When you test a password, all the password policy settings, custom scripts and the restricted passwords are taken into account.
To test whether a password conforms to the password policy
Select the category Manager | Basic configuration data | Password policies in the SAP R/3.
Enter a password in Enter password to test.
A display next to the password shows whether it is valid or not.
When you generate a password, all the password policy settings, custom scripts and the restricted passwords are taken into account.
To generate a password that conforms to the password policy
Select the category Manager | Basic configuration data | Password policies in the SAP R/3.
Click Generate.
This generates and displays a password.
The password policy "SAP R/3 password policy" is predefined for SAP R/3. You can apply this password policy to SAP user accounts (SAPUser.Password) of an SAP client.
If the clients' password requirements differ, it is recommended that you set up your own password policies for each client.
|
IMPORTANT: If you are not working with target system specific password policies, the default policy applies. In this case, ensure that the password policy " password policy" does not violate the target system requirements. |
To reassign a password policy
Select the category Manager | Basic configuration data | Password policies in the SAP R/3.
Click Add in the Assignments section and enter the following data.
Property |
Description |
---|---|
Apply to |
Application scope of the password policy. To specify an application scope
|
Password column |
The password column's identifier. |
Password policy |
The identifier of the password policy to be used. |
To change a password policy's assignment
Select the category Manager | Basic configuration data | Password policies in the SAP R/3.
Configuration parameter | Meaning |
---|---|
QER\Person\UseCentralPassword |
This configuration parameter specifies whether the employee's central password is used in the user accounts. The employee’s central password is automatically mapped to the employee’s user account in all permitted target systems. This excludes privileged user accounts, which are not updated. |
QER\Person\UseCentralPassword\PermanentStore |
This configuration parameter controls the storage period for central passwords. If the parameter is set, the employee’s central password is permanently stored. If the parameter is not set, the central password is only used for publishing to existing target system specific user accounts and is subsequently deleted from the One Identity Manager database. |
TargetSystem\SAPR3\Accounts\ |
This configuration parameter specifies whether a random generated password is issued when a new user account is added. The password must contain at least those character sets that are defined in the password policy. |
You have the following possible options for issuing an initial password for a new SAP user account.
If the configuration parameter "QER\Person\UseCentralPassword" is set, the employee's central password is automatically mapped to an employee's user account in each of the target systems. This excludes privileged user accounts, which are not updated.
The password policy "Employee central password policy" is used to format the central password.
|
IMPORTANT: Ensure that the password policy "Employee central password policy" does not violate the target system specific password requirements. |
Assign a randomly generated initial password to enter when you create user accounts.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy