2420640 - Passwords: Configuring Password & Login Policy Settings - SuccessFactors Platform

• Where to locate our company's password and login policy?
• Which options are available for password and login policy configuration?

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

SAP SuccessFactors HXM Suite

Where to locate our company's password and login policy?

1. Admin Tool;
2. Password & Login Policy Settings.

Which options are available for password and login policy configuration?

After selecting 'Password & Login Policy Settings', please note that you have the following settings displayed upon scrolling down.

Below you will find a brief explanation of some of the options shown in the screenshot above:

• Password Maximum Length: it must be a positive integer and greater than Minimum Length and less than 100.
  
  
• Minimum Password Age (in days): controls when password can be changed again based on the latest password change, preventing users from changing password too frequently.
  Example: if value 1 is set on this field, it means that 1 day is the minimum time frame for a user to change their password, i.e. the password can be changed only once a day.
  Note: if value -1 is set on this field, it means there is no minimum time frame for a user to change their password, i.e. the password can be changed as many times as needed, even on a same day.

• Maximum Password Age (in days): controls how frequently users should change their password.
  Example: if value 30 is set on this field, it means that users will be asked to reset their password 30 days after their latest password change, i.e. users are prompted every 30 days.
  Note: if value -1 is set on this field, it means there is no maximum time frame for a user to change their password, i.e. users are never asked to reset their password.

  Please note that every time you change this value from -1 to a value >0 (means disabled), or change it back to -1 (re-enable), users are asked for password reset upon their next login. However, simply extending or reducing the period (from 10 to 50 or 30 to 10, for example) will not force the users to change their password.

• Case Sensitive: If checked, case sensitivity between capital and uncapitalized characters will be applied. If left unchecked, 'password1' will work as a substitute for 'PASSword1'.
  

• Enable Forgot Password feature: if checked, end users can retrieve their own passwords, provided that you select one of the three options below:
  
  a) Allow users to retrieve password by providing an email address (only select this option when email addresses are unique for each user)
  
  b) Reset passwords using security questions accessed through e-mail link (this option lets users receive an email with a link to reset their password after answering the security questions correctly)

  c) Reset passwords using security questions accessed through the system (this option redirects users to the security question page to reset their password after answering the security questions correctly)

  Note: Enabling the security question options will force users to reset their passwords and will require users to enter security questions, if not previously set up. Prior to choosing this option, we recommend that you communicate this change to your end users.

• History policy rejects passwords that are identical to a recently used password. Please enter a number between 2 and 10.  

         It will rejects passwords that are identical to the 3 recently used passwords if you enter 3 in the above text box

• Password Expiration for Long-Time Unused Passwords (years) 

  Starting 1H 2021 release, a new feature will be added to automatically expire passwords that haven't been used to log into the system longer than a defined period.
  To use this feature you will need to select the desired number of years for the Password Expiration. 
  
  
  
  And to Disable this Option, you can just choose N/A from the drop down.

  Additional Information can be found on SAP Help Portal Configuring Password and Login Policy

CAPTCHA for the Forgot Password Page

Starting 1H 2021 release a new option, Enable CAPTCHA for the Forgot Password page, is added to the Password & Login Policy Settings page.

We can now specify how many consecutive resetting password attempts (“Reset” button clicks) from the Forgot Password page are allowed within one minute mainly for those tenants that has enabled “forgot password” feature and choose option like  “Reset password using a URL accessed through an email link” or “Reset password through security questions accessed through an email link”.

Once after the threshold is reached, the system prompts a CAPTCHA.Only when the CAPTCHA is verified than system allows resetting action.

To disable the option, choose N/A from the dropdown.

• In the 1H 2023 release we have enhanced the label of setting password link in welcome emails from Set Welcome Password and Reset Password link expiration (in days) to Set Expiration of Password Link in Welcome Emails (in days). You can see the updated admin option under Admin Center -> Password & Login Policy Settings . Help Guide Link

Please note that some options listed above may not be compatible with certain types of Single Sign-On. If your company employs an internal Single Sign-On solution and you need to configure a specific setting for Password & Login Policy, please report an case for more information.

NOTE: Password and login policy is company wide and cannot be given to seperate groups

Note: Only the specific options with a warning that changing will force all users to change their passwords will force users to change their password to meet the updated policy. The options without this warning will not force users to change their password on next login. For example if you increase the minimum length, a user with a password that no longer meets the minimum length logs in, they will not be forced/prompted to change their password. Only when they have a password reset triggered or their password expires will they need to update to a new password to meet the new minimum length.

Addittional Information can be found on SAP Help Portal Configuring Password and Login Policy

SuccessFactors, PLT, platform, password policy, login policy, configure password policy, password settings, password policy configuration, password & login policy, password and login, case sensitive, password age, password length , set expiration , welcome email , KBA , LOD-SF-PLT-PWD , Password Policy Settings & Reset Password , How To