Removing a Password from a User Record?

G_Ede · ‎02-07-2018

If a user is created without a password, it cannot log in. How can we return a user record to the same state (with no password) after having set a password for that user? Simply blanking out the password field on the User Form isn't sufficient (as the previous password is retained, and the user can still log in with it).

We're thinking about users who may have been using local authentication previously and are now going to be switched to SSO. We want to make sure these users are unable to authenticate locally, but we cannot completely disable local authentication as there will be a handful of users who still need to use local authentication.

Any suggestions on the best practice way to achieve this? We'd prefer not to delete the user records, and we would like to prevent a scenario where someone who has a user can set their password, giving them the ability to bypass SSO.

Patrick DeCarl1 · ‎02-07-2018

Graeme,

You will need to run a background script or fixed script. You can use below code for ex.

var user = new GlideRecord('sys_user');

user.get('9112fd0dc3313000bac1addbdfba8f95'); // SYSID of the user you want to blank out password for.

user.user_password = '';

user.update();

View solution in original post

cynlink1 · ‎05-24-2023

Mounika,

Did you come up with a script that met your requirements? If yes, would you be willing to share it?

Thanks!

Mounika Guntha · ‎05-25-2023

Hi Cynlink1,

We have used below code, This worked for us:

var users = ['userid1','userid2','userid 3'......,'userid n']; //Declare and array and capture all the sys_ids
var gr = new GlideRecord('sys_user');
gr.addQuery('user_name', 'IN', users);
gr.addQuery('user_password','!=','');
gr.setValue('user_password','');
gr.updateMultiple();

cynlink1 · ‎05-25-2023

Mounika,

Thanks for the quick response. I appreciate the help!

Cyndi