Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Any ideas on how to quickly reset and communicate password changes?

Former Member

‎11-02-2012 12:43 AM

0 Kudos

Hi,

We are about to rollout SSO using Windows Kerberos/AD and SAP SNC functionality for our ABAP system users.

The intention is to allow users to use both logon methods i.e. SSO or password/username.

In the event that SSO fails at some point in the future, we need an approach to deal with the problems associated with users having forgotten their SAP passwords, or requiring a new password due to deactivation of the passwords.

For security reasons, we do not favor a 'standard' initial password value for all users; rather we would be happier with a unique password for each user, with a method of securely making this known to them.

Has any one else overcome this problem in a purely ABAP stack landscape?

Thanks,

Pete Derry.

1 REPLY 1

Former Member

‎11-02-2012 8:45 AM

0 Kudos

Hi,

There are various techniques and tooling that could achieve this.

One method would be to write a program that uses FM like BAPI_USER_CHANGE to change a password for a user and then use another FM to trigger an email to the account associated with that userID.  This approach isn't without it's drawbacks as the distributed passwords will be stored somewhere.

You also need to make sure that you carefully validate the accounts (e.g. exclude non-Dialog) which are passed into the modification request.

I'm sure there will be plenty of other options offered around this.