SAP Knowledge Base Article - Public

2103239 - Working with the External Password Policy - Recruiting Management

Symptom

  • For customers with “Manage External Password Policy” feature enabled, specific rules can be specified to external candidates creating account on External Career site.
  • This article describes how to configure it in details so it can be personalized based on your company’s needs.

Environment

SAP SuccessFactors Recruiting Management - All versions

Resolution

Pre-Requisites:

  1. Separate Password Policy for External Candidates must be Enabled. If not, please create a ticket with Customer Success Team.
  2. Grant users permission:
    • RBP: Admin Tools -> Manage Permission Roles -> select Role -> Permission -> Manage Recruiting -> Manage External Password Policy permission
    • Non-RBP: Admin Tools -> Manage Recruiting Administration -> select a user or group of users and grant Manage External Password Policy permission

 

Working with the External Password Policy page

1.png

Password Policy Settings

The rules specified will be made visible to candidates on the account creation screen if the candidate hovers over the Password Policy link.

2.png

When this is used, the candidate will see a bar next to their password field indicating their password strength and the point where their password becomes acceptable.

Option Recommended Function
Minimum Length 8 Minimum number of characters the password must contain to be acceptable
Maximum Length 18 Maximum number of characters the password may contain

Maximum Successive Failed Login Attempts

Set to 0 will disable this option; The system will lock a user account if successive failed login attempts exceed what the policy allows, within a 1-minute period.

5

Specifies how many attempts can be made within 60 seconds before the account is locked

It is not advisable to use this setting for most clients because it then requires admin action to unlock a candidate or agency account

Case Sensitive (recommended) Checked Causes the password to distinguish between capitalized and non-capitalized letters

Mixed Case required

Will be ignored if Case Sensitive is not checked

Checked Requires that the password contain at least one capitalized and at least one non-capitalized letter
Non-alpha characters required Checked Requires that the password includes at least one character other than a letter

 

  • The options available in the External Password Policy are pre-set; no additional options are available.
  • Candidates will not be notified (i.e.: via email) if a system admin changes the existing password policies. Changing the password policies won't affect candidates who already have the account.
  • If Maximum Successive Failed Login Attempts is set to greater than zero then it is possible for an external candidate or agency user to accidentally lock their account with too many failed login attempts. On this page the admin can re-set the account so that it can once again be accessed.
  • For the external candidate the primaryEmail field value must be used to look up the candidate. This may or may be the same as the contactEmail value that is widely displayed on the candidate profile and application records. The primaryEmail field should be configured on the Candidate Profile XML to ensure the admin can locate and use it to reactivate the account.

 

 3.png

 

 

Keywords

Manage External Password Policy , KBA , sf recruiting , LOD-SF-RCM , Recruiting Management , How To

Product

SAP SuccessFactors HXM Core all versions