Idea ID: 1675750

No Password Expiration for Integration Users

Status : Under Consideration
over 2 years ago

Hi,

Use Case:

We have an integration user to be userd by OPB and OMi integrations. Recently, the integration user's credentials have been expired and it's not possible to reset them directly.

All integrations are affected if the integration user cannot logging into SMAX by API.

Requirement:

(Desirable) No password expiration for these kind of users. There is a huge impact with integrated external systems

(Acceptable) Reminder before 15-7 days of the expiration by Integration User's Email in order to schedule a schedule maintenance work for change the credentials on SMAX and/or External Systems (OPB, OMi...)

  • We need password expiration notification for

    bo-integration@dummy.com

    saw-integration-internal@dummy.com

    saw-integration-external@dummy.com

  • Here 2 possible workaround that might work (the condition is that users must be in the internal IDM DB)

     

    ---Workaround 1 ---
    If customer is using internal postgres, do the following:
    [root@btp01vm0451 idm]# kubectl get pods --all-namespaces
    grep idm-postgresql
    itsma3 idm-postgresql-6f44f8f49-clxqt 2/2 Running 0 82d

    [root@btp01vm0451 idm]# kubectl exec -it -n itsma3 idm-postgresql-6f44f8f49-clxqt -c postgresql bash
    idm-postgresql-6f44f8f49-clxqt:/ # psql -h 127.0.0.1 -p 5432 -U idm idm
    Password for user idm: Idm_1234

    SQL>Update password_policy set expiration_check=FALSE;

    If customer is using external PG, connect IDM DB with PGAdmin and run:
    SQL>Update password_policy set expiration_check=FALSE;

    The password policy affects all users stored in internal IDM DB, which means it'll also have effect in sysadmin.

     

    ---Workaround 2 ---
    [root@btp01vm0451 idm]# kubectl get pods --all-namespaces
    grep idm-postgresql
    itsma3 idm-postgresql-6f44f8f49-clxqt 2/2 Running 0 82d

    [root@btp01vm0451 idm]# kubectl exec -it -n itsma3 idm-postgresql-6f44f8f49-clxqt -c postgresql bash
    idm-postgresql-6f44f8f49-clxqt:/ # psql -h 127.0.0.1 -p 5432 -U idm idm
    Password for user idm: Idm_1234

    update database_user set password_renew_date = '2019-01-01 14:04:49.084' where name = 'sysadmin';
    *Note: Replace '2019-01-01 14:04:49.084' for any date in the past

  • Thanks for all the votes and comments. We are looking into this as a future product enhancement. Check the notifications box to be emailed if the status changes.

  • Thank you for sharing your idea! It’s open for comments and kudos, and we’re looking forward to input from the community. Once there is enough community traction, it will be further reviewed by the product team.