SAP Parameter login/password_change_for_SSO - Handling of password change enforcements in Single Sign-On situations

Parameter
login/password_change_for_SSO

Short text
Mandatory password change when using Single Sign-On (SSO)

Parameter description
With password-based logon, the system checks whether the user's passwordneeds to be changed (for example, because the password is initial or hasexpired).
If non-password-based logon variants are used (SSO: SNC, X.509, PAS,logon ticket), no check is currently made to see whether the user has apassword needing to be changed. This parameter can be used to define therequired system behavior (see the explanations of the values below).

Work area
Logon

Default value
1 (dialog box)

Who is allowed
Customer

Limitation for os
None

Limitation for db
None

  • login/disable_password_logon

  • login/password_expiration_time

  • login/password_change_waittime

  • login/password_max_idle_initial

  • login/password_max_idle_productive
    • login/password_compliance_to_current_policy
      • 0 = Requirement to change password is ignored (downward compatible)

      • 1 = Dialog box with options 2 and 3 (user decides (default))

      • 2 = Password change dialog only (old and new passwords entered)

      • 3 = Password deactivated (automatically, no dialog box)