Configuring ServiceNow

Regular user accounts in ServiceNow can send heartbeat signals but are unable to manage RPCs. A ServiceNow account capable of changing passwords needs the standard ServiceNow admin role, or a custom role with permissions to modify the sys_user.user_password field.

It is advisable to set up a privileged ServiceNow account with these permissions within ServiceNow, and designate it as the Privileged account in the Secret Server.

To configure a Privileged account in Secret Server:

Log into Secret Server with the admin account.
Go to Administration > Remote Password Changing.
Select a ServiceNow RPC.
Change password using the Privileged account credentials.
Save the changes.

Creating a role

ServiceNow provides a built-in admin role that allows you to manage your password changes via the REST API.

To create a new role in ServiceNow:

Open the Service Now instance.
Go to User Administration > Roles and create a new role. Name it appropriately, such as "Password Change Role."
Save the changes.

Providing Level Access

To provide a required level of permissions to a role:

Access Security Rules > ACLs in the ServiceNow instance.
Locate the ACL for the user_password field in the sys_user table.
Edit the ACL to grant both read and write access for the newly created role.
Save the changes.

Assigning a Role

To assign a role to the appropriate group of users:

Go to User Administration > Users and select the users whose passwords need to be changed using the REST API.
Assign the newly created role to these users.
Save the changes.

Verifying Role Configuration

To check that you have configured a role in ServiceNow correctly:

Utilize the REST API for password change operations as required.
Verify that the password change functionality works as expected for users with the assigned role.
After changing the password using the REST API, attempt to log in to the ServiceNow portal using the updated credentials for validation.