- SAP Community
- Products and Technology
- Additional Q&A
- GRC 5.3 Password self service asking for userid an...
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
GRC 5.3 Password self service asking for userid and psw b4 the challenge qs
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 09-29-2011 8:25 PM
Hello,
We are trying to integrate psw self service and the challenge response security questions for end users. But I do not understand why it's asking for SAP userid and psw first when a user clicks on the Password Self Service link to register the challenge response questions. It defeats the purpose of automating the process if the user requires sap login id and psw b4 they can log into password self service to request password reset. Since our authentication is set against SAP backend Production system for requestors to login to GRC to create requests, it's asking for SAP userid and psw b4 taking the user to self register the challenge response questions. I think it should just ask the userid to register the challenge response answers and then when they press the PSS link, they should just answer the challenge response questions correctly and then it should reset their psw in the SAP system. Otherwise, how can they know the psw to the system they're asking for the psw reset to if it's locked them out.
Also, the same thing needs to be applied to unlock or lock userid requests. If SAP was trying to automate this process, it's not working bc the user cannot unlock himself..so the request doesn't work for self user id.
Will greatly appreciate anyone's feedback in this if they're using this functionality without SAP HR system for verification and utilizing the challenge response questions instead, etc.
Thanks,
A.
Accepted Solutions (0)
Answers (1)
Answers (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Alley,
I do not understand why it is asking SAP userid and psw first when a user clicks on the Password Self Service link to register the challenge response questions. Is the user registering the password self service in My Home-> My Profile-> register Security Questions? Because in our case, system is not asking any userid and password there. It asks the GRC userid and password after the user clicks on the password reset link received in the mail. It's ok. Check SAP Note Note 1617371 and 1578837 to check and confirm your configuration details.
Thanks,
Guru
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Thanks Guru for your answer but the notes you mention pertain to GRC 10.0 , not 5.3 and also the GRC user id and psw is based on what you configured to be your authentication system in CUP. We configured our SAP system to be the authentication system since not all the users have LDAP ids or are in UME. So, if our authentication system is the SAP production system and then the user gets locked due to incorrect log ins and needs their psw reset via PSS or unlock their id via unlock request, the GRC system asks for their SAP user id and psw b4 letting them process those requests. And this defeats the purpose of user automation instead of requiring help desk to lock/unlock user id or reset their psw if it's going to ask for the same user id and psw that user is having issues with. SAP hasn't given us a solution on this issue. They really shouldn't require psw for GRC authentication for PSS and userid unlocking and instead just ask the challenge response security questions to verify the userid and then send the new psw to that id's email account. Otherwise, this totally defeats the purpose of having this option in GRC for those client who have SAP backend system as their user authentication and need their psw or user id unlocked.
I didn't see any option to utilize UME to connect to multiple LDAP user data source either. And if I connect UME to backend SAP system as ABAP, will it again not require the SAP system's psw for that user and thus give us the same issue again as above?
Will greatly appreciate anyone 's feedback on this issue.
- Activation of IAS in Technology Q&A
- What's new with Collaborative Maintenance? in Supply Chain Management Blogs by SAP
- User password forgotten/reset in Enterprise Resource Planning Q&A
- Consuming SAP with SAP Build Apps - Connectivity options for low-code development - part 2 in Technology Blogs by SAP
- RISE with SAP advanced asset and service management package in Supply Chain Management Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.