cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

[Initial Password] CUA vs IdM

Go to solution
guillaume-hrc
Active Contributor

on ‎05-20-2008 1:45 PM

0 Kudos

Hi,

Please correct me if I am wrong: when the CUA cha,ges to password in the child systems, they are set as initial. It means that, on the first logon, the user has to change it.

Is there a possibility for IdM to set "definitive" password. It seems so to me after reading

------------------------------------------------------------------------
|                     |        CUA        |  Identity Management       |
------------------------------------------------------------------------
| Password management | Initial passwords | yes incl. workflow support |
------------------------------------------------------------------------

in https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/7037d982-40aa-2a10-e283-a76a9dfc..., page 29

Thanks in advance.

Best regards,

Guillaume

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-15-2008 11:58 PM
0 Kudos

IdM can only do what SAP permits. Depending on how one is authenticating determines the password policy. An initial password, an expired password and a password reset by an administrator all set the same flag. The user must change their password on next logon. The only way around this to write directly to the db with SAP's hash. A terrible idea and a big security risk.

UME uses a delegated model so the password policy depends on what you are authenticating against. This question is normally asked because a company wants to do password synchronization; one is better off doing SSO.

Show replies
Show replies

Answers (0)

Ask a Question