Setup ServiceNow Password Policy to not contain username when user configures new password

paatmarquez — Thu, 17 Nov 2022 16:53:15 GMT

Hello,

I am new in exploring ServiceNow's password reset application. Although my organization's passwords are synchronized via a 3rd party integration, there are some cases where passwords in ServiceNow for admin and service accounts are configured independently. That being said, I have a requirement where in a password should meet the following criteria:

- At least 1 uppercase letter (Done)

- At least 1 lowercase letter (Done)

- At least 1 number (Done)

- At lease 1 special character (Done)

- Password cannot contain your User ID (user_name) or any part of your full name - This one I need help with

So here's what I've done so far. In the Password Reset Credential Store, this is the setup in the Local ServiceNow instance:

The Auto generate password is PasswordPolicyCompliantAutoGenPassword and I created a custom password policy named "High". I've setup the first 4 requirements in the password policy I created. However, the last requirement (Password cannot contain your User ID (user_name) or any part of your full name) is not working. Could someone help me with this please?

Here's the password policy configuration I made:

Here's the complete Password Policy script:

(function executeScript() {
var options = {};

return isValid(options) ? options : {};

// DO NOT MODIFY THIS VALIDATION METHOD
function isValid(options) {
if (options && Object.keys(options).length > 0) {
for (x in options) {
if (isNaN(options[x])) {
gs.error('PasswordPolicy: ' + x + ' is not a number = ' + options[x]);
return false;
}
}
}
if(cantUserName()) {
return false;
}
return true;
}

function cantUserName(){
var uid = gs.getUserName();
var uname = gs.getUserDisplayName();
if((user_password.indexOf(uid)!=-1) || (user_password.indexOf(uname)!=-1))
{
gs.error('Password cannot contain your name or username');
return false;
}
return true;
}

})();

Could someone help me with this, please? I am also not sure if this is the correct place where I should make changes. Any detailed help is appreciated. Thanks in advance!

Re: Setup ServiceNow Password Policy to not contain username when user configures new password

mattystern — Thu, 17 Nov 2022 21:05:05 GMT

Hi Paatmarquez,

The password policy record has a "disallow user data" checkbox. According to the tooltip, it checks against firstname, lastname, username and company fields - seems like what you're looking for. For "custom" it looks like it is default located under the script field:

Re: Setup ServiceNow Password Policy to not contain username when user configures new password

patmaq — Fri, 18 Nov 2022 11:52:16 GMT

Thanks for your response! For some reason, I could not find this field in our instance. We're still currently in the Rome version though. But I tried recreating this in my developer instance in the Tokyo version and I enabled the "Disallow User Date". This worked perfectly. I guess this is a new feature.

Thanks a lot! Appreciate your help. 😊

question Setup ServiceNow Password Policy to not contain username when user configures new password in ServiceNow AI Platform forum

Setup ServiceNow Password Policy to not contain username when user configures new password

Re: Setup ServiceNow Password Policy to not contain username when user configures new password

Re: Setup ServiceNow Password Policy to not contain username when user configures new password