With the 1H 2021 Release of SAP SuccessFactors application, you should expect change in behavior of SFAPI/ODATA CREATE/UPDATE for User API entity when "password" field is present in the Request payload.
Due to security reason, API CREATE/UPDATE will work same as SAP SuccessFactors UI i.e. if password field is created or updated via API call and when affected user logs in to SAP SuccessFactors application with newly created or updated password, user will get password reset pop-up.
Objective:
Share the information with customers and partners, so that impact can be evaluated.
Key Date for Replacement
- Replacement Date: With 1H 2021, you’ll start getting password reset popup when "password" is being created/changed using SFAPI/ODATA API.
Key Information:
- What is the current behavior of the product?
Ans.: Any user with password field created/updated via API do not give Password reset Pop-up when user logs in to SAP SuccessFactors UI for the first time with newly created or updated password. Customer needs to report ticket under LOD-SF-INT-ODATA component to get the password reset pop-up feature enabled.
- What is the expected behavior?
Ans.: Same as SAP SuccessFactors UI behavior. User created/updated with password via API request should get reset Pop-up when user logs in to SF UI for the first time with newly created or updated password (By API).
- What is changing?
Ans.: Post 1H 2021, API behavior will be in sync with UI behavior i.e. by default all customers’ SAP SuccessFactors instances would be enabled to trigger the password reset pop-up if it was created/updated via SFAPI/ODATA API.
- Who will be affected, and how?
Ans.: Only users which has been created/updated via SFAPI/ODATA API . This would have no impact on Users created via UI or Import.
- Is there any exception?
Ans.: Only those Users which has been created by another API user will get impacted. If API user is creating/updating data for himself or herself will not get impacted and no password reset pop-up would be generated in this case.
Conclusion
We implemented this feature due to security reason i.e. default password created via API must be changed during first login.