How to set the password on Create a User action in the Microsoft AD Spoke

AlexS_
Tera Contributor

‎07-23-2020 07:55 PM

When adding the action 'Create a user' action to a flow you are presenting with variables to fill out.  The assumption is fields like First Name Last name etc... will be inputted from catalog variables in a form from the service catalog.  My question is the Password field. 

What is the expected input "password2" pill to be dropped in there? 

 

 

find_real_file.png

The help text says "Password - The password the user wants to set as part of the user creation in AD"  

Who is assumed to be the "user wants to set" is?  The new hire/new account?  

 

find_real_file.png

 

Generally our operating procedures is to create the account with a random complex password and send it to the hiring manager before the new hire starts. 

 

As we are trying to automate the on-boarding process utilizing this spoke/action how can I have the action set a random password when creating the AD User & then pass that value along somewhere we can grab it and ingest it into a email notification?

Preview file
157 KB
Preview file
109 KB
0 Helpfuls
  • 3,473 Views
4 REPLIES 4

Andrew Albury-D
Mega Guru

‎07-24-2020 01:31 PM

Hey Alex,

This is fairly simple to accomplish using a custom action. Here's an example:

 

find_real_file.png

 

And the outputs: find_real_file.png

and the output:

find_real_file.png

Here's the script:

(function execute(inputs, outputs) {

  var password = "HelloWorld1";
  
  outputs.password = gs.base64Encode(password);
  outputs.plain_text = password;
  
})(inputs, outputs);

 

You can replace the first line where I set the password with your own logic, or better yet, pass in some parameters to generate a specific length/complexity as an input!

I would like to note however that emailing a user a password that isn't their own is probably not best practice, but that's an internal discussion at your place of work.

Hope that helps!

Andrew

 

Preview file
228 KB
Preview file
332 KB
Preview file
222 KB

AlexS_
Tera Contributor
In response to Andrew Albury-D

‎09-25-2020 06:31 AM

Thanks Andrew @Andrew Albury-Dor for your reply. 

This looks like it would work but one caveat we wanted to make the password randomly generated and not statically set.

0 Helpfuls

Andrew Albury-D
Mega Guru
In response to AlexS_

‎09-25-2020 12:35 PM

Hey Alex, That part is the easiest! Here's an example that has some single line scripts to generate random passwords: https://stackoverflow.com/questions/9719570/generate-random-password-string-with-requirements-in-javascript/9719815 Just throw that in the script where it's manually set. Hopefully that answers your question 🙂
0 Helpfuls

kevan_smith
Mega Expert

‎10-04-2022 11:25 AM

Updating this thread, as I think the base64 encoding approach may be outdated.  Use the GlideEncrypter API: GlideEncrypter API Documentation 

 

Also, while you're certainly well past this project you asked for a solution that creates a Password2 random password.  Here's an example:

Inputs

  • password_length (integer)
  • include_lowercase, include_uppercase, include_numbers, include_symbols (True/False), char sets 

Outputs

  • status (string): Success/Warning/Error
  • error_message (string)
  • password_entropy (integer)
  • password_strength (string): Weak/OK/Good/Very Good/Excellent
  • password2 (2-way encrypted password)
(function execute(inputs, outputs) {
    outputs.status = "Success";
   outputs.error_message = "";
 
    var include_lowercase = Boolean(String(inputs.include_lowercase) === "true");
    var include_uppercase = Boolean(String(inputs.include_uppercase) === "true");
    var include_numbers = Boolean(String(inputs.include_numbers) === "true");
    var include_symbols = Boolean(String(inputs.include_symbols) === "true");

    if (!(include_lowercase || include_uppercase || include_numbers || include_symbols)) {
        outputs.status = "Warning";
        outputs.error_message += "One or more character sets are required.  Using defaults (lower + upper + numbers + symbols)\n";
        include_lowercase = true;
        include_uppercase = true;
        include_numbers = true;
        include_symbols = true;
    }
    if (inputs.password_length < 4) {
        outputs.status = "Warning";
        outputs.error_message += "Minimum password length is 4. ";
        inputs.password_length = 4;
    }
    if (inputs.password_length > 256) {
        outputs.status = "Warning";
        outputs.error_message += "Maximum password length is 256. ";
        inputs.password_length = 256;
    }

