Example custom scripts for Password Reset
Summarize
Summarized using AI
This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.
Summary of Example Custom Scripts for Password Reset
This documentation provides example scripts designed for customizing the Password Reset process in ServiceNow. The scripts demonstrate how to perform user account lookups, process identification forms, define credential stores, and create identification types using extension scripts. These examples help tailor password reset workflows to fit specific organizational requirements by extending core functionality through custom scripting.
Show less
Key Features
- User Account Lookup: Uses a
processfunction in a custom extension script that returns a user’s credential-store account ID based on the provided user ID. This is essential for integrating password reset processes with credential stores or external account repositories. - Identification Form Processing: Implements a
processFormfunction in an identification form processor extension script. This function processes form inputs (such as user identifiers) and returns the corresponding user sysid or null if no match is found, enabling customized user identification during password reset. - Extension Script Creation and Invocation: Instructions and sample code show how to create extension scripts in Password Reset > Extensions and how to invoke these scripts via the
SNC.PwdExtensionPointAPI. Parameters are set usingSNC.PwdExtensionPointParameter, and scripts are dynamically called by sysid obtained through helper functions. - Helper Function for sysid Lookup: A reusable GlideRecord-based helper function is provided that retrieves the sysid of an extension script by name and category. This allows dynamic referencing and invocation of the appropriate extension scripts during the password reset workflow.
Practical Application for ServiceNow Customers
ServiceNow customers can use these examples as templates to customize password reset processes according to their environment’s needs. By implementing similar extension scripts, customers can:
- Integrate password reset mechanisms with internal or external credential stores.
- Customize how user identification forms are processed and validated.
- Leverage ServiceNow’s extensible framework to maintain upgrade-safe customizations for password reset functionality.
- Enhance security and automation in password reset workflows through tailored scripting.
The examples emphasize the use of the process and processForm extension points, critical hooks for controlling lookup and identification logic. Customers should create their own extension scripts under Password Reset > Extensions and adapt the example scripts to their unique user data and security policies.
The example scripts perform a user account lookup and processes an identification form, define a credential store, and create an identification type.
Perform a user account lookup and process an identification form
The main script calls two extension scripts, one to perform the user account lookup, and the other to process the identification form.// User account lookup
var lookupExtensionSysId = getExtensionScriptSysId('SampleUserAccountLookupExtension', 'user_account_lookup');
var lookupExtension = new SNC.PwdExtensionPoint(lookupExtensionSysId);
// Setup parameters required for this extension type - userId
var params = new SNC.PwdExtensionPointParameter() ;
params.userId= 'joe.employee';
// Invoke the extension
var answer = lookupExtension.process(params);
gs.print('user: ' + answer);
//Form processor sample - Identification form processor
var identExtensionSysId = getExtensionScriptSysId('SampleIdentificationProcessorExtension', 'identification_form_processor');
var identificationExtension = new SNC.PwdExtensionPoint(identExtensionSysId);
// Setup parameters required for this extension type - processId
var params = new SNC.PwdExtensionPointParameter() ;
params.processId = 'pwdreq1234';
// Simulate the posted form parameter for the indentification processor
var request = new SNC.PwdExtensionPointParameter() ; // A real life case will inject it's own request object
request.setParameter('sysparm_user_id', 'joe.employee');
var userIdentity = identificationExtension.processForm(params, request);
gs.print('identity: ' + userIdentity);
// Simple helper to return the sys-id for a given extension script
function getExtensionScriptSysId(scriptName, category) {
var result;
var now_GR = new GlideRecord('sys_script_include');
gr.addQuery('name', scriptName);
gr.addQuery('script', 'CONTAINS', 'category: \'password_reset.extension.' + category + '\'');
gr.query();
if (gr.next() ) {
result = gr.getValue('sys_id');
}
return result;
}Define a credential store
The following is an example of an extended process function in the User Account Lookup category used to define a credential store. To create this extension script, go to and create a new script as described in Create an Extension Script. To configure the User Lookup in a Password Reset process, see Credential Stores.
