Password Reset Credential Store form

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Password Reset Credential Store

    The Password Reset Credential Store form allows ServiceNow customers to configure credential stores for password reset functionalities. It includes essential fields for connecting to different types of credential stores, determining password policies, and setting user account lookups.

    Show full answer Show less

    Key Features

    • Type: Defines the credential store type, enabling specific functionalities for password management.
    • Auto-generate password: Generates temporary passwords during the reset process, with compliance to specified password policies if enforced.
    • Enforce history policy: Helps prevent password reuse by setting limits on previous passwords that can be used.
    • Child Alias: Allows multiple connections for a credential store, facilitating various password reset scenarios.
    • Password policy: Users can select default or custom password policies to enforce security requirements.
    • Password rule hint: Guides users in creating compliant passwords during resets.
    • Enable Password Strength: Displays a strength meter and allows for the implementation of complexity requirements.

    Key Outcomes

    By configuring the Password Reset Credential Store, ServiceNow customers can enhance the security of their password management processes, ensure compliance with organizational policies, and improve user experience during password resets. Proper setup allows for effective management of password rules and history policies, leading to reduced risks associated with password reuse and vulnerabilities.

    Description of the fields on the Password Reset Credential Store form.

    Type Type of credential store that you are connecting to. A ServiceNow credential store type is a template that provides the required set of capabilities for a particular kind of credential store. Credential stores inherit the functionality of the credential store type.
    Note:
    For an AD credential store, skip this procedure and see Integrate Password Reset with your Active Directory service. The Password Reset Windows Application supports only AD credential stores.
    Auto generate password Script include that generates a temporary password for use during the reset process.

    If you select the Enforce history policy check box, then you must specify a value for Auto-generate password that is compliant with the password policy.
    Enforce history policy Appears only if you select a credential store Type of AD Credential Store or Local ServiceNow Instance. For information on configuring the setting for an AD credential store, see Configure the connection to an AD credential store.

    Select the Enforce history policy check box to ensure that users do not reuse passwords. For example, you might configure the history policy to not allow the user to reuse any of the previous 10 passwords. Follow this procedure:

    1. Select the Enforce history policy check box.
    2. In the Password Reset Credential Store Parameters related list, create a password_history_limit parameter.
    3. Set the value of the parameter to the number of previous passwords that cannot be used (maximum 10). The default value of 0 (zero) enables use of any previous password.
    Child Alias Child aliases are associated with the base alias. After creating a connection and credential alias, you can create a child alias to configure multiple connections for a password reset credential store. When a password reset request is made, the flow checks whether there are child alias connections at the process level. If the child alias is configured at the credential store level, the flow picks the aliases connections and proceeds with the request.
    Enable password policy See Enable password policies on your instance
    Password policy You can use the default policy or define your own.
    Hostname URL or IP address of the credential store.
    User account lookup Script include that maps the user ServiceNow platform ID to the user credential store ID. A default script, PwdDefaultUserAccountLookup, returns the user ServiceNow platform user name.
    Password rule hint Specify the text that appears on the password reset page to help the user to create a password that meets all requirements. The Password rule script enforces the requirements.
    Note:
    The Password Reset Windows Application supports newline characters in the hint. Other formatting is not supported (bold, underline, hyperlink, and so on).
    Password rule Specify the client script that validates the new password that the user enters. The script is invoked when the user enters a new password and clicks Password Reset. You can use the script to enforce password strength/complexity requirements.
    Enable Password Strength Select the check box to:
    • Display the text box for the Strength rule script so you can update the script.
    • Display the graphical Password Strength bar to the user while the user changes or resets the password.
    Note:
    The Password Reset Windows Application does not support Password Strength.
    Strength rule This text box appears only if you select Enable Password Strength.

    Specify the client script that calculates the strength/complexity of the password that the user enters. The script is invoked when the user begins to enter a new password during the reset process.

    Default settings:
    • Selected for local ServiceNow credential stores
    • Not selected for other credential stores
    Note:

    • To guide the user during the reset process, the system displays a graphical bar labeled Password Strength under the New password field.

      Password strength indicator
    • The Password Reset Windows Application does not support Password Strength.