‎03-14-2017 09:06 PM

Thanks Moses!



I am going to implement this in test environment. Shall seek assistance if I got stuck in between.



Thanks!


Go to solution
sandeep p1
Mega Expert
In response to moses5

‎06-19-2018 12:35 PM

Hi Moses,

I have a question on the enrollment page. Any help is greatly appreciated.

In the enrollment page,if the verification types are not mandatory, it allows you to submit the page & confirms that the enrollment is successful even though none of the verification is enrolled.

Is there a way that we can have an alert pop up when a user does not enroll in any of the non mandatory verification types ?

We basically wanted the end user to choose at least one verification to enroll.

 

Thanks!

0 Helpfuls

Go to solution
rachelmcdaniels
Kilo Contributor
In response to TrevorK

‎09-09-2015 04:53 AM

Hi Trevor,



When sending a code to email, did you create a separate verification type?   I am trying to send a verification code to email and am having issues with UI macro and processor.