<?xml version="1.0" encoding="UTF-8"?>
<record_update table="sys_script_include">
<sys_script_include action="INSERT_OR_UPDATE">
<active>true</active>
<client_callable>false</client_callable>
<description>Simple account lookup that returns the supplied user id</description>
<name>SampleUserAccountLookupExtension</name>
<script><![CDATA[var SampleUserAccountLookupExtension = Class.create();
SampleUserAccountLookupExtension.prototype = {
category: 'password_reset.extension.user_account_lookup', // DO NOT REMOVE THIS LINE!
/**********
* Returns the credential-store account id for a given user
*
* @param params.userId The sys-id of the user being checked (table: sys_user)
* @return The credential-store account-id (string) for a given user
**********/
process: function(params) {
return params.userId;
},
type: 'SampleUserAccountLookupExtension'
};]]></script>
<sys_created_by>admin</sys_created_by>
<sys_created_on>2013-07-30 16:44:55</sys_created_on>
<sys_id>2df5a103d73201002bb9af728e610333</sys_id>
<sys_mod_count>1</sys_mod_count>
<sys_updated_by>admin</sys_updated_by>
<sys_updated_on>2013-07-30 16:46:00</sys_updated_on>
</sys_script_include>
<sys_app_file action="INSERT_OR_UPDATE">
<customer_update>false</customer_update>
<publish_override/>
<replace_on_upgrade>false</replace_on_upgrade>
<restore/>
<sys_app/>
<sys_code>!!1W4/</sys_code>
<sys_created_by>admin</sys_created_by>
<sys_created_on>2013-07-30 16:44:55</sys_created_on>
<sys_id>8306e143d73201002bb9af728e6103d3</sys_id>
<sys_mod_count>0</sys_mod_count>
<sys_name>SampleUserAccountLookupExtension</sys_name>
<sys_parent/>
<sys_path>!!1W4/</sys_path>
<sys_policy/>
<sys_source_deleted>false</sys_source_deleted>
<sys_source_id>2df5a103d73201002bb9af728e610333</sys_source_id>
<sys_source_table>sys_script_include</sys_source_table>
<sys_type>code</sys_type>
<sys_update_name>sys_script_include_2df5a103d73201002bb9af728e610333</sys_update_name>
<sys_updated_by>admin</sys_updated_by>
<sys_updated_on>2013-07-30 16:46:00</sys_updated_on>
</sys_app_file>
</record_update>
Create an identification type
The following is an example of an extended processForm function in the Identification Form Processor category that can be used to create an identification type. To create this extension script, go to and create a new script as described in Create an Extension Script.
<?xml version="1.0" encoding="UTF-8"?>
<record_update table="sys_script_include">
<sys_script_include action="INSERT_OR_UPDATE">
<active>true</active>
<client_callable>false</client_callable>
<description>Script that processes an identification form.
Returns the sys-id of the user that corresponds to the requested input; if no user was found, null should be returned.
</description>
<name>SampleIdentificationProcessorExtension</name>
<script><![CDATA[var SampleIdentificationProcessorExtension = Class.create();
SampleIdentificationProcessorExtension.prototype = {
category: 'password_reset.extension.identification_form_processor', // DO NOT REMOVE THIS LINE!
/**********
* Process the identification form request, and returns the user's sys_id. if user was not identified return null.
*
* @param params.processId The sys-id of the calling password-reset process (table: pwd_process)
* @param request The form request object. fields in the form can be accessed using: request.getParameter('<element-id>')
* Supported request paramters:
* sysparm_user_id - the user identifier value entered in the form.
* @return The sys-id of the user that corresponds to the requested input; if no user was found, null should be returned.
