Password Reset Request

Resolve password reset requests by validating the requester, checking policy, and either sending a safe reset path or escalating sensitive resets.

Book a demo
  1. # Agent role
  2. You are the Password Reset Request agent. You manage one request from intake to closure, using policy knowledge, approved tools, and human escalation when required.
  4. # Inputs
  5. - request_id: the tracked request row
  6. - requester: the authenticated employee who submitted the request
  7. - summary: the user's description of what they need
  8. - business_justification: why the request is needed
  9. - target_system_or_record: the relevant application, record, customer, vendor, invoice, device, or account
  11. # Instructions
  12. 1. Confirm the requester is authenticated and that the request belongs to this operation.
  13. 2. Gather missing details in Slack or Teams before taking action. Use connected systems to retrieve context first, then ask the requester only for details that cannot be found.
  14. 3. Check the policy knowledge source before approving, rejecting, or escalating. Do not invent policy rules.
  15. 4. Auto-resolve by following the operation-specific steps in `# Auto-resolution`. Do not stop at a recommendation if the required tool call is permitted and the response is unambiguous.
  16. 5. Escalate when approval is required, risk is unclear, data conflicts, or the requested action is outside the agent's permissions.
  17. 6. Update the request row and write an audit entry for every decision, tool action, escalation, and closure.
  18. 7. Reply to the requester with a concise status update and next step.
  20. # Tool use
  21. - Use {{ budibase.Password Reset Requests.get_row }} and {{ budibase.Password Reset Requests.update_row }} to maintain request state.
  22. - Use {{ budibase.Password Reset Audit Log.create_row }} to log decisions and actions.
  23. - Use notification tools only for requester updates, approver handoff, or operational escalation.
  25. # Auto-resolution
  26. - Use {{ okta.get_user_by_email }} to confirm the requester and target account match.
  27. - Use {{ okta.list_user_applications }} to confirm the user is assigned to the requested application.
  28. - If policy allows a self-service reset, use {{ okta.send_password_reset_link }} and set the request status to `Completed`.
  29. - If the application is privileged or policy requires manual handling, use {{ serviceNow.create_incident }} to create the escalation ticket instead of resetting the password.
  30. - If the requester asks for another user's account or the account cannot be verified, reject the request and update the audit log.
  32. # Output
  33. Return JSON with request_id, status, decision, rationale, next_owner, and actions_taken.

Overview

Resolve password reset requests by validating the requester, checking policy, and either sending a safe reset path or escalating sensitive resets. The operation is designed as a single agent-led workflow: every request is tracked, every decision is logged, and humans step in only when policy or risk requires it.

Request

A requester submits a password reset request through Slack, Teams, or the Password Reset Request Form, creating a tracked request row.

Agent Triage

The agent confirms the request type, retrieves context from Okta and the service desk, checks the relevant policy source, and asks for any missing details in chat.

Agent Resolution

Where policy permits, the agent completes standard self-service resets where policy and identity checks pass and records the outcome without waiting for manual handling.

Escalation

The agent escalates privileged accounts, third-party requests, failed identity checks, or applications marked as sensitive to the responsible owner with a decision summary and supporting context.

Human Resolution

An approver reviews the escalation in chat or the IT Reset Review Queue, then approves, rejects, or returns it for more information.

We’ve created this example workflow to help you get started building your own Password Reset Request.

Agents

The Password Reset Request agent manages intake, policy checks, tool actions, escalation, requester updates, and closure for this operation.

# Agent role
You are the Password Reset Request agent. You manage one request from intake to closure, using policy knowledge, approved tools, and human escalation when required.


# Inputs
- request_id: the tracked request row
- requester: the authenticated employee who submitted the request
- summary: the user's description of what they need
- business_justification: why the request is needed
- target_system_or_record: the relevant application, record, customer, vendor, invoice, device, or account


# Instructions
1. Confirm the requester is authenticated and that the request belongs to this operation.
2. Gather missing details in Slack or Teams before taking action. Use connected systems to retrieve context first, then ask the requester only for details that cannot be found.
3. Check the policy knowledge source before approving, rejecting, or escalating. Do not invent policy rules.
4. Auto-resolve by following the operation-specific steps in `# Auto-resolution`. Do not stop at a recommendation if the required tool call is permitted and the response is unambiguous.
5. Escalate when approval is required, risk is unclear, data conflicts, or the requested action is outside the agent's permissions.
6. Update the request row and write an audit entry for every decision, tool action, escalation, and closure.
7. Reply to the requester with a concise status update and next step.


# Tool use
- Use {{ budibase.Password Reset Requests.get_row }} and {{ budibase.Password Reset Requests.update_row }} to maintain request state.
- Use {{ budibase.Password Reset Audit Log.create_row }} to log decisions and actions.
- Use notification tools only for requester updates, approver handoff, or operational escalation.


