Importing users with password

General Add comments
by:

When you set-up a new instance for a customer there comes a time that the users have to be created or imported. When they are not using an external authentication method, like Active Directory validation or Single Sign On, we have several options of getting the new users their credentials.

For this article I assume the customer has supplied us with an Excel sheet with all relevant user details including user_name and email.

1. Create the password during import
There are several JavaScript password generators available online that will take your specific requirements in perspective. Use that code in your scripted field map to generate a one-time password, make sure to set the “user must change password” field.

2. Import the given (initial) passwords
Although this is even easier than the previous one there is one potential pitfall. It really matters whether you map the source.password field in the field map or in the transform map script.
When using the field map the password is one-way encrypted and stored in the database and the user can login with the expected password. With the transform map script it looks like the target field is not encrypted again and the password gets stored as-is. When the user then logs in the entered password is encrypted and compared with the stored encrypted password and they will not match!

3. And notify the new user
We will use an event-triggered email to notify the users with their new credentials.
So first register a new event: user.imported
marcherni001

Then create the notification

marcherni003

In the transform field map for the password field either map the imported password or generate your own.

marcherni005

Then use the onAfter script to queue the event with username and password that will be sent to the newly imported user.

marcherni007

Make sure you pass the target record as the reference!

And the end result would be like this:
marcherni009
Using some simple components it is possible to inform newly created users with their credentials, all from within ServiceNow. Just make sure you map the password in the field map!

PS:
This solution could be made more secure if we did not pass the user_name with the event and would take it from the user record. This would remove 1 place where the user_name and password are stored together. Also sending the user_name and password in the same email is against most security guidelines. Just take this as a working example and build on from here.

I hope this blog article is helpful. If you have questions, please let me know via email or a response below!

Good luck!
Kind regards,
Marc Herni (.img[at].img)

One Response to “Importing users with password”

  1. Snehlata Says:

    Good one…

Leave a Reply