Servicedesk unlocking accounts

Lucien1 · ‎05-13-2014

Morning all,

So I am new to developing Service Now and this has been a VERY steep learning curve so if I say something wrong please don't think harsh thoughts

In our environment, SN receives permissions and new accounts from LDAP. This is great as Service-desk don't have to create accounts in SN and this is less admin work for them and was great for everyone until a few weeks ago where a change was put in place and has trickled down to Service Now.

Now this is where I come in. I have been asked to come up with a solution that does not impact security.

All new contractor accounts that get created are automatically put into a locked state. SN then import the new account into SN as locked. (The business wants it to stay like this)

After lots of persuading, management have agreed to allow Service-desk to have permissions to unlock the accounts. As I already have Admin (Dev environment only) when I come across an account when creating a ticket, (request or incident) I receive a nice popup asking me if I want to unlock their account.

What I want to find out is, is there a way that Service-desk can receive this popup and unlock accounts without having visibility of the "User Administration" field.

I hope some genius has done this before and can help with this

Thank you all.

Lucien1 · ‎05-13-2014

Hi Slava

Thanks for your help, was really useful and you are right, the popup is unique to this setup. I have just found it and it's a client script that has been added.

I have been able to get all this working on the Dev environment and as permissions are given from AD, I just need to update the groups accordingly.

Thank you again.

*** UPDATE ***

I have found a script that works and have put it on this Wiki, here is the link to it

Unlocking accounts in a call instead of going to User Administration

*** UPDATE ***

View solution in original post

Slava Savitsky · ‎05-13-2014

1. Make sure your Service Desk staff have access to Users [sys_user] table. By default, they should be able to access it using Callers link in the Service Desk menu section. If this is not the case, just add it.

2. If "Locked out" field is missing from the form, personalize the form accordingly.

3. Adjust access control rules to allow your service desk staff update this attribute.

As for the pop-up message, I have never seen it before in an out-of-box instance. It seems to be something specific to your implementation.

Blog: https://sys.properties | Telegram: https://t.me/sys_properties | LinkedIn: https://www.linkedin.com/in/slava-savitsky/

Lucien1 · ‎05-13-2014

Hi Slava

Thanks for your help, was really useful and you are right, the popup is unique to this setup. I have just found it and it's a client script that has been added.

I have been able to get all this working on the Dev environment and as permissions are given from AD, I just need to update the groups accordingly.

Thank you again.

*** UPDATE ***

I have found a script that works and have put it on this Wiki, here is the link to it

Unlocking accounts in a call instead of going to User Administration

*** UPDATE ***