    // build character sets
    var charset_lowercase = 'abcdefghijkmnopqrstuvwxyz';
    var charset_uppercase = 'ACDEFGHJKLMNPRTUVWXYZ';
    var charset_numbers = '234679';
    var charset_symbols = '!#%+:=?@_-';
    var charset = '';
    var charset_count = 0;

    if (include_lowercase) {
        charset += charset_lowercase;
        charset_count++;
    }
    if (include_uppercase) {
        charset += charset_uppercase;
        charset_count++;
    }
    if (include_numbers) {
        charset += charset_numbers;
        charset_count++;
    }
    if (include_symbols) {
        charset += charset_symbols;
        charset_count++;
    }

    if (charset == "") {
        outputs.status = "Error";
        outputs.error_message += "Unhandled exception building character set.\n";
    }
    // Calculate password strength
    // Math.log2 isn't supported, so we'll use a table,
    var log2table = [0, 0, 1, 1.584962501, 2, 2.321928095, 2.584962501, 2.807354922, 3, 3.169925001, 3.321928095, 3.459431619, 3.584962501, 3.700439718, 3.807354922, 3.906890596, 4, 4.087462841, 4.169925001, 4.247927513, 4.321928095, 4.392317423, 4.459431619, 4.523561956, 4.584962501, 4.64385619, 4.700439718, 4.754887502, 4.807354922, 4.857980995, 4.906890596, 4.95419631, 5, 5.044394119, 5.087462841, 5.129283017, 5.169925001, 5.209453366, 5.247927513, 5.285402219, 5.321928095, 5.357552005, 5.392317423, 5.426264755, 5.459431619, 5.491853096, 5.523561956, 5.554588852, 5.584962501, 5.614709844, 5.64385619, 5.672425342, 5.700439718, 5.727920455, 5.754887502, 5.781359714, 5.807354922, 5.832890014, 5.857980995, 5.882643049, 5.906890596, 5.930737338, 5.95419631, 5.977279923, 6, 6.022367813, 6.044394119, 6.06608919, 6.087462841, 6.108524457, 6.129283017, 6.14974712, 6.169925001, 6.189824559, 6.209453366, 6.22881869, 6.247927513, 6.266786541, 6.285402219, 6.303780748, 6.321928095, 6.339850003, 6.357552005, 6.375039431, 6.392317423, 6.409390936, 6.426264755, 6.442943496, 6.459431619, 6.475733431, 6.491853096, 6.50779464, 6.523561956, 6.539158811, 6.554588852];
    var entropy = log2table[charset.length]; // Capture this now, since charset can change during password generation

    // build password        
    var tempPassword = "";
    for (var i = 0; i < inputs.password_length; ++i) {
        var nextChar = charset.charAt(Math.floor(Math.random() * charset.length));
        tempPassword += nextChar;

        // Track as each character set is satisfied
        if (include_lowercase == true && charset_lowercase.includes(nextChar)) {
            include_lowercase = false;
            charset_count--;
        }
        else if (include_uppercase == true && charset_uppercase.includes(nextChar)) {
            include_uppercase = false;
            charset_count--;
        }
        else if (include_numbers == true && charset_numbers.includes(nextChar)) {
            include_numbers = false;
            charset_count--;
        }
        else if (include_symbols == true && charset_symbols.includes(nextChar)) {
            include_symbols = false;
            charset_count--;
        }

        if ((i == inputs.password_length - charset_count - 1) && charset_count > 0) {
            // We're out of time to allow random chance to satisfy the character set requirements.
            // Rebuild the course charset to include only those sets not already satisfied.
            charset = "";
            if (include_lowercase == true) {
                charset += charset_lowercase;
            }
            if (include_uppercase == true) {
                charset += charset_uppercase;
            }
            if (include_numbers == true) {
                charset += charset_numbers;
            }
            if (include_symbols == true) {
                charset += charset_symbols;
            }

            if (charset == "") {
                outputs.status = "Error";
                outputs.error_message += "Unhandled exception building character set.\n";
            }
        }
        //outputs.error_message += "i: " + i + ", password_length: " + inputs.password_length + ", charset_count: " + charset_count + ", tempPassword: " + tempPassword + ", include_lowercase: " + include_lowercase + ", include_uppercase: " + include_uppercase + ", include_numbers: " + include_numbers + ", include_symbols: " + include_symbols + ", charset: " + charset + "\n";
    }
    //outputs.password = tempPassword;
    var encr = new GlideEncrypter();
    outputs.password2 = encr.encrypt(tempPassword);
    //outputs.error_message += "Final Password: " + tempPassword;
  
    outputs.password_entropy = parseInt(inputs.password_length * entropy);
    if (outputs.password_entropy < 25)
        outputs.password_strength = "Weak";
    else if (outputs.password_entropy < 50)
        outputs.password_strength = "OK";
    else if (outputs.password_entropy < 75)
        outputs.password_strength = "Good";
    else if (outputs.password_entropy < 100)
        outputs.password_strength = "Very Good";
    else
        outputs.password_strength = "Excellent";
})(inputs, outputs);

 

0 Helpfuls