Removing a Password from a User Record?

Go to solution
G_Ede
Tera Guru

‎02-07-2018 03:54 AM

If a user is created without a password, it cannot log in.   How can we return a user record to the same state (with no password) after having set a password for that user?   Simply blanking out the password field on the User Form isn't sufficient (as the previous password is retained, and the user can still log in with it).

We're thinking about users who may have been using local authentication previously and are now going to be switched to SSO.   We want to make sure these users are unable to authenticate locally, but we cannot completely disable local authentication as there will be a handful of users who still need to use local authentication.

Any suggestions on the best practice way to achieve this?   We'd prefer not to delete the user records, and we would like to prevent a scenario where someone who has a user can set their password, giving them the ability to bypass SSO.

Labels:
0 Helpfuls
  • 3,944 Views
1 ACCEPTED SOLUTION

Go to solution
Patrick DeCarl1
ServiceNow Employee
ServiceNow Employee

‎02-07-2018 04:20 AM

Graeme,



You will need to run a background script or fixed script. You can use below code for ex.



var user = new GlideRecord('sys_user');


user.get('9112fd0dc3313000bac1addbdfba8f95'); // SYSID of the user you want to blank out password for.


user.user_password = '';


user.update();


View solution in original post

7 REPLIES 7

Go to solution
Patrick DeCarl1
ServiceNow Employee
ServiceNow Employee

‎02-07-2018 04:20 AM

Graeme,



You will need to run a background script or fixed script. You can use below code for ex.



var user = new GlideRecord('sys_user');


user.get('9112fd0dc3313000bac1addbdfba8f95'); // SYSID of the user you want to blank out password for.


user.user_password = '';


user.update();


Go to solution
G_Ede
Tera Guru
In response to Patrick DeCarl1

‎02-08-2018 02:07 AM

Thanks Patrick!


0 Helpfuls

Go to solution
Mounika Guntha
Tera Contributor
In response to Patrick DeCarl1

‎07-05-2022 11:29 PM

Hi,

We have scenario where we need to remove specific individual passwords for list of 1200+ users and continue to log in with SSO
How to collect sys id's for these 1200+ id and remove specific individual passwords so that they can continue to log in with SSO

Any suggestions on the best practice way to achieve this?   We'd prefer not to delete the user records

0 Helpfuls

Go to solution
Mounika Guntha
Tera Contributor
In response to Mounika Guntha

‎07-06-2022 12:53 AM

var users = [sys_id1,sys_id2,sys_id3,.........sys_id1200]; //Declare and array and capture all the sys_ids
for(i=0;i<users.length;i++)//Run a loop
{
    sysId = users[i];
    var gr = new GlideRecord('sys_user');
    gr.addQuery('sys_id', sysId);
    gr.query();
    if(gr.next()){
        if(gr.password != ''){
            gr.password = '';
        }
    }
}

I am trying it this way, will this be a best practice

but then how to capture all the 1200 sys_ids

0 Helpfuls