We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Password Policy apply to creation of new accounts or only changing password?

aundreb
Regular Contributor II
Regular Contributor II

Hello,

I have a password policy attached to a SAP Security System. Is this password policy supposed to also apply to the random password that gets generated at account creation if you use the {randomPassword} variable or do you have to set password properties in each SAP connector as well for the generated password to adhere to your password policy?

aundreb_0-1700672017601.png

 

Currently experiencing an issue where SAP is complaining about password length on account creation, wondering if this is the cause.

11 REPLIES 11

sk
All-Star
All-Star

@aundreb : Do you have regex applied at password policy? if not then please set it and check. Also can you please share the password policy you have used?


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

aundreb
Regular Contributor II
Regular Contributor II

Hi sk,

This is the policy created and set at the security system level.

aundreb_0-1700744885231.png

Before I added the same criteria at the connection level I was getting this provisioning error for a SAP account.

aundreb_2-1700744997908.png

We do not have a regex applied to the password policy as the needs were met with just the regular options. This error leads me to believe that the password policy at security system level doesn't apply on new account creations or is not working for some reason in my case.

For SAP BASED applications use connection level password attributes 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

aundreb
Regular Contributor II
Regular Contributor II

Hi Rushikesh,

Are you saying that for SAP based applications the security system level password policy does not apply to newly created accounts? If so, is this documented anywhere in the Saviynt documentation?

Its not documented please raise enhancement ticket for same.


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

As per documentation 

Password policy configuration at the connector level is supported only for certain connectors.  
https://docs.saviyntcloud.com/bundle/EIC-Admin-v23x/page/Content/Chapter02-Identity-Repository/Manag...


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

aundreb
Regular Contributor II
Regular Contributor II

To me this reads as not every connector supports password policy configuration at the connector level, not that certain connectors only support connector level password policy configurations and not security system level. The password policy at security system level seems to work when you are resetting a SAP password via ARS, just doesn't work when a new account is provisioned. Hopefully a Saviynt employee can confirm.

Irrespective of type of request it should work. As mentioned for new account it does work for db baaed apps and not for sap


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

@aundreb : To generate a random password you need to set regex at password policy level. Can you please set it and let me know if it still didn't work


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

aundreb
Regular Contributor II
Regular Contributor II

Applying a regular expression to the password policy still doesn't work, SAP is still producing an error message. It only works if I apply it at the connection level.

rushikeshvartak
All-Star
All-Star

Security system password policy take precedence over connection password policy attributes 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.