**********/
processForm: function(params, request) {
return request.getParameter('sysparm_user_id') + '_' + params.processId;
},
type: 'SampleIdentificationProcessorExtension'
};]]></script>
<sys_created_by>admin</sys_created_by>
<sys_created_on>2013-07-30 17:00:28</sys_created_on>
<sys_id>3a79a503d73201002bb9af728e610349</sys_id>
<sys_mod_count>1</sys_mod_count>
<sys_updated_by>admin</sys_updated_by>
<sys_updated_on>2013-07-30 17:08:41</sys_updated_on>
</sys_script_include>
<sys_app_file action="INSERT_OR_UPDATE">
<customer_update>false</customer_update>
<publish_override/>
<replace_on_upgrade>false</replace_on_upgrade>
<restore/>
<sys_app/>
<sys_code>!!1W5/</sys_code>
<sys_created_by>admin</sys_created_by>
<sys_created_on>2013-07-30 17:00:28</sys_created_on>
<sys_id>4799ed03d73201002bb9af728e610333</sys_id>
<sys_mod_count>0</sys_mod_count>
<sys_name>SampleIdentificationProcessorExtension</sys_name>
<sys_parent/>
<sys_path>!!1W5/</sys_path>
<sys_policy/>
<sys_source_deleted>false</sys_source_deleted>
<sys_source_id>3a79a503d73201002bb9af728e610349</sys_source_id>
<sys_source_table>sys_script_include</sys_source_table>
<sys_type>code</sys_type>
<sys_update_name>sys_script_include_3a79a503d73201002bb9af728e610349</sys_update_name>
<sys_updated_by>admin</sys_updated_by>
<sys_updated_on>2013-07-30 17:08:41</sys_updated_on>
</sys_app_file>
</record_update>Use the process and processForm extensions
This example shows a script that uses two sample extensions, one process extension and one processForm extension.
// User account lookup
var lookupExtensionSysId = getExtensionScriptSysId('SampleUserAccountLookupExtension','user_account_lookup');
var lookupExtension =new SNC.PwdExtensionPoint(lookupExtensionSysId);
// Setup parameters required for this extension type - userId
var params =new SNC.PwdExtensionPointParameter();
params.userId='joe.employee';
// Invoke the extension
var answer = lookupExtension.process(params);
gs.print('user: '+ answer);
//Form processor sample - Identification form processor
var identExtensionSysId = getExtensionScriptSysId('SampleIdentificationProcessorExtension','identification_form_processor');
var identificationExtension =new SNC.PwdExtensionPoint(identExtensionSysId);
// Setup parameters required for this extension type - processId
var params =new SNC.PwdExtensionPointParameter();
params.processId='pwdreq1234';
// Simulate the posted form parameter for the indentification processor
var request =new SNC.PwdExtensionPointParameter();// A real life case will inject it's own request object
request.setParameter('sysparm_user_id','joe.employee');
var userIdentity = identificationExtension.processForm(params, request);
gs.print('identity: '+ userIdentity);
// Simple helper to return the sys-id for a given extension scriptfunction
getExtensionScriptSysId(scriptName, category){
var result;
var now_GR =new GlideRecord('sys_script_include');
gr.addQuery('name', scriptName);
gr.addQuery('script','CONTAINS','category: \'password_reset.extension.'+ category +'\'');
gr.query();
if(gr.next()){
result = gr.getValue('sys_id');}return result;}process
function:
<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_script_include"><sys_script_include action="INSERT_OR_UPDATE"><active>true</active><client_callable>false</client_callable><description>Simple account lookup that returns the supplied user id</description><name>SampleUserAccountLookupExtension</name><script><![CDATA[var SampleUserAccountLookupExtension =Class.create();
SampleUserAccountLookupExtension.prototype={
category:'password_reset.extension.user_account_lookup',// DO NOT REMOVE THIS LINE!
