Chat now with support
Chat with Support

We are currently experiencing issues on our phone support and are working diligently to restore services. For support, please sign in and create a case or email supportadmin@quest.com for assistance

Identity Manager 8.1.4 - Administration Guide for Connecting to SAP R/3

Managing SAP R/3 environments Setting up SAP R/3 synchronization Basic data for managing an SAP R/3 environment Basic data for user account administration SAP systems SAP clients SAP user accounts SAP groups, SAP roles, and SAP profiles SAP products Providing system measurement data Reports about SAP systems Configuration parameters for managing an SAP R/3 environment Default project templates for synchronizing an SAP R/3 environment Referenced SAP R/3 table and BAPI calls Example of a schema extension file

Password exclusion list

You can add words to a list of restricted terms to prohibit them from being used in passwords.

NOTE: The restricted list applies globally to all password policies.

To add a term to the restricted list

  1. In the Designer, select the Base Data | Security settings | Restricted passwords category.

  2. Create a new entry with the Object | New menu item and enter the term you want to exclude from the list.
  3. Save the changes.

Checking a password

When you check a password, all the password policy settings, custom scripts, and the restricted passwords are taken into account.

To check if a password conforms to the password policy

  1. In the Manager, select the SAP R/3 | Basic configuration data | Password policies category.

  2. Select the password policy in the result list.
  3. Select the Change master data task.
  4. Select the Test tab.
  5. Select the table and object to be tested in Base object for test.
  6. Enter a password in Enter password to test.

    A display next to the password shows whether it is valid or not.

Testing password generation

When you generate a password, all the password policy settings, custom scripts and the restricted passwords are taken into account.

To generate a password that conforms to the password policy

  1. In the Manager, select the SAP R/3 | Basic configuration data | Password policies category.

  2. In the result list, select the password policy.
  3. Select the Change master data task.
  4. Select the Test tab.
  5. Click Generate.

    This generates and displays a password.

Initial password for new SAP user accounts

Table 38: Configuration parameters for formatting initial passwords for user accounts
Configuration parameter Meaning

QER | Person | UseCentralPassword

This configuration parameter specifies whether the employee's central password is used in the user accounts. The employee’s central password is automatically mapped to the employee’s user account in all permitted target systems. This excludes privileged user accounts, which are not updated.

QER | Person | UseCentralPassword | PermanentStore

This configuration parameter controls the storage period for central passwords. If the configuration parameter is enabled, the central password is stored in the One Identity Manager database and is used for new users. If the configuration parameter is disabled, the central password is deleted from the One Identity Manager database following publishing to the existing user accounts. The central password is not available for new user accounts.

TargetSystem | SAPR3 | Accounts |
InitialRandomPassword

This configuration parameter specifies whether a random generated password is issued when a new user account is added. The password must contain at least those character sets that are defined in the password policy.

You can issue an initial password for a new SAP user account in the following ways:

  • Create user accounts manually and enter a password in their master data.

  • Assign a randomly generated initial password to enter when you create user accounts.

    • In the Designer, set the TargetSystem | SAPR3 | Accounts | InitialRandomPassword configuration parameter.

    • Apply target system specific password policies and define the character sets that the password must contain.

    • Specify which employee will receive the initial password by email.

  • Use the employee's central password. The employee’s central password is mapped to the user account password. For detailed information about an employee’s central password, see the One Identity Manager Identity Management Base Module Administration Guide.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating