Configuring Password Reset

  • Release version: Xanadu
  • Updated August 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configuring Password Reset

    The Password Reset application in ServiceNow enables end users to reset or change their passwords through a self-service process or with assistance from service desk agents. It supports secure identity verification and integration with various credential stores, enhancing user convenience and organizational security compliance.

    Show full answer Show less

    Key Features

    • Configurable Elements: Connect to credential stores that securely hold user credentials; specify user groups eligible for password reset; define identification types (e.g., user name or email); and select verification methods such as security questions, email or SMS codes, and authenticator apps (Google Authenticator, Microsoft Authenticator, Cisco Duo).
    • Self-Service and Service Desk Models: Users can reset passwords independently or request service desk assistance for password resets and account unlocks.
    • Password Reset Windows Application: Allows users to reset passwords directly from the Windows login screen via a “Forgot Password?” link, integrating with Active Directory credential stores.
    • Password Change Application: Extends password reset capabilities by letting users change passwords after login, with real-time validation against granular password policies and strength indicators. Supports mobile devices and customizable user interface themes.
    • Customization: Use Password Reset scripts to create custom credential stores, verification methods, and identification types, tailoring the process to organizational needs.
    • Integration Options: Incorporate password reset functionality into Service Portal pages via widgets or into CMS sites to provide a unified employee self-service experience.

    Implementation and Management

    • Planning: Align the password reset process with organizational security policies and guidelines before configuration.
    • Configuration: Set up connections to credential stores, assign user groups, choose identification and verification methods, and enroll users accordingly.
    • Security Monitoring: Track password reset activities to detect security threats and ensure compliance with password policies.
    • Security Scoring: Evaluate the strength of the password reset process configuration using a security score metric to maintain robust security standards.

    Practical Benefits for ServiceNow Customers

    • Empowers users to securely reset or change passwords independently, reducing service desk workload.
    • Supports multiple verification methods, enhancing security and flexibility.
    • Enables seamless integration with existing credential stores like Active Directory.
    • Provides customization options to meet specific organizational requirements.
    • Facilitates comprehensive management and monitoring to uphold security compliance.
    • Offers user-friendly interfaces both on desktops and mobile devices, improving user experience.

    The Password Reset application enables an end user to reset or change a password using a self-service process. Alternatively, your organization can implement a process that requires a service desk agent to reset passwords for end users.

    Watch the video: Introducing Password Reset (video)

    Elements of the Password Reset process

    You configure the following elements of the process for your organization:

    • A connection to the credential store for your organization where user credentials, like user name and password, are securely stored.
    • One or more user groups on the ServiceNow instance that can use the password reset process.
    • The type of identification that users must enter to identify themselves (generally user name or email address).
    • One or more verifications — Methods to verify the identity of the user. Here are some examples of the verifications:
      • Question and answer: Answer a question that only the user knows (based on the Security Question verification type).
      • Email: Enter a code number that was emailed to the user.
      • SMS: Enter a code number that was texted to a mobile device.
      • Authenticator app: Enter a code that is displayed on your Authenticator app on a mobile device.
        Note:
        Password Reset supports the following authenticator apps:
        • Google Authenticator
        • Microsoft Authenticator
        • Cisco Duo

    Implementing a Password Reset process

    1. Plan your implementation: Consider all applicable organizational guidelines, security policies, and areas of the organization.
    2. Set up the elements of the password reset and password change processes according to the plan:
      • Connection to the credential store.
      • User groups that use the password reset process.
      • Identification type to use.
      • Verifications to use.
    3. In the service desk-assisted model, assign service desk agents to monitor and reset passwords as needed.
    4. Monitor password reset activity to identify security threats and to ensure compliance with the password policy requirements of your organization.

    Password Reset Windows Application

    If a user forgets the password or gets locked out of a Windows computer, the user can reset the password directly from the Windows login screen. The user clicks the Forgot Password? link and is then guided through the process of resetting the password. To learn more, see Password Reset Windows Application.

    Password Change application

    The Password Change application extends the Password Reset application by letting admins define how users change their passwords. Users can change their passwords by using a self-service process.
    1. The user logs in to the instance and then selects the All > Password Reset > Change Password module or link from the user profile record. The user can also use the Password Change application on mobile devices.
      Note:
      By default, the dark theme doesn't apply to the Change Password form. Users can change the theme to the dark theme. For more information about the dark theme, see Exploring themes in Next Experience.
    2. On the Change Password form, the user selects a Password Reset process related to a credential store for which the user wants to change the password.
    3. The user enters the old password and the new password.
      Note:

      As the user enters a password, the New Password field shows a message indicating whether the characters entered in the field are correct or not. For example, if a user enters a character that doesn't fit the password policy, the New Password field shows an error message. The strength bar also shows the strength of the new password that the user has entered.

      The password policy (granular password complexity) helps create a correct, strong password on the Change Password form in the Next Experience and the Core UI.

    4. After all the password rules are met, the workflows validate the old password, and then implement the new one.
    5. The user types the new password again in the Retype password field, and selects Change Password.
    6. The system notifies the user that the password was changed.