cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CUP 5.3 Password Self Service

former_member247081
Explorer

on ‎11-11-2008 2:11 PM

0 Kudos

As a point of clarification, when a user requests that their password be reset using Self-Registered Questions (Challenged Response), if their account is locked due to incorrect logins, CUP will not release the lock, correct? It will only reset the password (and the lock will remain)?

Will this be same using SAP HR Authenticaiton method as well?

It would be ideal to have this lock removed at the time the user's password is reset, that way the Helpdesk is removed from this process altogether. As it stands now the Helpdesk still needs to remove the lock from the ID.

Am I missing something?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎11-14-2008 11:31 AM
0 Kudos

Michael -

If you look at the user record in the back-end, does it show a "last changed" value with the user ID from the CUP connector and a time stamp from when the password self-service provisioning took place?

Also, what are the failed login lock and auto-unlock parameters set as in the back-end?

Show replies
Show replies
former_member247081
Explorer
‎11-14-2008 7:34 PM
0 Kudos

The CUP connector ID does have an entry in the change document data for the ID that was locked. It indicates that the password was changed. But there is no entry for the Lock. So all CUP is doing is changing the password, but not releasing the (incorrect login) Lock. At this point I think its safe to say that CUP will not unlock the ID it will only reset the password.

Thanks to all who provided input.

Former Member
‎11-12-2008 10:12 PM
0 Kudos

Michael -

Password self-service in CUP will unlock a user account that is locked due to too many invalid login attempts. It will not unlock accounts that have been manually locked by a system manager.

So, the scenario you described around reducing the involvement of a helpdesk is possible using the password self-service feature in CUP v5.3.

Show replies
Show replies
former_member247081
Explorer
‎11-12-2008 11:08 PM
0 Kudos

In testing this functionaity, I locked my account purposely by attempting to log in incorrectly until the account was locked. I confirmed this by attempting to log on to SAP after the number of failed attempts had been met. I received the message "Password logon no longer possible - too many failed attempts" I then go to CUP and request a new password. I'm sent a new password via email. When I try to logon with the newly generated password I received the same error message as before "...to many failed attempts"

The unlocking of the ID is not happening. Is there more to this configuration than just defining the questions and then registering? I had a look in the log, but that didn't turn up anything of value. I have to be missing something...

Any assistance is appreciated.

Former Member
‎11-13-2008 9:16 PM
0 Kudos

Michael,

Alternatively you can create a separate workflow request that the user can send to the SAP Security Admin. There's a standard delivered request type in AE titled "Unlock Account". There are no paths, stages, etc associated with it but you'll need to create it from scratch.

Former Member
‎11-11-2008 9:30 PM
0 Kudos

Hi,

You are not missing anything, CUP will only reset the password and will send the password through email.But if user is registered with password selfservice and is locked due to invalid attempts, administrator can unlock the users in that case. The functionality is same in case of SAP HR also but you have to configure the infotype and subtype for that. I hope this information will help you to clear your doubts.

Thanks,

Tavi

Show replies
Show replies
Ask a Question