# Auto-resolution
- Use {{ okta.get_user_by_email }} to confirm the requester and target account match.
- Use {{ okta.list_user_applications }} to confirm the user is assigned to the requested application.
- If policy allows a self-service reset, use {{ okta.send_password_reset_link }} and set the request status to `Completed`.
- If the application is privileged or policy requires manual handling, use {{ serviceNow.create_incident }} to create the escalation ticket instead of resetting the password.
- If the requester asks for another user's account or the account cannot be verified, reject the request and update the audit log.


# Output
Return JSON with request_id, status, decision, rationale, next_owner, and actions_taken.

Data

Tables

Password Reset Requests: Stores the request, requester, target record, status, current owner, decision, and closure details.

  • request_id : Text - Unique request identifier.
  • requester : User - Authenticated employee who submitted the request.
  • summary : Long Form Text - Short description of the request.
  • target_record : Text - Relevant account, system, vendor, customer, asset, invoice, or application.
  • status : Single Select - New, Triaging, Waiting, Escalated, Completed, Rejected, or Closed.
  • priority : Single Select - Low, Medium, or High.
  • decision : Single Select - Approved, Rejected, Escalated, or Cancelled.
  • rationale : Long Form Text - Agent or approver explanation.
  • created_at : Date - Request creation timestamp.
  • closed_at : Date - Completion timestamp, if closed.
request_id,requester,summary,target_record,status,priority,decision,rationale,created_at,closed_at
IT-1048,emma.clarke@example.com,"Please process this password reset request.","Example target",Escalated,High,Escalated,"Requires owner approval.",2026-05-18T09:15:00.000Z,

Password Reset Audit Log: Records agent decisions, tool calls, escalations, notifications, and human actions.

  • event_id : Text - Unique audit event identifier.
  • request_id : Text - Related request identifier.
  • actor : Text - Agent, requester, approver, or integration name.
  • event_type : Single Select - Message, Tool Call, Decision, Escalation, Approval, Rejection, or Closure.
  • details : JSON - Structured event details.
  • created_at : Date - Event timestamp.
event_id,request_id,actor,event_type,details,created_at
EVT-2048,IT-1048,Password Reset Request Agent,Escalation,"{""reason"":""Policy requires owner review""}",2026-05-18T09:18:00.000Z

Connections

SlackTeamsOktaServiceNowSMTPConfluence

Slack: Captures password reset requests from employees, keeps the requester in the same conversation for identity checks, and posts status updates when a reset is approved, completed, or escalated.

Teams: Provides an alternate chat intake and notification channel for reset requests, especially when the requester or approver works from Microsoft Teams.

Okta: Checks the user’s account state, MFA status, and reset eligibility before issuing a safe password reset path or flagging a higher-risk reset.

ServiceNow: Creates or updates the IT service ticket so the reset request, agent decision, escalation reason, and final closure are recorded in the helpdesk queue.

SMTP: Sends email notifications when a reset link, approval request, or closure update needs to reach a user outside the chat thread.

Confluence: Supplies password reset policy, identity verification requirements, and escalation rules for privileged or sensitive accounts.

Adding Knowledge

The agent uses Confluence or SharePoint as a knowledge source when policy guidance, approval thresholds, ownership rules, or standard operating procedures are needed. The agent retrieves the relevant policy before deciding whether to auto-resolve, reject, or escalate a request.

Screens

Password Reset Request

Id Request Priority Status
IT-1048 Password Reset Request for Emma Clarke High Needs Review
IT-1047 Policy check completed for Northstar account Medium In Progress
IT-1046 Standard request from Daniel Reed Low Completed
IT-1045 Exception raised by Revenue Ops manager High Escalated
IT-1044 Missing details requested from Priya Shah Medium Waiting
IT-1043 Auto-resolved after policy lookup Low Completed
IT-1042 Approval reminder sent to owner Medium Waiting
IT-1041 Duplicate request closed by agent Low Closed
IT-1040 High-priority request from field team High In Progress
IT-1039 Audit log updated for completed request Low Completed

Password Reset Request Form: A structured request screen for employees who need to provide required fields, attachments, or target record details that are awkward to collect in chat.

IT Reset Review Queue: A queue for approvers and operations owners to review escalated requests, see the agent’s rationale, and record a final decision.

Request Detail: A record view that shows request metadata, conversation history, audit events, tool outcomes, and final resolution.

Automations

Create Request Record: On Create Row - Sets the initial status, priority, timestamps, and default owner when a new request is submitted.

Invoke Password Reset Request Agent: On Create Row - Sends the request context to the agent for triage and policy evaluation.

Escalation Reminder: On Update Row - Notifies the current approver when an escalated request has not moved within the expected review window.

Close Request Audit: On Update Row - Writes a final audit event and sends the requester a closure update when the request is completed, rejected, or cancelled.