Symptom
UI password is expired for the API user after certain days {set under "Maximum Password Age (in days)"} and system prompts to change the password whereas Maximum password age(days) is set to '-1' under Admin Center --> Password & Login Policy Settings -->Set API login exceptions
NOTE: Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Environment
SuccessFactors
Reproducing the Issue
Step 1: Login to SF Instance >Admin center > Password and Login Policy Settings> Click on Set API login exceptions
Step 2: Check exception user settings
Step 3: For Set API login exception maximum password age (in days) set is -1 --> apiadmin is added in SET API login exception but password is still expiring after certain days {set under "Maximum Password Age (in days)"}
Cause
API login exceptions are only applicable for authorizing API user for making API calls and this setting does not respect access to UI
Resolution
1. The password change prompt appears for API user on SuccessFactors' UI Login screen however the API password will never expire for the API calls [Expected Behavior]
2. For SuccessFactors UI Login, password policy settings apply from the highlighted screenshot and it is applicable for all employees.
3. For Eg: If the password is expired while making API calls, error message looks like "Authentication failed, password has expired(status code = 19). Please attempt a login to the SuccessFactors UI to reset, or contact your system administrator." will return in the response.
See Also
2080170 - How to stop the API Administrator password expiring - https://launchpad.support.sap.com/#/notes/2080170
Keywords
Exception user password expired, Set API login exceptions, API Exception user, API exception user password expired, Password & Login policy settings , KBA , LOD-SF-INT-API , API & Adhoc API Framework , LOD-SF-INT , Integrations , Problem