As a tenant administrator, you can configure the validity of the initial password and link sent to a user in the various application processes.
You are assigned the Manage Tenant Configuration role. For more information about how to assign administrator roles, see Edit Administrator Authorizations.
The tenant administrator can specify how long the link sent to a user in the various application processes will be valid for. The link in the email can be set to expire after between 1 and 23 hours, or 1 and 30 days.
Expired links can't be used. The system automatically sends a new link in an email when a user uses an expired link.
Identity Authentication has predefined the following validity periods:
Default Email Link Validity Periods
|
Application Process |
Default Validity Period |
|---|---|
|
Self-Registration |
14 Days |
|
On-Behalf Registration |
14 Days |
|
Invitation |
14 Days |
|
Forgot Password |
2 Hours |
|
Locked Password |
2 Hours |
|
Reset Password |
2 Hours |
The tenant administrator can also set a validity for the initial password. The initial password can be valid between 1 and 365 days depending on the configuration. The default value is 14 days. After the validity of the initial password expires, the user can't log on to the application and must contact the administrator.
It takes 2 minutes for the configuration changes to take place.
To change the validity period of the initial password and the links, follow the procedure below:
-
Sign in to the administration console for SAP Cloud Identity Services.
-
Under Applications and Resources, choose the Tenant Settings tile.
At the top of the page, you can view the administrative and license relevant information of the tenant.
-
Under Authentication, choose the Initial Password and Email Link Validity list item.
-
Choose Edit.
-
Optional: (For email link validity) Under Configure Email Link Validity, choose an application process and set the validity period of the email link for it.
-
From the radio buttons on the right, select either Days or Hours.
-
From the dropdown list on the left, select a number for this.
You can choose a value between 1 and 23 for Hours, and 1 and 30 for Days.
You can repeat the step for all processes.
-
-
Optional: (For initial password validity) Under Configure Initial Password Validity, set a value for the validity of the initial password.
-
Save your changes.
Related Information
Tenant SAML 2.0 Configurations
Get SAML 2.0 IdP Metadata via Parameter
Tenant OpenID Connect Configurations
Change Tenant Texts Via Administration Console
Configure Master Data Texts Via Administration Console
Configure Links Section on Sign-In Screen
Add Instructions Section on Sign-In Screen
Configure X.509 Client Certificates for User Authentication
Enable Users to Generate and Authenticate with Certificates
Configure Allowed Logon Identifiers
Configure User Identifier Attributes
Configure Trust this browser Option
Enable Back-Up Channels to Send Passcode for Deactivation of TOTP Two-Factor Authentication Devices
Use Custom Domain in Identity Authentication
Change a Tenant's Display Name
Configure Default Risk-Based Authentication for All Applications in the Tenant
Configure Sinch Service in Administration Console
Configure RADIUS Server Settings (Beta)
Configure Mail Server for Application Processes
Send System Notifications via Emails
Configure Customer Managed Keys in Administration Console (Restricted Availability)
Configure Default Language for End User Screens
Reuse SAP Cloud Identity Services Tenants for Different Customer IDs