SAP Knowledge Base Article - Public

2080170 - How to stop the API Administrator password expiring

Symptom

  • How to stop the API Administrator password expiring?
  • Password Policy Exceptions not working for common users;

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

Environment

SAP SuccessFactors HXM Suite

Resolution

  • How to stop the API Administrator password expiring?

If you are using API this how can use a feature to ensure your password does not expire, thus preventing a problem with your integrations when passwords expire. This feature allows you to do this for individual user exceptions and not affect the global password aging policy applied to all other users.

 

  1. In Admin Center > Company Settigns > Password & Login Policy Settings;

 

7.jpg


 

  1. Click on Set API Login Exceptions:  
    9.jpg 

  2. You would need to complete this screen for the API account and set age to -1 so the password never expires. All fields are mandatory:
     10.jpg

    Note that the "IP address restrictions" field needs to receive the IP adresses from where the API user sends its calls. The source of these calls depends on your scenario. It could be your middleware - Boomi, HCI/CPI - or any other application which sends the API calls. It's up to the customer to identify and provide the the proper IP addresses. If you don't want any IP restrictions, you can set the IP address restrictions as "1.1.1.1-255.255.255.255" as a workaround. This would allowlist every possible IP.
     
  3. Save and you will see this as per this example:
     setapi.PNG
  • Password Policy Exceptions not working for common users;

Be aware that the Set API login exceptions will only work if the user already have authenticates in an odata API. If you are placing a common users that never have logged in an odata API, the common user will respect the Password Policy defined by you for all users. To avoid confusion it is suggested to use an account specially to make api call and not use it as common user. Otherwise you might fall in the situatuation where the api user is ask to reset the password after X days eventhough you have se the API login exception to -1 (see Configuring Password and Login Policy )

2420640 - Passwords: Configuring Password & Login Policy Settings - SuccessFactors Platform

Please review the help portal guide Configuring Password and Login Policy and SFAPI Setup for further details.

See Also

KBA 2251980 - Invalid IP format error when setting API Login Exceptions
KBA 2161058 - Error while accessing SuccessFactors Instance through any Integration Tool (via API)

Configuring Password and Login Policy

SFAPI Setup

Keywords

ip range, api request, success, factors, specific, user, system, login policy, api user, Authentication failed. Attempted login from unauthorized ip: , KBA , sf employee central , sf api , LOD-SF-PLT , Platform Foundational Capabilities , LOD-SF-INT , Integrations , How To

Product

SAP SuccessFactors HCM all versions