cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User unlock due to Incorrect attempts

Go to solution
Former Member

on ‎03-19-2015 6:46 AM

0 Kudos

Hello Experts,

We are trying to implement a solution where password reset should also unlock users locked due to incorrect attempts in SAP. Is there a way in IDM to identify the lock type of a user

Best Regards,

Mohammed

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

terovirta
Active Contributor
‎03-19-2015 12:48 PM
0 Kudos

ABAP or Java? Have you run an initial load? If so, take a look for example what values does the isLocked column have in the sap[rep_name]user-table for ABAP-system or take a look at the values in ABAP-system directly.

You can unlock the user as follows for ABAP-system (sorry don't have AS Java screen shots in this laptop).

regards, Tero

Show replies
Show replies
Former Member
‎03-20-2015 7:46 AM
0 Kudos

Hi Tero,

I have the same issue, when a user is locked in SAP like is shown below:

Is there a way only to unlock the password, not to remove the global user lock. As I tested your suggestion and the result is user unlock.

BR,

Simona

Answers (2)

Answers (2)

Former Member
‎03-23-2015 10:15 AM
0 Kudos

Hi Mohammed,

Here is my solution, it works, but you will have to add additional task and script to check the status(as well, it will take longer).

Solution:

In your order task group 8. Set ABAP User password(SAP connectors) add additional task(as first task), that will read from SAP(read the islocked - flag(for user lock) and iswronglogon - flag(for password lock) from SAP) and store the data in some temporary table(sap_locked_temp_table....), as well when you are reading the data from SAP you can add a script to check the result and in case of SAP lock - islocked=L, to skip the next task(skip the password change for this system). Keep in mind that you will have to do this check for each system, so in your temporary table you have to keep not only the userid, but and the system in which the user is locked.

But if you want to unlock the password, without unlocking the user, it's not possible, as the flag iswronglogon doesn't work with ToSAP pass, you can only read it.

My solution works in case you want to unlock the password only if the user is unlocked.

BR,

Simona

Show replies
Show replies
former_member2987
Active Contributor
‎03-19-2015 12:15 PM
0 Kudos

Hi Mohammed.

Take a look in . I believe it covers this.

Regards,

Matt

Show replies
Show replies
Ask a Question