Re: Password Reset Plug-In Auto-Enrollment

esioson · ‎06-05-2014

Reaching out to the ServiceNow community to see if anyone has run into the same problem and how they have addressed it. Thanks very much in advance!

Scenario:

My users/customers of ServiceNow are our external customers, NOT internal users within our company. I have LDAP integration already enabled for the internal users of my company. For my users/customers, I have activated the Password Reset plug-in and configured it so that the process uses the QA verification. I have 3,000 customers that have the potential of NOT remembering their password and I don't want to have to shoulder my Support group to have to take incoming incidents just to reset their password.

I've made the Reset Password form available off a link on the Login page so that my customers can get to it from here to reset their password. I followed the wiki article noted here: Password Reset - ServiceNow Enterprise Wiki. Again, everything works, EXCEPT, I'm missing a step somewhere although I've checked off auto-enrollment. How do I auto-enroll all of my users/customers?

I know how to manually enroll users, however, I don't want to manually enroll 3,000 users. The plug-in provides a check-box that you can check to select to auto-enroll, however, it doesn't look to do anything. The ONLY reference to auto-enrollment in the wiki article is this one sentence: "Users who have not been auto-enrolled in a password reset program must go through an enrollment procedure". However, the missing piece is the HOW TO auto-enroll your users. Without a user being enrolled, they cannot use the password reset option. What I have set up currently is when the user goes to password reset page, it does a validation against the User table to validate that their email/user ID exists. It then asks them to type in the captcha value into a field. At this point, once "enrolled", they'll be prompted to answer the security questions and if they answer correctly, it will proceed to allow them to reset their password. Again, my problem isn't that the feature doesn't work. My problem is getting everyone "auto-enrolled" so that they can use it.

Has anyone done this before that can share how they did it? Many many thanks!

I have already combed through ALL of the articles, dicussions, etc. that exist in the community that have any reference to "password reset", "auto-enroll", "password" and have read through all of them and there is nothing in anything that currently exists today and it doesn't. Once I have this piece identified on how to do it, I'll post the information in the Community for reference to anyone else that may run into this same issue.

Thanks!

esioson · ‎06-05-2014

Answering my own question :-). The auto-enroll isn't something that is sent out via notification. When this is selected, it can be activated as a module. You'll need to handle communications to your users that you want them to enroll in the Password Reset; module will be visible to them from the menu. When they select this, they will in turn be walked through the process that you set up for Password Reset whether it is Security Questions and/or SMS, etc.

Something to not though is that by default, the plug-in has the Password Reset Request locked value set to "True" which means that each time they reset their password via this method, it "locks" them and they can't reset their password again. To change this value, update the locked field found in the pwd_reset_user_lockout table.

View solution in original post

esioson · ‎06-05-2014

Answering my own question :-). The auto-enroll isn't something that is sent out via notification. When this is selected, it can be activated as a module. You'll need to handle communications to your users that you want them to enroll in the Password Reset; module will be visible to them from the menu. When they select this, they will in turn be walked through the process that you set up for Password Reset whether it is Security Questions and/or SMS, etc.

Something to not though is that by default, the plug-in has the Password Reset Request locked value set to "True" which means that each time they reset their password via this method, it "locks" them and they can't reset their password again. To change this value, update the locked field found in the pwd_reset_user_lockout table.

prashantdaruka · ‎06-25-2014

Hi Ernadel,

I am also trying something similar. I have activated the password reset plugin and defined a process. Every thing seems to be working fine. The only problem I am facing is that the user is not prompted to Reset the password after the first log on with the new password. The option of "User Must Reset Password" is also true on the Process.

Do let me know regarding the issue if you have any solution.

Regards,

Prashant

esioson · ‎06-25-2014

Hi Prashant:

Without knowing all of the details, these are just a few things that come to mind -

1.) If you've got LDAP integration working, the password reset won't be applicable.

2.) The password reset is only applicable to if you are using the SN local instance as the "security store", meaning, user accoutns and passwords are stored within the local instance itself. If your accounts are LDAP integrated, the password will be dependent upon your AD integration, therefore, user will be unable to change.

Hope this helps. Again, not really sure if the user you are experiencing this with is a local user account on the SN instance which would explain why you are unable to reset the password OR it is a user account that is LDAP integrated.

prashantdaruka · ‎06-25-2014

Hi Ernadel,

I am using an AD account for this configuration, I am able to change the password of the users in the Active Directory also through the Password Reset plugin on ServiceNow. The only problem I am facing is that after a new password is generated, there is no prompt for changing my password on the first login. So in the end I have to use the password generated by the system. Whereas I want to use a password which I select.

Is there a process wherein I can change my password after first login with the new password.

Regards,

Prashant