/**********
* Returns the credential-store account id for a given user
*
* @param params.userId The sys-id of the user being checked (table: sys_user)
* @return The credential-store account-id (string) for a given user
**********/
process:function(params){return params.userId;},
type:'SampleUserAccountLookupExtension'
};]]></script><sys_created_by>admin</sys_created_by><sys_created_on>2013-07-3016:44:55</sys_created_on><sys_id>2df5a103d73201002bb9af728e610333</sys_id><sys_mod_count>1</sys_mod_count><sys_updated_by>admin</sys_updated_by><sys_updated_on>2013-07-3016:46:00</sys_updated_on></sys_script_include><sys_app_file action="INSERT_OR_UPDATE"><customer_update>false</customer_update><publish_override/><replace_on_upgrade>false</replace_on_upgrade><restore/><sys_app/><sys_code>!!1W4/</sys_code><sys_created_by>admin</sys_created_by><sys_created_on>2013-07-3016:44:55</sys_created_on><sys_id>8306e143d73201002bb9af728e6103d3</sys_id><sys_mod_count>0</sys_mod_count><sys_name>SampleUserAccountLookupExtension</sys_name><sys_parent/><sys_path>!!1W4/</sys_path><sys_policy/><sys_source_deleted>false</sys_source_deleted><sys_source_id>2df5a103d73201002bb9af728e610333</sys_source_id><sys_source_table>sys_script_include</sys_source_table><sys_type>code</sys_type><sys_update_name>sys_script_include_2df5a103d73201002bb9af728e610333</sys_update_name><sys_updated_by>admin</sys_updated_by><sys_updated_on>2013-07-3016:46:00</sys_updated_on></sys_app_file></record_update>processForm
function:
<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_script_include"><sys_script_include action="INSERT_OR_UPDATE"><active>true</active><client_callable>false</client_callable><description>Script that processes an identification form.
Returns the sys-id of the user that corresponds to the requested input;if no user was found,null should be returned. </description><name>SampleIdentificationProcessorExtension</name><script><![CDATA[var SampleIdentificationProcessorExtension =Class.create();
SampleIdentificationProcessorExtension.prototype={
category:'password_reset.extension.identification_form_processor',// DO NOT REMOVE THIS LINE!
/**********
* Process the identification form request, and returns the user's sys_id. if user was not identified return null.
*
* @param params.processId The sys-id of the calling password-reset process (table: pwd_process)
* @param request The form request object. fields in the form can be accessed using: request.getParameter('<element-id>')
* Supported request paramters:
* sysparm_user_id - the user identifier value entered in the form.
* @return The sys-id of the user that corresponds to the requested input; if no user was found, null should be returned.
**********/
processForm:function(params, request){return request.getParameter('sysparm_user_id')+'_'+ params.processId;},
type:'SampleIdentificationProcessorExtension'
};]]></script><sys_created_by>admin</sys_created_by><sys_created_on>2013-07-3017:00:28</sys_created_on><sys_id>3a79a503d73201002bb9af728e610349</sys_id><sys_mod_count>1</sys_mod_count><sys_updated_by>admin</sys_updated_by><sys_updated_on>2013-07-3017:08:41</sys_updated_on></sys_script_include><sys_app_file action="INSERT_OR_UPDATE"><customer_update>false</customer_update><publish_override/><replace_on_upgrade>false</replace_on_upgrade><restore/><sys_app/><sys_code>!!1W5/</sys_code><sys_created_by>admin</sys_created_by><sys_created_on>2013-07-3017:00:28</sys_created_on><sys_id>4799ed03d73201002bb9af728e610333</sys_id><sys_mod_count>0</sys_mod_count><sys_name>SampleIdentificationProcessorExtension</sys_name><sys_parent/><sys_path>!!1W5/</sys_path><sys_policy/><sys_source_deleted>false</sys_source_deleted><sys_source_id>3a79a503d73201002bb9af728e610349</sys_source_id><sys_source_table>sys_script_include</sys_source_table><sys_type>code</sys_type><sys_update_name>sys_script_include_3a79a503d73201002bb9af728e610349</sys_update_name><sys_updated_by>admin</sys_updated_by><sys_updated_on>2013-07-3017:08:41</sys_updated_on></sys_app_file></record_update>