SAP Knowledge Base Article - Public

3011997 - Unable to Generate New Password From the Forgot Password Link


When using the password reset self-service, you expect the system to send a token to the user's e-mail address, in order to set up a new password. However, no token is sent to the e-mail address provided.


  • SAP Business ByDesign
  • SAP Cloud for Customer

Reproducing the Issue

  1. Open the system's log-on screen.
  2. Click the link Forgot your Password? (ByD) or Forgot password? (C4C).
  3. A popup screen will come up, requesting to enter your e-mail address.
  4. Automatically a new popup will request you to enter the token that was sent to your e-mail address. 


There might be several causes related to this issue. Some of them are listed below, with their resolution.


The e-mail address of the user is not maintained in the system

For Business ByDesign:

  1. Go to the Personnel Administration work center.
  2. Access the Regular Tasks views.
  3. Select option Change Workplace Contact Data.
  4. Search for the Employee to be edited.
  5. Maintain e-mail address under Communication Data. 

For Cloud for Customer:

  1. Go to the Administrator work center.
  2. Access the Employee view.
  3. Search and select the employee to be edited.
  4. Click Edit.
  5. The employee's TI will open in Edit mode, where you can change the e-mail address.

Check the E-Mail and Fax Settings fine-tuning activity

  1. Go to the Business Configuration work center.
  2. Access the Overview work center view.
  3. Search and open activity E-Mail and Fax Settings.
  4. In the next screen, click the E-Mail and Fax Settings link.
  5. Under the section E-Mail and Fax Delivery in a Non-Productive System, check if option "Send all e-mails to this address" is selected.

When this configuration is maintained, all outbound e-mails from the system will be sent to the e-mail address determined in the field underneath it, so that the administrator can check how the e-mails are displayed before using them in productive circumstances. Since all outbound e-mails are routed to the e-mail address maintained in this fine-tuning activity, this includes password reset tokens.

Please set this option to "Send all e-mails to business partners" so that the users receive their password reset tokens as expected.

Note: this functionality is only available in test systems.

Check or configure S/MIME certificate

Please check the following:

  1. Go to the Common Tasks work center view. 
    • In Business ByDesign, under the Application and User Management work center.
    • In Cloud for Customer, under the Administrator work center.
  2. Access the option Configure S/MIME.
  3. Navigate to the Outgoing E-Mail tab. 
  4. Check if the certificate has expired in the system.
  5. Click Renew S/MIME Certificate. 
  6. Save your changes and test the scenario again. 

Check encryption for outgoing e-mails

  1. Go to Configure S/MIME (see above) and navigate to tab Activate S/MIME. 
  2. Check if Encrypt Outgoing E-Mails is selected. 
  3. If yes, the system is expecting user's S/MIME certificate to send an encrypted e-mail while trying to reset password. Therefore, uncheck/unselect this option and then test the Forgot Password feature again. 

In case all settings are fine and the issue remains, open an SAP support incident and confirm that the settings as mentioned in this KBA 3011997 have been checked and are correct. SAP needs then to perform further checks in the backend.


Forgot Password, New Password, Token Not Received , KBA , SRD-CC-IAM , Identity & Access Management , Problem


SAP Business ByDesign all versions ; SAP Cloud for Customer add-ins all versions ; SAP Cloud for Customer core applications all versions