Password Reset script includes

  • Release version: Zurich
  • Updated July 31, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Password Reset script includes

    The Password Reset plugin in ServiceNow provides a set of script includes that implement and extend password reset processes. These script includes are designed with extension points, allowing you to customize behavior by adding your own extension scripts. This modular approach helps tailor password reset functionality to specific organizational needs.

    Show full answer Show less

    Key Script Include Categories and Their Functions

    • Enrollment Check Script Includes: These scripts determine if a user is enrolled for password reset by returning a boolean based on user and verification IDs. Examples include checks for security questions and SMS verification enrollment.
    • Identification Form Processor Script Includes: These handle user identification during password reset by processing form inputs such as username or email, returning the corresponding user ID or null if not identified.
    • Enrollment Form Processor Script Includes: These manage the enrollment process by processing form data and returning success status. They also support adding session properties to communicate enrollment results and messages back to the UI.
    • User Account Lookup Script Includes: These scripts map a user ID to a credential store account ID, typically using the username as the account name, facilitating credential retrieval.
    • Password Generator Script Includes: These generate passwords automatically, for example, by combining a random word with digits, supporting secure and consistent password creation.
    • Verification Processor Script Includes: These verify user identity inputs during the reset process, returning true upon successful verification. Verification types include personal data confirmation, security questions, simple input, and SMS verification.
    • Post Processor Script Includes: These execute custom actions after the password reset workflow completes, handling both success and failure scenarios to support additional processing or notifications.

    Practical Benefits for ServiceNow Customers

    • Customizable Password Reset: Extension points allow you to adapt the password reset workflow to your organization's specific security policies and user verification methods.
    • Streamlined User Identification and Enrollment: Dedicated processors help accurately identify users and manage their enrollment status across multiple verification methods.
    • Secure Verification and Password Generation: Built-in verification processors and password generators ensure secure and consistent resetting of credentials.
    • Post-Process Automation: Post processors enable additional automation after password reset completion, such as notifications or audit logging.

    Using the Script Includes

    Each script include category requires specific parameters, such as userId, verificationId, and request objects representing form inputs. Results typically include boolean success flags, user sysids, generated passwords, or session properties to communicate status and messages to the UI. Understanding these inputs and outputs is essential for effective customization.

    The Password Reset plugin installs script includes that implement password reset processes. To enable you to extend functionality, each base-system script include provides extension points that you can use to invoke "extension scripts" that you customized.

    The extension script category refers to the specific types of behavior for an extension script (for example, credential store, verification, identification type, or as a post-processor).

    'Enrollment check' script includes

    All enrollment check script includes take the following parameters and return a boolean indicating whether the user is enrolled for Password Reset.
    • params.userId: The sys_id of the user being checked (table: [sys_user]).
    • params.verificationId: The sys_id of the verification being checked (table: [pwd_verification]).
    Name Description
    PwdAlwaysEnrolled Default check of whether a user is enrolled that always returns true.
    PwdMockIsEnrolled Default check of whether a user is enrolled that always returns true.
    PwdQuestionsEnrollmentCheck Determines whether a user has enrolled for Password Reset using security question verification.
    PwdSMSEnrollmentCheck Determines whether a user has enrolled for Password Reset using SMS verification.

    'Identification form processor' script includes

    Identification form processor script includes provide functionality for extending identification processing.

    All identification form processor script includes take the following parameters, and return the sys_id of the user that corresponds to the requested input. If the user was not identified, it returns null.
    • params.processId: The sys_id of the calling Password Reset process (table: [pwd_process]).
    • param request: The form request object. Fields in the form can be accessed with request.getParameter('<element-id>'). The supported request parameter is sysparm_user_id, the user identifier value entered in the form.
    Name Description
    PwdIdentifyViaEmail Verifies a user's identity by checking the email address.
    PwdIdentifyViaUsername Verifies a user's identity by checking the user name.

    'Enrollment form processor' script includes

    Enrollment form processor script includes provide functionality for extending enrollment form processing.

    All enrollment form processor script includes take the following parameters, and return a boolean indicating whether the user was successfully enrolled.
    • params.userId: The sys_id of the user trying to enroll (table: [sys_user]).
    • params.verificationId: The sys_id of the verification used to enroll (table: [pwd_verification]).
    • params.enrollmentId: The sys_id of this enrollment process.
    • request: The form request object. Fields in the form can be accessed with request.getParameter('<element-id>').
    You should add the following information to the state of the enrollment process:
    • gs.getSession().putProperty("result.status",status): Whether the user was successfully enrolled.
    • gs.getSession().putProperty("result.message",message): An associated message to be returned to the UI, such as a detailed error message.
    • gs.getSession().putProperty("result.value",value): A custom value associated with the enrollment.
    Name Description
    PwdEnrollQuestionsProcessor Handles questions and answers for verification.
    PwdEnrollSampleProcessor Provides an enrollment processor for sample verification.
    PwdEnrollSMSProcessor Provides an enrollment processor for SMS verification.

    'User account lookup' script includes

    User account lookup script includes return the credential store account_id for a given user.

    The following parameter returns the credential store account_id for a given user. params.userId: The sys_id of the user being checked (table: [sys_user]).
    Name Description
    PwdDefaultUserAccountLookup Provides a default script for user account lookup from a user_id to the account in a credential store. The default mapping is to use the user name as the account name.

    'Password generator' script includes

    Password generator script includes take the following parameter, and return an auto-generated string password.

    params.credentialStoreId: The sys_id of the calling Password Reset process (table: [pwd_process]).

    Name Description
    PwdDefaultAutoGenPassword Generates a password from a random word and 4 digits.

    'Verification processor' script includes

    If the user identity is verified, the verification processor script includes return true.

    Verification processor script includes take the following parameters:
    • params.resetRequestId: The sys_id of the current Password Reset request (table: [pwd_reset_request]).
    • params.userId: The sys_id of the user to be verified (table: [sys_user]).
    • params.verificationId: The sys_id of the verification (table: [pwd_verification]).
    • request: The form request object. Access the fields in the form with request.getParameter('<element-id>').
    Name Description
    PwdVerifyPersonalDataConfirmationProcess Verifies that the user accepts the answer.
    PwdVerifyPersonalDataProcessor Verifies that the user's answers match the expected data in the system.
    PwdVerifyQuestionsProcessor Provides question and answer verification of user input on the second page of the verification form.
    PwdVerifySimpleProcessor Provides simple verification of user input on the second page of the verification form.
    PwdVerifySMSProcessor Provides SMS verification of user input on the second page of the verification form.

    'Post processor' script includes

    Post processor script includes execute custom actions after the Password Reset process has completed.

    All post processor script includes take the following parameters.
    • params.resetRequestId: The sys_id of the current Password Reset request (table: [pwd_reset_request]).
    • params.wfSuccess: A flag indicating whether the workflow completed successfully: True if, and only if, successful.
    Name Description
    PwdPostProcessor Executes actions after the process completes for success, failure, or both conditions.