Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Password Reset URL Validation and User Verification in SLO

Go to solution
VuchiV
Tera Contributor

4 weeks ago

In the Supplier Onboarding Process, an email is sent to the supplier contact for password reset, which currently has a URL validation period of 1 hour. We need to extend this URL validation time to 3 months for password resets.

 

Upon investigation, I found that the system property "glide.pwd_reset.onetime.token.validity" governs the password reset URL validation time globally across all applications.

 

Could you please advise on how to modify this functionality specifically for the supplier onboarding process without affecting other processes in the system?

0 Helpfuls
  • 633 Views
1 ACCEPTED SOLUTION

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron
In response to VuchiV

4 weeks ago

@VuchiV 

yes you can try some custom solution which holds that timestamp etc in your supplier table but this is a customization and will be a technical debt meaning if something breaks after upgrade developer will have to do re-work to fix that.

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

View solution in original post

0 Helpfuls
5 REPLIES 5

Go to solution
rahulraviprasad
ServiceNow Employee
ServiceNow Employee

3 weeks ago

Supplier collaboration portal does not directly control User Access management or security and utilises the platform features so it is centrally controlled for every user with the system property "glide.pwd_reset.onetime.token.validity" you have mentioned. Although most of the time the requirement might be that suppliers are going to check their email for self registration after many days, like 3 months(which is very long), this is actually customization on each self registration configuration and can be controlled only for suppliers here, please refer screen shot below. 

rahulraviprasad_0-1763096836571.png

https://www.servicenow.com/docs/bundle/xanadu-source-to-pay-operations/page/product/supplier-lifecyc...

But once they have seen the email and are trying to self register and have successfully registered, they will more likely reset the password instantly and will check the mail to reset. Imagine verification/ OTPs etc, these are generally time bound for security reason and are not in days and default is 12 hours.

https://www.servicenow.com/docs/bundle/zurich-servicenow-platform/page/administer/login/reference/pa...

 

0 Helpfuls