Configuring Password Reset

  • Release version: Zurich
  • Updated July 31, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Configuring Password Reset

    The Password Reset application in ServiceNow enables end users to reset or change their passwords through a self-service process, or alternatively, allows service desk agents to assist with password resets. This capability enhances user autonomy and supports organizational security policies by providing flexible password management options.

    Show full answer Show less

    Key Features

    • Connection to Credential Store: Securely links to the organization's credential store, such as Active Directory, where user credentials are maintained.
    • User Group Configuration: Define which user groups on the ServiceNow instance are authorized to use the password reset process.
    • Identification Type: Specify the type of user identification required during password reset, commonly username or email address.
    • Verification Methods: Multiple verification options ensure secure identity confirmation, including:
      • Security questions
      • Email codes
      • SMS codes
      • Authenticator apps (Google Authenticator, Microsoft Authenticator, Cisco Duo)
    • Password Change Application: Extends password reset by allowing users to change passwords after login, with real-time policy compliance feedback and password strength indicators.
    • Windows Application Integration: Enables users to reset passwords directly from the Windows login screen via a “Forgot Password?” link.
    • Customization: Supports scripts and extension points to create custom credential stores, verification, and identification types tailored to organizational needs.
    • Service Desk Assistance: Optionally, service desk agents can monitor and perform password resets or unlock user accounts as needed.
    • Integration Options: Password Reset can be integrated within Service Portal widgets or ServiceNow CMS sites to provide seamless user access.

    Implementation Guidance

    • Planning: Align password reset configuration with organizational security policies and user groups.
    • Configuration: Set up connections to credential stores, designate user groups, select identification types, and configure verification methods.
    • Monitoring: Track password reset activity to detect security threats and ensure compliance with password policies.
    • Enrollment: Users typically enroll in the self-service password reset process following organizational procedures.
    • Plugin Installation: For Windows password reset functionality, request and install the Password Reset Orchestration plugin to enable Active Directory integration.

    Benefits for ServiceNow Customers

    By implementing the Password Reset application, ServiceNow customers can empower users with self-service password management, reduce service desk workload, and enhance security through configurable verification methods and policy enforcement. Integration capabilities allow embedding password reset in portals and CMS sites, improving user experience and accessibility.

    The Password Reset application enables an end user to reset or change a password using a self-service process. Alternatively, your organization can implement a process that requires a service desk agent to reset passwords for end users.

    Watch the video: Introducing Password Reset (video)

    Elements of the Password Reset process

    You configure the following elements of the process for your organization:

    • A connection to the credential store for your organization where user credentials, like user name and password, are securely stored.
    • One or more user groups on the ServiceNow instance that can use the password reset process.
    • The type of identification that users must enter to identify themselves (generally user name or email address).
    • One or more verifications — Methods to verify the identity of the user. Here are some examples of the verifications:
      • Question and answer: Answer a question that only the user knows (based on the Security Question verification type).
      • Email: Enter a code number that was emailed to the user.
      • SMS: Enter a code number that was texted to a mobile device.
      • Authenticator app: Enter a code that is displayed on your Authenticator app on a mobile device.
        Note:
        Password Reset supports the following authenticator apps:
        • Google Authenticator
        • Microsoft Authenticator
        • Cisco Duo

    Implementing a Password Reset process

    1. Plan your implementation: Consider all applicable organizational guidelines, security policies, and areas of the organization.
    2. Set up the elements of the password reset and password change processes according to the plan:
      • Connection to the credential store.
      • User groups that use the password reset process.
      • Identification type to use.
      • Verifications to use.
    3. In the service desk-assisted model, assign service desk agents to monitor and reset passwords as needed.
    4. Monitor password reset activity to identify security threats and to ensure compliance with the password policy requirements of your organization.

    Password Reset Windows Application

    If a user forgets the password or gets locked out of a Windows computer, the user can reset the password directly from the Windows login screen. The user clicks the Forgot Password? link and is then guided through the process of resetting the password. To learn more, see Password Reset Windows Application.

    Password Change application

    The Password Change application extends the Password Reset application by letting admins define how users change their passwords. Users can change their passwords by using a self-service process.
    1. The user logs in to the instance and then selects the All > Password Reset > Change Password module or link from the user profile record. The user can also use the Password Change application on mobile devices.
      Note:
      By default, the dark theme doesn't apply to the Change Password form. Users can change the theme to the dark theme. For more information about the dark theme, see Exploring themes in Next Experience.
    2. On the Change Password form, the user selects a Password Reset process related to a credential store for which the user wants to change the password.
    3. The user enters the old password and the new password.
      Note:

      As the user enters a password, the New Password field shows a message indicating whether the characters entered in the field are correct or not. For example, if a user enters a character that doesn't fit the password policy, the New Password field shows an error message. The strength bar also shows the strength of the new password that the user has entered.

      The password policy (granular password complexity) helps create a correct, strong password on the Change Password form in the Next Experience and the Core UI.

    4. After all the password rules are met, the workflows validate the old password, and then implement the new one.
    5. The user types the new password again in the Retype password field, and selects Change Password.
    6. The system notifies the user that the password was changed.