Password Reset script includes

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Password Reset Script Includes

    The Password Reset plugin in ServiceNow (Release Yokohama) provides a set of script includes that implement and extend password reset processes. These script includes offer extension points to customize behaviors such as verification, user identification, enrollment, password generation, and post-processing actions. This enables ServiceNow customers to tailor the password reset experience to their specific organizational needs while maintaining a structured and secure workflow.

    Show full answer Show less

    Key Script Include Categories and Their Functions

    • Enrollment Check: Scripts that determine if a user is enrolled for Password Reset, returning a boolean. Examples include checks for security questions or SMS verification enrollment.
    • Identification Form Processor: Scripts to identify users based on form input, typically returning the user’s sysid or null if no match is found. Common methods include identification via email or username.
    • Enrollment Form Processor: Scripts managing enrollment form submissions, determining success or failure of enrollment and providing status messages and custom values for UI feedback.
    • User Account Lookup: Scripts to map a user’s sysid to their credential store accountid, usually defaulting to the username as the account name.
    • Password Generator: Scripts that generate passwords automatically, such as combining a random word with digits to create secure passwords.
    • Verification Processor: Scripts that validate user identity by verifying inputs against expected data like personal information, security questions, or SMS codes, returning success as a boolean.
    • Post Processor: Scripts that execute custom actions after the password reset workflow completes, handling both success and failure scenarios.

    Practical Benefits for ServiceNow Customers

    • Extensibility: Each base script include supports extension scripts, allowing customers to customize verification methods, enrollment processes, and post-reset actions without altering core code.
    • Security: Multiple verification and enrollment checks ensure that only authorized users can reset passwords, supporting methods like SMS and security questions.
    • User Experience: Identification and enrollment processors handle diverse user inputs and provide meaningful feedback through the UI, enhancing usability.
    • Automation: Automatic password generation and workflow post-processing streamline password reset operations, reducing manual intervention.

    Application Guidance

    ServiceNow customers implementing or customizing Password Reset should leverage these script includes to:

    • Implement custom verification and identification logic suited to their environment.
    • Customize enrollment workflows with detailed status and messaging to users.
    • Utilize the password generator for consistent and secure password creation.
    • Invoke post-processing scripts to trigger notifications or audits after resets.

    By utilizing these script includes and extension points, customers can efficiently manage password reset processes while maintaining security and flexibility.

    The Password Reset plugin installs script includes that implement password reset processes. To enable you to extend functionality, each base-system script include provides extension points that you can use to invoke "extension scripts" that you customized.

    The extension script category refers to the specific types of behavior for an extension script (for example, credential store, verification, identification type, or as a post-processor).

    'Enrollment check' script includes

    All enrollment check script includes take the following parameters and return a boolean indicating whether the user is enrolled for Password Reset.
    • params.userId: The sys_id of the user being checked (table: [sys_user]).
    • params.verificationId: The sys_id of the verification being checked (table: [pwd_verification]).
    Name Description
    PwdAlwaysEnrolled Default check of whether a user is enrolled that always returns true.
    PwdMockIsEnrolled Default check of whether a user is enrolled that always returns true.
    PwdQuestionsEnrollmentCheck Determines whether a user has enrolled for Password Reset using security question verification.
    PwdSMSEnrollmentCheck Determines whether a user has enrolled for Password Reset using SMS verification.

    'Identification form processor' script includes

    Identification form processor script includes provide functionality for extending identification processing.

    All identification form processor script includes take the following parameters, and return the sys_id of the user that corresponds to the requested input. If the user was not identified, it returns null.
    • params.processId: The sys_id of the calling Password Reset process (table: [pwd_process]).
    • param request: The form request object. Fields in the form can be accessed with request.getParameter('<element-id>'). The supported request parameter is sysparm_user_id, the user identifier value entered in the form.
    Name Description
    PwdIdentifyViaEmail Verifies a user's identity by checking the email address.
    PwdIdentifyViaUsername Verifies a user's identity by checking the user name.

    'Enrollment form processor' script includes

    Enrollment form processor script includes provide functionality for extending enrollment form processing.

    All enrollment form processor script includes take the following parameters, and return a boolean indicating whether the user was successfully enrolled.
    • params.userId: The sys_id of the user trying to enroll (table: [sys_user]).
    • params.verificationId: The sys_id of the verification used to enroll (table: [pwd_verification]).
    • params.enrollmentId: The sys_id of this enrollment process.
    • request: The form request object. Fields in the form can be accessed with request.getParameter('<element-id>').
    You should add the following information to the state of the enrollment process:
    • gs.getSession().putProperty("result.status",status): Whether the user was successfully enrolled.
    • gs.getSession().putProperty("result.message",message): An associated message to be returned to the UI, such as a detailed error message.
    • gs.getSession().putProperty("result.value",value): A custom value associated with the enrollment.
    Name Description
    PwdEnrollQuestionsProcessor Handles questions and answers for verification.
    PwdEnrollSampleProcessor Provides an enrollment processor for sample verification.
    PwdEnrollSMSProcessor Provides an enrollment processor for SMS verification.

    'User account lookup' script includes

    User account lookup script includes return the credential store account_id for a given user.

    The following parameter returns the credential store account_id for a given user. params.userId: The sys_id of the user being checked (table: [sys_user]).
    Name Description
    PwdDefaultUserAccountLookup Provides a default script for user account lookup from a user_id to the account in a credential store. The default mapping is to use the user name as the account name.

    'Password generator' script includes

    Password generator script includes take the following parameter, and return an auto-generated string password.

    params.credentialStoreId: The sys_id of the calling Password Reset process (table: [pwd_process]).

    Name Description
    PwdDefaultAutoGenPassword Generates a password from a random word and 4 digits.

    'Verification processor' script includes

    If the user identity is verified, the verification processor script includes return true.

    Verification processor script includes take the following parameters:
    • params.resetRequestId: The sys_id of the current Password Reset request (table: [pwd_reset_request]).
    • params.userId: The sys_id of the user to be verified (table: [sys_user]).
    • params.verificationId: The sys_id of the verification (table: [pwd_verification]).
    • request: The form request object. Access the fields in the form with request.getParameter('<element-id>').
    Name Description
    PwdVerifyPersonalDataConfirmationProcess Verifies that the user accepts the answer.
    PwdVerifyPersonalDataProcessor Verifies that the user's answers match the expected data in the system.
    PwdVerifyQuestionsProcessor Provides question and answer verification of user input on the second page of the verification form.
    PwdVerifySimpleProcessor Provides simple verification of user input on the second page of the verification form.
    PwdVerifySMSProcessor Provides SMS verification of user input on the second page of the verification form.

    'Post processor' script includes

    Post processor script includes execute custom actions after the Password Reset process has completed.

    All post processor script includes take the following parameters.
    • params.resetRequestId: The sys_id of the current Password Reset request (table: [pwd_reset_request]).
    • params.wfSuccess: A flag indicating whether the workflow completed successfully: True if, and only if, successful.
    Name Description
    PwdPostProcessor Executes actions after the process completes for success, failure, or both conditions.