Configuring Password Reset

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configuring Password Reset

    The Password Reset application allows end users to reset or change their passwords through a self-service process, or through assistance from a service desk agent. This capability enhances user autonomy while maintaining security through various identification and verification methods.

    Show full answer Show less

    Key Features

    • Credential Store Connection: Securely connects to your organization’s credential store where user credentials are maintained.
    • User Groups: Designate specific user groups within your ServiceNow instance who can utilize the password reset process.
    • Identification and Verification: Choose identification methods (e.g., username or email) and verification methods such as security questions, email codes, SMS codes, or codes from authenticator apps (Google Authenticator, Microsoft Authenticator, Cisco Duo).
    • Password Change Application: Allows users to change their passwords via a self-service process, providing feedback on password strength and compliance with security policies.
    • Customizability: Extend Password Reset functionalities by creating custom credential stores, verification types, and scripts.
    • Integration Options: Enable Password Reset through a Service Portal widget or integrate it with a CMS site for streamlined access.

    Key Outcomes

    By implementing the Password Reset application, organizations can enhance user experience with efficient password management, reduce service desk workload, and strengthen security protocols. Proper configuration and monitoring of password reset activities help ensure compliance with organizational security policies.

    The Password Reset application enables an end user to reset or change a password using a self-service process. Alternatively, your organization can implement a process that requires a service desk agent to reset passwords for end users.

    Watch the video: Introducing Password Reset (video)

    Elements of the Password Reset process

    You configure the following elements of the process for your organization:

    • A connection to the credential store for your organization where user credentials, like user name and password, are securely stored.
    • One or more user groups on the ServiceNow instance that can use the password reset process.
    • The type of identification that users must enter to identify themselves (generally user name or email address).
    • One or more verifications — Methods to verify the identity of the user. Here are some examples of the verifications:
      • Question and answer: Answer a question that only the user knows (based on the Security Question verification type).
      • Email: Enter a code number that was emailed to the user.
      • SMS: Enter a code number that was texted to a mobile device.
      • Authenticator app: Enter a code that is displayed on your Authenticator app on a mobile device.
        Note:
        Password Reset supports the following authenticator apps:
        • Google Authenticator
        • Microsoft Authenticator
        • Cisco Duo

    Implementing a Password Reset process

    1. Plan your implementation: Consider all applicable organizational guidelines, security policies, and areas of the organization.
    2. Set up the elements of the password reset and password change processes according to the plan:
      • Connection to the credential store.
      • User groups that use the password reset process.
      • Identification type to use.
      • Verifications to use.
    3. In the service desk-assisted model, assign service desk agents to monitor and reset passwords as needed.
    4. Monitor password reset activity to identify security threats and to ensure compliance with the password policy requirements of your organization.

    Password Reset Windows Application

    If a user forgets the password or gets locked out of a Windows computer, the user can reset the password directly from the Windows login screen. The user clicks the Forgot Password? link and is then guided through the process of resetting the password. To learn more, see Password Reset Windows Application.

    Password Change application

    The Password Change application extends the Password Reset application by letting admins define how users change their passwords. Users can change their passwords by using a self-service process.
    1. The user logs in to the instance and then selects the All > Password Reset > Change Password module or link from the user profile record. The user can also use the Password Change application on mobile devices.
      Note:
      By default, the dark theme doesn't apply to the Change Password form. Users can change the theme to the dark theme. For more information about the dark theme, see Exploring themes in Next Experience.
    2. On the Change Password form, the user selects a Password Reset process related to a credential store for which the user wants to change the password.
    3. The user enters the old password and the new password.
      Note:

      As the user enters a password, the New Password field shows a message indicating whether the characters entered in the field are correct or not. For example, if a user enters a character that doesn't fit the password policy, the New Password field shows an error message. The strength bar also shows the strength of the new password that the user has entered.

      The password policy (granular password complexity) helps create a correct, strong password on the Change Password form in the Next Experience and the Core UI.

    4. After all the password rules are met, the workflows validate the old password, and then implement the new one.
    5. The user types the new password again in the Retype password field, and selects Change Password.
    6. The system notifies the user that the password was changed.