Skip to Content
avatar image
Former Member

Password self service in AC10

What is the procedure to roll out Password self service in a 1000+ company. Does it means all the backend system users has to be copied to GRC Production system to use this feature.

If the user wants to reset his password, is it necessarily to login with GRC Password first into GRC and than reset the backend password. If this is the case, than there are less chances that users will remember his GRC password to login into it to reset the password.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    avatar image
    Former Member
    Aug 26, 2011 at 04:36 PM

    A user shouldn't need access to the GRC box itself to use PSS.

    Look at the PSS configuration under SPRO->GRC->AC->User Provisioning->Maintain PSS

    You can set the authentication source for a user attempting to leverage the PSS feature. You can use the Challenge Questions themselves or another HR system. Also, under that same IMG tree, you will also need to ensure your End User Logon URL is activated and setup properly. This would be the URL individuals would use to access the basic AC features (creating requests, PSS, etc) whom do not have AC accounts themselves.

    The key design decisions will be where you will be storing a user's challenge questions and how you will ensure they have their answers registered (ideally part of their onboarding) so that they can use the PSS tool.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Nathan, I have tried to configure this , but when using url users are getting error that menu tree is empty . Can you let me know what role need to be assigned in the ECC System to access My Home tab so that users can reset password

  • Aug 26, 2011 at 07:08 PM

    In both AC 5.3 and 10.0 you can configure end user logon via LDAP (ActiveDirectory - i.e. Windows Logon).

    Challenge/Response would mean that everyone who might forget their password would have to register questions&answers in advance, and remember them when needed. Not really likely. Also the selection of questions often is subject to a lot of discussion, be it for security reasons or privacy issues (you may run into problems for storing personal information).

    From a security standpoint, I have doubts if in case of forgetting "Str0ng$PWD!" having to answer with "blue", "smith" and "volvo" is an adequate replacement.

    If you link end user logon to LDAP, people can login to PSS with their Windows password and have their SAP passwords re-set. Not a bad option.


    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member


      Check SAP Note 1617371 - Configuring Password Self-Service in GRC AC 10 that provides you the detailed steps to configure PSS in GRC 10.