LogoLogo
  • Welcome
  • Overview
    • Architecture
      • API Server
      • Sizing
    • Dashboard Overview
    • Monitoring Concepts
      • Application Performance Management
        • Availability Monitoring
        • Performance Intelligence
        • Service Level Management
        • Synthetic Transaction Management
        • Alerts Management
        • Reporting & Analytics
      • Infrastructure Monitoring
      • Unified Monitoring
    • Automation Concepts
      • Definition of Terms
      • Infrastructure as Code
        • Project Structure and Organization
        • Setting Up IaC Environment
        • Infrastructure Provisioning
        • Configuration Management
      • SAP Basis Automation
      • Automated Migration
  • User Guide
    • Onboarding
    • Setup
      • Gateway Setup
        • Gateway Network Setup
        • IT-Conductor Gateway Setup on Windows
        • IT-Conductor Gateway Setup on Linux
        • IT-Conductor Gateway Setup on AWS
        • IT-Conductor Gateway Setup on Azure
        • IT-Conductor Gateway Setup for SAP Secure Network Communications (SNC)
      • API Server Setup
      • MSP Tenant Setup
      • SSO Setup
        • Azure ADFS Identity Provider
        • Azure Active Directory (AAD) App Gallery
    • Monitoring
      • General
        • Maintenance Mode
          • Manual Maintenance
          • Scheduled Maintenance
        • Central Syslog Server Monitoring
        • URL Monitoring Locations
      • Cloud Monitoring
        • AWS Monitoring
        • Microsoft Azure Monitoring
      • Database Monitoring
        • IBM DB2 Database Monitoring
        • Microsoft SQL Server Monitoring
        • Oracle Database Monitoring
        • SAP HANA System Monitoring
          • SAP HANA Scale-Out Monitoring
          • SAP HANA Overview Dashboard
          • SAP HANA Alert Management
        • SAP ASE Database Monitoring
        • SAP MaxDB Monitoring
        • HA/DR Monitoring
      • Infrastructure Monitoring
        • File Server Monitoring
          • File Watcher Monitoring
        • Git Server
        • OS Monitoring
          • Unix/Linux System Monitoring
            • Linux Network Interface Monitoring
            • OS Printer Monitoring
          • Windows System Monitoring
            • WinRM Adapter Configuration
              • WinRM Services Configuration
              • Domain User Access
              • WMI Namespace Access
              • Windows Service Configuration
        • VMWare vCenter Monitoring
      • SAP Monitoring
        • Business Process Monitoring
          • Business Process Composer
          • BDoc Monitoring
          • IDoc Monitoring
        • SAP BusinessObjects Monitoring
          • SAP BO Data Services Monitoring
        • SAP Cloud Connector Monitoring
        • SAP Host Agent Monitoring
        • SAP NetWeaver Monitoring
          • SAP ABAP System Monitoring
            • SAP Transports
            • Security Role Import
            • SAP ABAP Overview Dashboard
            • SAP CCMS Alert Monitoring
            • SAP Batch Jobs Monitoring
              • SAP Batch Job Monitoring for CCMS Alerts
              • Advanced SAP Batch Job Monitoring
            • SAP SLT & RFC Connection Monitoring
            • Print Spooler Monitoring
            • Workload Monitoring
              • Transaction Code Monitoring
              • SAP Workload Monitoring
          • SAP J2EE System Monitoring
            • SAP J2EE Monitoring Role
            • Keystore Views and Certificates Monitoring
            • SAP PO Application Monitoring
          • SAP Systems Administrator Panel
        • SAP Web Dispatcher Monitoring
        • LMDB Discovery
        • Team-Based Central SAP Download Manager
    • Automation
      • Migration
        • Oracle to AWS Migration
        • Oracle to ASE Migration
        • SAP on MSSQL to AWS Migration
        • S/4HANA to Cloud Migration
      • E2E System Refresh Automation
        • Frequently Asked Questions
      • Age-based HANA Backup Automation
      • Inbound/Outbound Queue Restart Automation
      • OS File System Cleanup Automation
      • OS Linux Pacemaker Cluster Error Management
      • OS Printer Queue Restart Automation
      • OS Linux Kernel Patching using ChAI
      • OS Linux System Reboot using ChAI
      • SAP Batch Job Restart on Error
      • SAP Kernel Update using ChAI
      • SAP HANA Account Activation using ChAI
      • SAP Transports using ChAI
        • Frequently Asked Questions
      • SAP User Unlock and Password Reset Automation
      • Start/Stop Automation
    • Reporting
      • Available Reports
      • Creating Reports
        • Service Health KPI Report
      • Scheduling Reports
        • Automated HANA Reports
      • Report Elements
      • Archived Alerts Reporting
    • Account Administration
      • Invite Users
      • Create Robot Users
      • Update Linux System Account Password After Expiration
    • Notifications
      • Alerts
      • Threshold Overrides
        • Threshold Overrides Variables
      • Notification Targets
      • Distribution Lists
      • Subscriptions
      • Custom SMTP Notification Providers
      • Integration Providers
        • Derdack EA Integration
        • ilert Integration
        • Jira Service Desk Integration
        • Microsoft Teams Integration
        • PagerDuty Integration
        • Slack Integration
      • On-Call Scheduling
      • Calendar Events
    • Diagnostics
      • Gateway Communication Dump Debug Mode
      • Running IT-Conductor Gateway from CLI
      • SAP CCMS Missing Data
    • IT-Conductor FLUX
    • SID-Refresh
      • Product Overview
      • Getting Started
      • Documentation
      • Release Notes
      • Frequently Asked Questions
      • Troubleshooting Guide
        • Component CRM_MIDDLEWA_CRM - CRM Middleware Configuration
        • Failure to Start the Java-based GUI
        • Inconsistencies found in the table TADIR
        • Java-based GUI Runs with Pixelated Fonts
        • No email message is created after sending an email in SO01
        • Program Run as root
        • SICF Wrong Credentials
        • SU01: Error in user management
        • External Resources
      • Pricing
  • Release Notes
    • Gateway
  • References
    • Open-Source Software
    • Support
Powered by GitBook
On this page
  • Prerequisites
  • Automation in Action
  • SAP Automated User Unlock Dashboard
  1. User Guide
  2. Automation

