Automation_OrchestrationWhat is the ServiceNow Orchestration Application?

Orchestration automates simple or complex multi-system tasks on remote servers that are normally done manually. An Orchestration process can cross all management disciplines and interact with all types of infrastructure elements, such as applications, databases, and hardware. Orchestration combines the ServiceNow graphical workflow with the MID Server to run Orchestration-specific workflow activities.

ServiceNow Orchestration helps you:

  • Increase Efficiency. Improve operational IT efficiencies, speed up problem resolution and increase service availability by automating manual, routine, error-prone tasks to produce fast, predictable results.

  • Speed up Time-to-Value. Realize value quickly from ServiceNow Orchestration’s SaaS model, intuitive graphical workflow designer, library of pre-built orchestration activities, ready-to-use orchestration applications and automatic integration with the ServiceNow enterprise IT cloud.

  • Grow into Additional Value. As value is demonstrated, expand your ServiceNow Orchestration by adding activity packs, custom activities and other applications as your organization demands.

Learn more: ServiceNow Wiki – Orchestration


What is the ServiceNow Password Reset Application?

The Password Reset application helps organizations implement and monitor a customizable self-service or service-desk process for resetting and changing passwords on the local ServiceNow instance. Subscribing to the Password Reset Orchestration Add-on provides the ability to reset passwords on Active Directory and other credential stores. To see an introductory video on Password Reset, go to Introducing Password Reset (Video).

Password reset is available starting with the Dublin release.

ServiceNow has created an application that provides the familiar password reset experience of consumer Internet applications to enterprise IT, and has made it extensible to support custom credential stores and verification methods.

Example:

Setting up the ServiceNow Password Reset for Active Directory Password Reset. (Automated Active Directory Password resets using ServiceNow).

  1. Enabling end users the opportunity to reset their password on the login page of ServiceNow as shown below. The End user selects “Reset your password here”.
  2. Verify that the end user is actually a person (Using a reCAPTCHA image) and then determine who you are and the proper AD domain (by providing their e-mail address and user name).
  3. reCAPTCHA gives the user a challenge and a token that identifies the challenge.  If too many failures occur, a password-reset lockdown based on the following message will occur.
  4. Once the reCAPTCHA answer, username, and email match, ServiceNow reaches out to a ServiceNow Table (or external SQL server database) containing the challenge questions and pull back the questions related to this user.
    1. To verify that the end user is who they say they are, a number of challenge questions are provided that must be submitted correctly.
    2. The challenge answer is passed back to ServiceNow which then communicates with the ServiceNow table (or SQL server) to verify authenticity. Once again, running count is kept to prevent brute force attacks and time locks account if necessary.
    3. If the error threshold is reached, an incident is logged to document the source IP address and account attempting to be accessed if a lock occurs.
  5. As the final end user input, the individual must provide their new password.
  6. It’s at this point that the ServiceNow orchestration engine kicks in to integrate with Active Directory to make the change and an incident ticket is automatically opened and closed to document the password change.
  7. Upon successful completion, the end user is notified of success.

Learn more: ServiceNow Wiki – Password Reset

Why self-service password reset in ServiceNow?

Although ServiceNow’s primary focus is driving IT transformation leveraging their full Suite of ITSM applications, the automation component of ServiceNow called “Orchestration” provides the capabilities to implement password reset not only for ServiceNow itself but also other credential stores such as Active Directory or Lotus Notes.

The major business advantages of self-service password reset leveraging ServiceNow are:

  • Significantly reduces IT costs due to reduction in support resources required for completing password reset or unlocking activities.
  • Reduces the amount of time and effort required by end users to receive password reset support.
  • Allow an organization to leverage their investment in the ServiceNow platform licensing and ServiceNow administration resources and eliminate the need for a standalone password reset tool.
  • Provide end-users with the same streamlined process for resetting passwords across ServiceNow and other credential stores.

Whats installed with the ServiceNow Password Reset Orchestration Add-On? 

The following components are installed with the Password Reset plugin:

The Password Reset Orchestration Add-on provides additional options within the Password Reset application. However, no additional components are installed.

Learn More: ServiceNow Wiki – Password Reset Orchestration Add-On

AutomationWhy is self-service password reset important?

