SAP Knowledge Base Article - Public

2103239 - Working with the External Password Policy - Recruiting Management


This article describes how to configure it in details so it can be personalized based on your company’s needs, for customers with “Manage External Password Policy” feature enabled, specific rules can be specified to external candidates creating account on External Career site.

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.


SAP SuccessFactors Recruiting Management



  1. Separate Password Policy for External Candidates must be Enabled. If not, please create a ticket with Customer Success Team.
  2. Grant users permission:
    • RBP: Admin Tools -> Manage Permission Roles -> select Role -> Permission -> Manage Recruiting -> Manage External Password Policy permission


Working with the External Password Policy page


Password Policy Settings

The rules specified will be made visible to candidates on the account creation screen if the candidate hovers over the Password Policy link.


When this is used, the candidate will see a bar next to their password field indicating their password strength and the point where their password becomes acceptable.

Option Recommended Function
Minimum Length 8 Minimum number of characters the password must contain to be acceptable
Maximum Length 18 Maximum number of characters the password may contain

Maximum Successive Failed Login Attempts

Set to 0 will disable this option; The system will lock a user account if successive failed login attempts exceed what the policy allows, within a 1-minute period.


Specifies how many attempts can be made within 60 seconds before the account is locked

It is not advisable to use this setting for most clients because it then requires admin action to unlock a candidate or agency account

Case Sensitive (recommended) Checked Causes the password to distinguish between capitalized and non-capitalized letters

Mixed Case required

Will be ignored if Case Sensitive is not checked

Checked Requires that the password contain at least one capitalized and at least one non-capitalized letter
Non-alpha characters required Checked Requires that the password includes at least one character other than a letter


  • The options available in the External Password Policy are pre-set; no additional options are available.
  • Candidates will not be notified (i.e.: via email) if a system admin changes the existing password policies. Changing the password policies won't affect candidates who already have the account.
  • If Maximum Successive Failed Login Attempts is set to greater than zero then it is possible for an external candidate or agency user to accidentally lock their account with too many failed login attempts. On this page the admin can re-set the account so that it can once again be accessed.
  • For the external candidate the primaryEmail field value must be used to look up the candidate. This may or may be the same as the contactEmail value that is widely displayed on the candidate profile and application records. The primaryEmail field should be configured on the Candidate Profile XML to ensure the admin can locate and use it to reactivate the account.






Manage, External, Password, Policy, account, creation, site, users, agency , KBA , sf recruiting , LOD-SF-RCM , Recruiting Management , How To


SAP SuccessFactors Recruiting all versions