SAP Knowledge Base Article - Public

2962466 - How To Enable Auto-Locking Of Business User When User Has Not Logged In For a Long Time


You want to know if there is any way to enable Auto-Locking of Business User, if any user does not log in for 90 days.

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.


SAP Cloud For Customer


System access to Business User is locked if they do not log in for 90 days. An auto-generated reminder mail is sent to the Business User 10 days before the lock. A sample image of this reminder e-mail can be found here.

Following conditions apply:

  • Applicable only in production tenants.
  • Applicable only for counted users with unique e-mail address across the system.
  • Applicable only for counted dialog users.
  • Not applicable for support users.
  • Only for business users which have logged on to the customer tenant at least once.
  • Not applicable for users who have authorizations to the following work center views under the Administrator Work Center:
    • General Settings.
    • Employees.
    • Business User.

To use this feature, the scoping question "Do you want to enable automatic locking of business users who have not logged-in in the last 90 days?" must be enabled. To do this, follow the steps below:

  1. Go to Business Configuration Work Center.
  2. Go to Implementation Projects view.
  3. Select your project and click Edit Project Scope.
  4. Go to Step 3. Scoping.
  5. Expand Administration > Performance and Usage Monitoring.
  6. Select the scoping element User Management.
  7. Go to Step 4. Questions.
  8. Expand Administration > Performance and Usage Monitoring > User Management.
  9. Under Business Option Automatic Locking of Users, select the scoping question "Do you want to enable automatic locking of business users who have not logged-in in the last 90 days?".

Obs.: For the initial run, only locking happens, no reminder e-mail notification is sent in case users have not logged in the system for the past 90 days. The reminder e-mail is sent out to users between 80 - 89 days without log on, as on the 90th day, the user will be locked if does not log in into the system.

Obs. 2: Currently, it is not possible to switch off the auto-generated reminder e-mail. This feature can only be enabled / disabled accordingly to the steps mentioned above.

See Also


Auto-Locking, Business User, User Locked. , KBA , business user , auto-locking , user locked , SRD-CC-IAM , Identity & Access Management , How To


SAP Cloud for Customer core applications all versions


Sample reminder email.jpg