2974835 - How to Avoid Business User Bypass Password Change?

You have observed that it is possible for the users to bypass the password change by selecting Cancel button or Refresh button in the logon Page

SAP Business byDesign

SAP Cloud for Customer

This sympton is possible in two scenarios,

1. Initial Password Change / Password reset by Admin
2. Password expired

This system behavior is consistent with the security policy configuration's expected behavior.

The Admin Password Change Enforcement is set to Ignore. Therefore the user is able to logon, even after clicking the Cancel button / Refresh option in browser

Initial Password Change:

The administrator can set an initial password for each user in the system. On the first logon of the user, the system requests to change the password which is otherwise known to the administrator.

The Admin Password Change Enforcement allows to ignore or to enforce the change of the initial logon password.

To resolve the issue

1. Go to Application and User Management or Administrator work center
2. Go t Edit Security Polices under Common Tasks
3. Change the Admin Password Change Enforcement to Enforce

The Admin Password Change Enforcement field is visible, if Password Logon Enabled is selected for a particular security policy.

If it is set to Ignore, a user will be prompted for the change of initial password, and after selecting Cancel, the user will be still allowed to log on to the system.

To set up the security policy, follow the instructions in the Security Policies Quick Guide.

For more information, see the Security Policies Quick Guide.

Anmeldung ohne Änderung Initialpasswort, initial password, user id, password, login, log-on, log-in, credentials, ignore, enforce, bypass, renew password, , KBA , SRD-CC-SEC , Security , Problem