and more in a single search tool across platforms. Read the announcement here. |
05/22/2023 04:18 AM
Does SAP Connector supports password reset after the account creation?.
Currently the account created from saviynt forces a password change when user logs in for the first time. And it is not correct behavior for SSO enabled SAP UIs.
I need to automatically submit a reset password with a dynamic password ( will get the password from one of the custom property of user) after provisioning the account.
05/24/2023 11:35 AM
Hi @abhiupadhyay
We do support enforcing password changes at the time of account creation. Please see the "Enforcing a Password Change" section of the documentation below...
Configuring the Integration for Provisioning Accounts and Access.
Is your requirement to enforce this change post the account creation? If so, what is the type of task in Saviynt via which you wish to achieve this functionality?
05/24/2023 11:38 PM
@timchengappa I do not want enforce password change to be shown on UI for end user when he logs in on SAP. I want to reset the password from Saviynt it self after the account is created. so user will not have to change it when he logs in.
I tried to achieve the same using enable account json. The following is json as of now :
{"ADDRESS": {
"LASTNAME": "${user.lastname}",
"FIRSTNAME": "${user.firstname}"
},
"PASSWORD": {
"BAPIPWD": "Acgtest@123",
"CODVN": "H"
}
}
I am running this from analytics for every new account created. But this is not resetting the password on SAP side. even though the task is going successful, still when I try to login on SAP, it still takes the original password that we are giving with "create account" json.
So two questions:
1. Is there a better way to achieve the above use case.
2. Could you please help on what might be missing in this json to make password change work (with enable task)
06/06/2023 08:36 AM
06/06/2023 10:24 AM
@SB Thanks for the reply.
I will check with customer for these settings. The problem is, things are working properly with their old IAM system. It means old IAM system is handling the password change scenario post account creation. So mostly client will return back saying, you need to do the things from Saviynt in same way.