Showing results for 
Search instead for 
Did you mean: 

[Initial Password] CUA vs IdM

Active Contributor
0 Kudos


Please correct me if I am wrong: when the CUA cha,ges to password in the child systems, they are set as initial. It means that, on the first logon, the user has to change it.

Is there a possibility for IdM to set "definitive" password. It seems so to me after reading

|                     |        CUA        |  Identity Management       |
| Password management | Initial passwords | yes incl. workflow support |

in, page 29

Thanks in advance.

Best regards,


Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

IdM can only do what SAP permits. Depending on how one is authenticating determines the password policy. An initial password, an expired password and a password reset by an administrator all set the same flag. The user must change their password on next logon. The only way around this to write directly to the db with SAP's hash. A terrible idea and a big security risk.

UME uses a delegated model so the password policy depends on what you are authenticating against. This question is normally asked because a company wants to do password synchronization; one is better off doing SSO.

Answers (0)