Password Reset Credential Store form

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Password Reset Credential Store form

    The Password Reset Credential Store form in ServiceNow allows you to configure connections to various credential stores to enable password reset functionality. This form defines the settings and scripts required to manage and enforce password policies, lookup user accounts, and handle password complexity during resets. It is a key component for integrating password reset capabilities with external systems, except for Active Directory (AD) credential stores, which require a separate integration process.

    Show full answer Show less

    Key Features

    • Type: Select the credential store type you want to connect to. Each type provides specific capabilities. Note that AD credential stores are handled differently and require a separate setup.
    • Auto-generate password: Use a script include to generate temporary passwords during resets. If password history enforcement is enabled, these generated passwords must comply with the policy.
    • Enforce history policy: For AD credential stores or local ServiceNow instances, you can prevent users from reusing a specified number of previous passwords (up to 10). This requires creating a passwordhistorylimit parameter to define the limit.
    • Child Alias: Configure child aliases linked to a base alias to manage multiple connections within a credential store, allowing flexible routing of password reset requests.
    • Enable password policy and Password policy: Activate and apply either default or custom password policies to ensure password compliance during resets.
    • Hostname: Specify the URL or IP address of the credential store for connection.
    • User account lookup: Use a script include to map ServiceNow user IDs to credential store user IDs, with a default script available for standard mappings.
    • Password rule hint: Provide user guidance on password requirements during reset, displayed as plain text with support for newlines.
    • Password rule: Define client-side scripts to validate new passwords against complexity requirements when users reset their passwords.
    • Enable Password Strength and Strength rule: Optionally display a password strength meter and define scripts to evaluate password complexity dynamically. Note that the Password Reset Windows Application does not support these features.

    Practical Implications for ServiceNow Customers

    By properly configuring the Password Reset Credential Store form, you can streamline the password reset process, enforce security policies like password complexity and history, and integrate ServiceNow with your external credential stores effectively. This ensures secure, compliant password resets that enhance user experience and reduce administrative overhead.

    For AD environments, follow the dedicated integration guide rather than this form to leverage the Windows Application’s capabilities.

    Overall, this form provides the necessary configuration points to tailor password reset behavior to your organization's security requirements and technical environment.

    Description of the fields on the Password Reset Credential Store form.

    Type Type of credential store that you are connecting to. A ServiceNow credential store type is a template that provides the required set of capabilities for a particular kind of credential store. Credential stores inherit the functionality of the credential store type.
    Note:
    For an AD credential store, skip this procedure and see Integrate Password Reset with your Active Directory service. The Password Reset Windows Application supports only AD credential stores.
    Auto generate password Script include that generates a temporary password for use during the reset process.

    If you select the Enforce history policy check box, then you must specify a value for Auto-generate password that is compliant with the password policy.
    Enforce history policy Appears only if you select a credential store Type of AD Credential Store or Local ServiceNow Instance. For information on configuring the setting for an AD credential store, see Configure the connection to an AD credential store.

    Select the Enforce history policy check box to ensure that users do not reuse passwords. For example, you might configure the history policy to not allow the user to reuse any of the previous 10 passwords. Follow this procedure:

    1. Select the Enforce history policy check box.
    2. In the Password Reset Credential Store Parameters related list, create a password_history_limit parameter.
    3. Set the value of the parameter to the number of previous passwords that cannot be used (maximum 10). The default value of 0 (zero) enables use of any previous password.
    Child Alias Child aliases are associated with the base alias. After creating a connection and credential alias, you can create a child alias to configure multiple connections for a password reset credential store. When a password reset request is made, the flow checks whether there are child alias connections at the process level. If the child alias is configured at the credential store level, the flow picks the aliases connections and proceeds with the request.
    Enable password policy See Enable password policies on your instance
    Password policy You can use the default policy or define your own.
    Hostname URL or IP address of the credential store.
    User account lookup Script include that maps the user ServiceNow platform ID to the user credential store ID. A default script, PwdDefaultUserAccountLookup, returns the user ServiceNow platform user name.
    Password rule hint Specify the text that appears on the password reset page to help the user to create a password that meets all requirements. The Password rule script enforces the requirements.
    Note:
    The Password Reset Windows Application supports newline characters in the hint. Other formatting is not supported (bold, underline, hyperlink, and so on).
    Password rule Specify the client script that validates the new password that the user enters. The script is invoked when the user enters a new password and clicks Password Reset. You can use the script to enforce password strength/complexity requirements.
    Enable Password Strength Select the check box to:
    • Display the text box for the Strength rule script so you can update the script.
    • Display the graphical Password Strength bar to the user while the user changes or resets the password.
    Note:
    The Password Reset Windows Application does not support Password Strength.
    Strength rule This text box appears only if you select Enable Password Strength.

    Specify the client script that calculates the strength/complexity of the password that the user enters. The script is invoked when the user begins to enter a new password during the reset process.

    Default settings:
    • Selected for local ServiceNow credential stores
    • Not selected for other credential stores
    Note:

    • To guide the user during the reset process, the system displays a graphical bar labeled Password Strength under the New password field.

      Password strength indicator
    • The Password Reset Windows Application does not support Password Strength.