Julius,

Thanks much for the reply.

We had few systems connected to CUA. Recently we have built HR system for which all employees should have access to for viewing payroll stuff. We have enabled single sign on for this. Also we have supplier BW which has SSO. These systems are part of CUA now.

These are the few scenarios,

Lets assume PN1 is the SSO enabled system.

1. User exist in PN1 with password deactivated, adding new system will deactivate password for new system, perform reset for the system works fine

2. ID exist in PN1 with deactivated password, same user when connecting different system still can use the old password

3. ID exist in multiple system, you need to add new system for which the password has to be deactivated u2013 Selective deactivate is not possible, deactivate for the whole and then reset accordingly.

We are struck with the 3rd scenario. Though we have workaround of deactivating whole and reset for those systems this is not doable for business.

Does this makes sense ??

Also can we rename users in CUA.

Regards,

Muthu Kumaran KG

Hi Muthu,

Take a look at the comments by Wolfgang Janzen about declarative and programmatic deactivation in the discussion about which I refered to above.

If that is not fast enough for you or interferes with other requirements and release dependencies, then use the BAPI approach if it is to be a once off adjustment.

Cheers,

Julius

Those above mentioned HR and BW are dual stack systems have SSO enabled for browser. User administration is still ABAP.

Is password reset capability enabled only from CUA and not from the Child systems. You can enable it for all the child system..that could be an option.