SAP User Unlock and Password Reset Automation

PreviousFrequently Asked QuestionsNextStart/Stop Automation

Last updated 6 months ago

Unlocking users due to constant incorrect login attempts and password resets can consume time and resources for customers and their help desk/security teams, while having to validate and verify user identities manually. Furthermore, the loss of productivity while waiting for password resets can stop critical business processes.

IT-Conductor can automate this service desk function, enabling self-service password resets and user unlocking based on the customer's security policy. Depending on the customer's requirements, the reset password can be sent directly to the end user, a designated distribution list, or a specified group as needed.

The identification of locked SAP users is based on monitoring CCMS Alerts. The override targets specific CCMS alerts and uses alert user details for further processing. The overrides can have different recovery actions depending on the customer’s scenario.

This is triggered as an auto-recovery action by a CCMS alert (User Locked due to consecutive failed login attempts), which dynamically generates a unique password for the user, unlocks the user, retrieves the user's email and full name, and sends an email to the user with the new temporary password.

The SAP user details are first pulled from SAP. Based on the role type and user status, the password is reset with a randomly generated character string, then the user is unlocked. The notification with the new password can be sent to a specified email address, such as the end-user or an SAP Admin, etc.

Several scenarios are supported, such as creating a filter to identify users for whom this should apply, setting up multiple monitors based on UserID groups, and defining separate thresholds for various user requirements. This includes the ability to identify a particular lock type that differentiates between when a user was locked by the System Admin, incorrect password entry, and enforcement of the validity period.

Prerequisites

  1. Add system to IT-Conductor for monitoring and automation.

  2. Create SAP user with Admin rights.

  3. Add an e-mail address in the master record for all users.

  4. Create a in IT-Conductor for automation purposes.

  5. Create a system account in IT-Conductor and associate the SAP Admin user with the . Review specific documentation to create a monitoring account for your type of system.

  6. Configure CCMS according to customer requirements.

  7. Create Process definition(s) based on the customer’s workflow process.

  8. Configure recovery action using the defined override and process definition.

Automation in Action

After several failed attempts to log into SAP, a user eventually gets locked.

After a few minutes, a CCMS alert will be generated in IT-Conductor, and the user will get notified that they have been locked out due to a failed login attempt.

Once the locked user is detected, the IT-Conductor Process definition is triggered as a recovery activity to reset the user’s password and notify them of their new temporary password.

Figure 5 is an example of a triggered Process Definition for the User Password Reset Automation scenario.

Figure 6 is an example of an e-mail notifying users of their new temporary password.

SAP Automated User Unlock Dashboard

A customized dashboard can be deployed to provide an overview of the unlocked users per system within a particular time interval. It also includes some administrative tools, such as the restart activity button and the activity log, which shows whether the activity was successful or not. Last but not least, these password reset activities can be a source for security audit reports generated by IT-Conductor for compliance and audit purposes.

Robot User
Robot User
Monitoring
security thresholds and overrides
Figure 1: Locked SAP User Due to Consecutive Failed Attempts
Figure 2: Generated CCMS alert in IT-Conductor
Figure 3: Triggered Alerts in IT-Conductor
Figure 4: Password Reset Recovery Action
Figure 5: User Password Reset Automation Process Definition
Figure 6: Email Notifying the User of the New Temporary Password
Figure 7: SAP Screen to Enter New Password
Figure 8: SAP Login Password Successfully Changed
Figure 9: SAP Automated User Unlock Dashboard in IT-Conductor