Password & Login Policy settings are configured to prompt users to reset their passwords, but users are not being prompted
User passwords are not expiring even after setting the Maximum Password Age
- Users are not being prompted for password reset when expected
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
SAP SuccessFactors HXM Suite
Reproducing the Issue
- On "Password & Login Policy Settings", a value is set to prompt users to reset their password after some period (for example, 60 days).
- After the period set (for example, 61 days), users are not prompted for password reset and their passwords keep working normally.
There are two potential causes for this:
- "Hide the Personal Password Tab from users" is enabled and preventing users from being prompted to reset their password;
- The instance has Single Sign-On enabled, or the instance used to have Single Sign-On enabled and "Partial Organization Single Sign-On" option is still enabled in Provisioning.
- If your instance has Single Sign-On enabled, it is an expected behavior that user passwords do not expire.
- If you used to have Single Sign-On enabled, please have your implementation partner make sure that option "Partial Organization Single Sign-On" is disabled in Provisioning.
If that option is enabled, even after SSO has been disabled, users with loginMethod set to "SSO" or NULL will not have their password expired.
If you do not have an implementation partner, please report an incident for Cloud Product Support to disable that feature for you.
To disable or check if option "Hide the Personal Password Tab from users" is enabled, please follow the steps below:
a) Go to "Admin Center" > "Company System and Logo Settings"
b) If checked, un-check the checkbox named "Hide the Personal Password Tab from users" (as shown in the screenshot below)
c) Click "Save"
password and login policy, password policy, passwords, password expiration, password age, password maximum age, SSO, single sign-on, PWD, Partial Single Sign-On, partial SSO, login method, loginmethod, PLA-6035 , KBA , LOD-SF-PLT , Platform Foundational Capabilities , LOD-SF-PLT-PWD , Password Policy Settings & Reset Password , Problem