3667426 - API User Account Not Locked When Password Has Expired - SuccessFactors

• An API user’s password has expired.

• The API user continues to receive the following error message when attempting to log in: Authentication failed. The password has expired (status code \= 19)

• The API user account is not locked, even after multiple failed login attempts.

• SAP SuccessFactors HCM Suite
• OData API
• SFAPI

The system prioritizes the password expiration check over the failed login attempts validation. 

This behavior is expected. The system will not lock an API user whose password has expired.

When an API user attempts to log in, the system first checks whether the password has expired.

• If the password has expired, the system returns the error message:
  “Authentication failed. The password has expired.”
  The authentication process then stops, it does not proceed to validate failed login attempts or lock the account.

In short: Password Expiration check takes precedence over Failed Login Attempts validation.

• If the API user’s password has not expired, and they enter the wrong password multiple times beyond the allowed limit, the account will be locked.
• If the password has expired, the user will continuously receive the “Authentication failed. The password has expired” error until the password is reset.

Logon Errors (LGN) | SAP Help Portal

2253200 - How to restrict the API access of a specific user by IP addresses

2088150 - Troubleshooting Login Issues for SAP SuccessFactors HCM Suite

authentication failed, expired password, api user, sap successfactors, odata api, failed login attempts, account lock, lg0018, password age, password policy settings, api login issue, google cloud platform, failed authentication,  application server, password expiration, Authentication failed. The password has expired, (status code \= 19) , KBA , LOD-SF-PLT-SEL , SSO Errors & Logs , LOD-SF-INT-ODATA , OData API Framework , How To