have decided to implement the Password Self-Service (PSS) in the GRC. This
feature provides users with a flexible mechanism to restore their passwords any
time they want, and for a Basis team it gives a possibility to save time for more important business.
all I would like to say about a restriction we have which is common for some companies – absence of an HR module.
Besides, you can find a lot of information on the SDN about customization of
the HR-oriented GRC system, but not for non-HR-oriented.
configuration can be performed in a CUP, part of the GRC. Connections to all necessary
SAP systems should be customized
correctly. Well, let’s start.
Go to your
main GRC page: http://:500/webdynpro/dispatcher/sap.com/grc~acappcomp/AC
, then choose Compliant User Provisioning (pic.1)
directly to http://<server>:5<nn>00/AE/index.jsp
Go to a configuration
tab and click on the Self-Service (pic.2)
Authentication Source. Here we choose a Challenge Response
point which can be used for non-HR SAP systems.
*Select Service to Disable Verification. *At this point you can choose
“unnecessary” services. If you choose, for example, a “Password
Self Service” you won’t be prompted to answer a question. All you need in
this case is just logon to your “restore page” (see a link below). If
you choose a “Change Name Service” you will be prompted to fill a questionnaire.
But in both cases you will be authenticated by a login/ a password of the User Data
Source (pic.3). I prefer to keep active all services.
the best way is using the LDAP (for example, MS AD). But due to some reasons I
chose my Central User System.
Number of Questions End User has to Register. Here you manage a number of
questions to be answered by a user at the first logon. Then answered questions
will be appeared in a questionnaire.
*Number of unsuccessful attempts after which User
is locked.* I think
this point need no comments J
Here is my
need to configure a recovery page.
I have decided
to place a recovery link on a support page. Go to the Support and import your html-document which
contains the following link
first time when a user logs on a PSS page, he will be prompted to answer some personal
will get the next screen
on the Add button or the Add All Systems you can choose a needed system(s).
get message with the following content:
+Your password has been reset. Your ID is
#_!PWD_RESET_USER_ID#_! Your password is (Password/System):+
User ID: <myuser>
on the Re-register button you can reset answers to your questions. If you want
to use only 1 question out of 3, you should fill only one answer field and
other leave blank.
in mind the following restrictions:
must exist in User Data Source to get access in PSS
must have correct e-mails, otherwise they will not get reset passwords
must be in Latin. My Cyrillic symbols are not recognized by the system
How-to doc will help you. Post your corrections, commentaries. If it is possible
I will post the HR-customizing later.