cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Avoid technical user password expiration

Go to solution
JoergAldinger
Active Contributor

on ‎11-19-2020 7:02 PM

Hello all,

Is is possible to exclude technical users created in CCOM from the password expiration? Being a technical user I think being forced to update passwords regularly is actually more of an obstacle than a help to keep the system secure.

Or are there any other "best practices" we should be aware of?

Thanks in advance,

Joerg.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

JoergAldinger
Active Contributor
‎11-20-2020 8:03 PM
0 Kudos

Hello arti3000, kfrick,

I have submitted IR 257985 for this improvement of the technical user.

Thanks and best regards,

Joerg.

Show replies
Show replies

Answers (3)

Answers (3)

Private_Member_381693
Active Participant
‎11-20-2020 1:22 PM
0 Kudos

Hello joerg.ceo

I do see it the same as you. The configurable password policies or policy assignments are not sufficiently solved. It should be possible to add policies AND assign a policy to a user or user role.

From my point of view today you just can configure in one policy the value of "Maximum validity of password" to -1 and assign this policy to all users....

Best Regards

Klaus

Show replies
Show replies
jmodaal
Active Contributor
‎11-20-2020 1:35 PM
0 Kudos

Hello,

you can create multiple policies in transaction SECPOL and assign the policy to the users very flexible.

Similar question raised up some days ago. Have a look here.

However, I am not familiar with "CCOM", so maybe this does not fit....?

JoergAldinger
Active Contributor
‎11-20-2020 1:19 PM
0 Kudos

Hello Arne,

I have set all password policies to -1 expiration days and that does take care of the issue.

But what I'm unsure of is how to associate a specific password policy with a specific user? I can't seem to identify the right relation (there is only a "default policy for users" and "default policy for loyalty users" setting that I could identify. And creating a "technical user" should (IMO) trigger an automatic non-expiration setting for that user specifically (as well a no-login policy, too). But currently neither of that happens...

What I believe is there should be a little more guidance in the documentation about how to properly set up technical users. Unfortunately the documentation is very "this field means that" and not very "to achieve this, set these options", which would be more helpful...

Thanks!

Joerg.

Show replies
Show replies
Arne_Timmermann
Contributor
‎11-20-2020 1:51 PM
0 Kudos

Hi Joerg, sorry I was mistaken, you can't add aditional profiles. But I 100% agree with you that there should be an additional option for technical users or to allow to fully customize the password rules and groups!

Arne_Timmermann
Contributor
‎11-20-2020 12:53 PM
0 Kudos

Hey Joerg, can't you create a new password policy group where you set the expiration days to "-1" and only assign technical users to this group?

Show replies
Show replies
Ask a Question