Password managment

Former Member · ‎05-18-2007

Hi,

I have used ECC 6.0 system(BASIS 7.0) and I want to manage account automaticlly.So, I want to decrease managment effort for account managers.For example, When a user forgets her/his password, he/she will be able get her/his own via email.Is there any appropriate method or technology for this situation

Former Member · ‎05-18-2007

Quite a few Identity Management Vendors offer password self-service facility. I <i>think </i> the GRC Access Control offers this too, but you will have to check that.

If you want to create a solution yourself, there are a whole load of FM's & BAPI's that you could use to facilitate this. You can find info here:

https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/668e6629-0701-0010-7ca0-994...

WolfgangJanzen · ‎05-20-2007

Well, the risk of such a self-service is that anyone might be able to reset the password of other users - and the fact that passwords will be transmitted over an insecure channel.

However, some implementations of such a password forgotten self-service are quite smart: the system only generates a 'password reset token' which will be send to the mail address (stored in the user master record); that token is only valid for a short time and need to be entered on the webpage where the user has requested the self-service; if the token is valid, the user can set a new password.

I've seen that on a <a href="https://www.heise.de/userdb/register?dirid=1&skin=default&rm=show_forgotpassword">German internet forum registration page</a>.