Extend Password Expiration for AD account

former_member577323 · ‎06-18-2018

Hi,

Hope you are doing well. We are in process implementing the Strong Password for AD accounts and one of the change is to extend Max Password Age from 90 days to one year. This is based on the new guideline from NIST. NIST suggested to set the password to never expire to prevent Password Fatigue. Currently our AD and SAP have separate repository for user accounts but we will be starting SSO project soon. I am just wondering, with AD password expiration being extended in conjunction with SSO, will that cause any issue from compliance perspective? Anyone has done similar changes and had any experience to share with?

Thanks!

Judy

hemanth2 · ‎06-20-2018

Hi Judy,,

Hope all is well.

There is no compliance issue that I am aware of, but from a security point of view, I think increasing the password expiration is not a good idea.

However, this is a decision that needs to be taken by the Basis Admin, keeping in mind the applications deployed, load on the server, the users connected, the connection from external 3rd party system, background jobs running, applications deployed and the overall SAP system Landscape (please see SAP Note No. ##902492 - Solutions to be tested on customer systems).

You can find the list of all SOS checks in our media library at https://support.sap.com/sos -> Media Library. Look there for the files “Security Optimization Service - ABAP Checks” and “Security Optimization Service - JAVA Checks”.
Also check the other documents in this link.

Kind Regards,

Hemanth Kumar | SAP Product Support

Extend Password Expiration for AD account

Accepted Solutions (0)

Answers (1)

Answers (1)

Re: Dynamic Approver based on dynamic task determi...

Re: SQL Syntax error

Re: reading external (OData) API from cap

print open lines sales order sap b1 using crystal ...

Re: Incorrect documentation regarding "Error Sanit...