cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Change ABAP passwords

Go to solution
Former Member

on ‎10-20-2008 9:57 AM

0 Kudos

Hello

I am running a test scenario for SAP IDM.

It is possible to create and change users from the workflow interface.

If I change the name of the users these changes get distributed to all systems he has an account flag u2013 so good so far.

What I want to do now, is to change a password. Lets assume a user has forgotten his password, a new password should bet set on all target systems. Of course the user needs to change it on his next login.

The UpdateABAP User Task does not carry the MX_PASSWORD attribute. This is logical, as else the password would always be set to the initial value again.

Is it possible, that the password is only updated when it is changed through a task?

Any ideas would be appreciated.

Thanks

Chris

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎10-20-2008 10:29 AM
0 Kudos

Hi Chris,

1. Copy the "UpdateABAP User" Task

2. Set the password attribute only in the destination of the pass

3. Go to the "Password policy" tab of your Identity Store and select "modify" for event handling

4. Select your copied task

5. Change the password in the workflow and let me know if it doesn't work

Best regards,

Nils

Show replies
Show replies
Former Member
‎10-21-2008 7:45 PM
0 Kudos

Hello Nils

Thank you for your answer.

I tried that, but had no luck.

When I change the password, nothing actually happens. The new task doesnu2019t get called.

I manged that the task ChangePasswordOfABAPUser gets called. When I do that I got the problem, that it doesnu2019t find a Repository. As the user is on several systems it would not make sense to assign a specific one to the task. The funny thing is, that the UpdateABAP Task works, even there is no Repository assigned.

Chris

Former Member
‎10-22-2008 9:05 AM
0 Kudos

Hi Chris,

Try the checkbox "Enable PW provisioning" in the password policy tab, perhaps it helps.

UpdateABAP Task works, because there's another mechanism behind it: it's called for every assigned repository to the person, based on the task MX_MODIFYTASK defined in these repositories.

I forgot that you face this problem with a Modify-Task on an attribute. That's why you could either:

- Call a script in a to Generic Pass after a changed password to call another task for every assigned repository - similar SetFlagRunChildren in the task Group System provisioning (which could get complicated) or

- Check if UpdateABAP Task is also called if only a password is changed (the person has users in repositories). Then you can call ChangePasswordOfABAPUser in your UpdateABAP Task, by validating a flag if the password has changed since the last run ("Skip task if audit flag is set"). That's why you need to be able to call a task based on a changed password attribute, which simply removes this audit flag ("Clear audit flag on OK result"). Set the flag again after you have finished UpdateABAP Task ("Set audit flag on OK result"). Instead of a flag you could also have an attribute indicating wether the password has been changed or no and check it with a switch task or a script.

Let me know if it's not clear enough or doesn't work.

Nils

Former Member
‎05-05-2009 3:32 PM
0 Kudos

I have the same scenario, anybody know if this solution works?

Answers (0)

Ask a Question