Password reset is the process of a user having a new password set for a user account that they can no longer access due to forgetting the password or being “locked out” which is usually from too many incorrect password attempts.  Unless a high quality (and often expensive) single sign-on (SSO) solution is in place, individuals at most organizations have many different passwords that they need to use to gain access to the systems used every day.  Often, the process for how passwords are reset varies by organization and then even by system requiring the password.

For example: Some password resets may be performed only by authorized administrators, others may be reset by authorized Service Desk resources, and in some cases self-service password reset may be available.

As password complexity has become more important, passwords have gotten longer and more complicated.  As a result, Gartner estimates that in many organizations, manual password resets alone can account for up to 30 percent of Help Desk work.  This keeps IT resources from other critical tasks and represents incredible inefficiencies in time and resources.

In addition to burdening IT resources, a PasswordResearch.com 2013 survey of US respondents (Link to http://passwordresearch.com/stats/statistic294.html) indicates that 54% of participants say it took a long time to reset their username or password one or more times over the past 2 years.  This is a clear indication of the inefficiencies that are experienced by the business end users as well.

What are the typical steps to setting up a successful Password Reset Processes?

Many people think of the password-reset tool as the solution, but having a successful process is much more than buying and configuring the tool.

Typically there are four steps to setup the password-reset process.

  • Planning to ensure that all applicable organizational guidelines, security policies, and areas of the organization are considered – This plan could include a Service Desk model (users reset their passwords with the assistance of a Service Desk employee) either by phone or in person. The plan could also include a self-service model (users reset their password over the Internet using a browser). Using both models together can often provide the greatest amount of flexibility while still maintaining a high level of security.
  • Setting up the password reset workflow processes according to the plan.
  • Resetting passwords – Depending on your organization’s password reset requirements, users can reset their passwords through a publicly accessible web page, or Service Desk employees with the proper password reset role can perform password resets on behalf of users.
  • Monitoring password reset activity to identify security threats and to ensure compliance with the organization’s password policy requirements.

What components make up a self-service password reset solution?

Self-Service can be done many different ways, but typically all methods involve these entities:

  • Enrollment or Auto-enrollment in the password reset program – This provides the setup of security questions or other authentication methods.
  • Create the Request for the password to be reset for a specific account.
  • Authenticate the user is valid.
  • Some password reset systems merely ask users to answer security questions, but more advanced password reset systems may also leverage a sequence of authentication steps such as:
    • Ask users to complete a reCAPTCHA, to demonstrate that they are human.
    • Ask users to enter a PIN, which is sent to their personal e-mail address or mobile phone.
    • Require use of another technology, such as a one-time-password token.
    • Leverage biometrics, such as a voiceprint.
    • Reset the Password.
    • Enable a secure method to provide the end user with their new or temporary password.

 


EcoStratus ServiceNow Resources

 ServiceNow Community Post: Password Reset Application

ServiceNow – Password Reset Book

ServiceNow Community Post: Ask the Expert

 

 

Screen Shot 2015-10-08 at 9.52.37 PM


ABOUT ME

Screen Shot 2015-10-07 at 9.25.08 PM

I am an Independent ServiceNow Consultant, SME, Engagement Manager, Developer, System Admin, Trainer & documentation expert, and the Principal Consultant for EcoStratus Technologies. We Specialize in ServiceNow utilization beyond IT and across the enterprise.

I have more than 15 years experience within complex enterprise IT environments, 50+ successful ServiceNow implementations across various industries and have trained more than 400+ ServiceNow System Admin.

I am a focused self-starter who is passionate about technology, happy customers, and driving continued customer success by understanding customer requirements, promoting a full view of products/services within ServiceNow portfolio as a trusted advisor and then follow it up with the right mix of tenacity, ingenuity, and integrity resulting in deeper relationships, extension of ServiceNow throughout customer ecosystem, higher retention rates, and increased customer satisfaction scores.

SERVICENOW, ITIL, AND PMI CERTIFICATIONS:
* ServiceNow Knowledge 14 & 15 Trainer
* Certified ServiceNow System Admin, Implementation Specialist, and System Admin Trainer
* Certified ITILv3 Foundations, RCA, and OSA
* Certified PMI CAPM

How to contact me: ——– Send me a LinkedIn message or use Contact sheet below.