Is it custom app or BMC ITSM? If the BMC app like ITSM then the reset password links are already on the people profile see the document link here Using the Update Password link in the Application Administration Console - BMC Remedy IT Service Management Suite 9.1
You can provide the link on the home page with little customization as well.
It's BMC ITSM Ver. 9.1.02
How to provide the link and how users can be authenticated ?
Please provide more detail, if you are looking to change the password for user without login to system? then you need to have proper mechanism to implement change. I would suggest to better authenticate with LDAP server and provide user access to LDAP server for password reset.
That's the primary challenge...
We do not have LDAP or any other application integrated with Remedy.
Our requirement is to have a button/link on the login page so that users can change their password without login into the system (includes resetting forgotten password).
You may write the API to reset user's password, You can find the good examples and I am sure, API gurus will help you with code snippet to implement. I don't have exp. in APIs.
3 of 3 people found this helpful
I have created this workflow before for a custom system (non-ITSM). My custom people form had fields for tracking registration (this was a self-registration system too) and password reset status. I had some display only forms that users interacted with and a read account that was used for automatically logging in. I added a link to the Mid Tier login page that would automatically login as the read account and prompt the user for their email address (which was also their Login ID). When the submit the email address it would update the status field on their profile to indicate a password reset request was started and send them an email. The email had a link to open a display only form that would automatically login and get their profile information based on a GUID that was send in the request. They then could enter a new password. The password update was done using filters (as service if I remember correctly) so the read account would have access to update the User record. Once the password reset was complete the read account was logged out and the status field on their profile record was updated to indicate the reset was complete.
All of the forms that auto-logged in has the credentials saved in a custom .jsp page. There are ways people could get to the password however I had additional measures that would lock out the read account if it accessed anything other than the few forms it needed access to.
Maybe one of these days I'll dust it off and post it in the Communities