Users and Organization Structures Business Users
Business Users are all those Employees in your company who should have access to SAP Sales Cloud. After creating an employee, the system automatically creates a business user, which does not yet have access and authorization and for which no licenses have to be paid.
Navigation for Users and Organization Structures
1. Organization Structures 1.1. Creation of an Org. Unit 1.2. Adjusting of an Org. Unit 1.3. Plant 2. Job Definition 3. Employees 3.1. Creation and Editing of an Employee 3.2. People Workcenter 4. Business Users 5. Business Roles 5.1. Creation of a new Business Role 5.2. Copy a Business Role 5.3. Assignment and Controlling of Business Roles 5.4. Rules and Validations for Business Roles 6. Local and Global Administrator 7. Login as another User 7.1. Pre-settings 7.2. Main-settings 7.3. Login as another User 8. Check User's Authorization 9. Support and Technical Users
Navigate to the Workcenter Administrator and then to the Business User view. The following figure gives you an overview of business users. As you see here is that Mrs. Stone’ Business User is locked by the Administrator – because she may left the company – therefore she is no longer been marked as a Counted User – which means you do not have to pay licenses for this User. Mr. Oliver Murphy is not being activated at all – but is still available in this list, since an employee with his details was created. Mrs. Sopia Brown is an active business user of the SAP Sales Cloud System, since she is not locked by the administrator – User Locked – or by herself – Password Locked, which is possible when she typed in too many times her password wrongly as Mr. Bob Blair did.
Basically, the functionality can be broken down into the following:
- Activating and locking of a business user
- Password management
- Authorization assignment
- Security Policy
- User Subscriptions, which is important for paying licenses and shall be done with a SAP Partner or the SAP itself
Activating and locking of a Business User
Let’s activate Mr. Oliver Murphy by selecting his entry in the table view and then click under Edit on Attributes.
The Business User setting is separated into the three parts: Employee Data – which is only a view of the information we entered while creating Mr. Murphy as an employee in the system -, Regional Settings, and User Data. The Regional Settings are almost self-explanatory, here settings are been made like for example how a date should be displayed, in which time format the time should be displayed or also the decimal notation. In the User Data you can change the USER ID as specified by the company – usually you should either choose the family name or family name and the first letter of the first name. By default the USER ID is family name, first name and the business user ID. As the next steps you should set up the Valid Dates and the Security Policy. Last you have to give the business user an initial password – which he has to change after first login to his own one. You can create a password for the user either by clicking on Actions and Generate Password or you type in a Password in the Password input field on the right hand side of the screen – both options will set the Toggle field Password Locked to false. When clicking on save the user is activated – but without any Access Rights yet.
To lock a user, please navigate to the table view where you find the two buttons Lock User and Unlock User on the top-action bar.
Password Management
In principle, the basic function Generate Password and Deactivate Password can be used both in the tabular overview and in the editing mode of the business user. If you want to set the password manually, you have to enter the editing mode of the business user.
If you use the Generate Password function, a Do-Not-Reply email will be sent to the email address stored in the Business User’s employee. This email looks like this:
If the Password Locked toggle is activated for a business user, it means that the user entered his password incorrectly several times in a row. The system will then automatically lock the user’s password for security reasons, to protect against possible attacks. The lock is immediately removed if you press Generate Password as an administrator or deactivate the toggle when editing the business user and enter a password manually. The following figure shows the error warning a user receives when entering his password incorrectly for the fifth time.
Security Policy
The security policy is a set of rules for determining password complexity. Here, for example, you can determine the minimum number of characters the password should consist of and how many of them should be uppercase letters, lowercase letters, numbers or special characters. In SAP Sales Cloud, the password complexity rules can be differentiated between desktop and mobile applications.
To check the settings of the Security Policy please do navigate to Workcenter Administrator and click on the view Commons Tasks. Here you will find the Button Edit Security Policies.
You can make five basic settings. First you can edit an existing security policy by selecting the entry and then adjusting the settings. Second, you can create a new entry. To do this click on Add Row, then you assign the ID, the name, the description and then the adjustments. Since a new Security Policy is a customer extension, the ID may begin with the letter Z. If a new entry will look very similar to an already existing one, then it is worth using the Copy function – which is the third basic setting. As an opposite to create, you can Remove already existing Security Policies – but this is only possible for those you have created yourself. You cannot remove the default SAP entries. Last and fifth, you have the possibility to mark an entry as default by clicking on Set Default. This means that whenever you create a new business user, this security policy is automatically already stored.
The following table gives an overview of all possible settings and input fields and their meaning for the Security Policy.
Tile | Field | Description |
General | Password Logon Enabled | A toggle field which is always set to active, since each user shall enter a password |
Admin Password Change Enforcement | Administrators are always able to reset a password to an initial one. You can select in this dropdown following two entries: Ignore: This means when an Administrator resets the password, a business user can accept the new initial password or cancel – because he may now remember his old one Enforce: This means that when an Administrator resets the password, the business user have to accept this and resets to a new one | |
System Password Complexity | Minimum Number of Characters | Means the length of the password. Enter an integer number |
Minimum Number of Changed Characters | If a user needs or wants to assign a new password, specify here the number of characters from which the new password must differ with the old ones Example: You enter 2. The old password of the user is C4CIsEasy12? then the new one cannot be: C4CIsEasy123? because here only one character is different. Allowed would be: C4CIsEasy1234? | |
Minimum Number of Lowercase Letters | Enter an integer number of how many lowercase letters shall be included in the users’ password | |
Minimum Number of Uppercase Letters | Enter an integer number of how many uppercase letters shall be included in the users’ password | |
Minimum Number of Digits | Enter an integer number of how many number of digits shall be included in the users’ password | |
Minimum Number of Special Characters | Enter an integer number of how many special characters shall be included in the users’ password | |
Comment: An empty field means none. E.g.: If you leave Minimum Number of Special Characters empty, then no special character has to be included in an user password | ||
System Password Validity | Password History | Here you can define the number of unique passwords that has to be assigned before an old password can be used again |
Minimum Password Change Waiting Time | The minimum number of days a user has to wait before he can change the password again | |
Maximum Password Validity | The maximum number of days a user can wait to change the password. After this period the system will force the user to do so | |
Unused Initial Password Validity | The maximum number of days a user has time to change the initial password. After this period the administrator has to assign a new initial password | |
Unused Productive Password Validity | The maximum number of days a user can use one password without logging in to the system | |
Comment: An empty field means unlimited. E.g. if you leave Maximum Password Validity empty, then the user can stick with his password as long as he wants. | ||
Mobile App Logon Password | App Password Enabled | This setting ensures that there is a separate password for SAP Sales Cloud APP access. This means that even if the user activates Remember password in the mobile application, the APP will still request APP access. This would be an additional security feature in case a cell phone is stolen and the cell phone itself is not password protected |
| Comment: Please refer to the figures bellow this table | |
Mobile App Password Complexity | Minimum Number of Characters | Means the length of the password. Enter an integer number |
Minimum Number of Lowercase Letters | Enter an integer number of how many lowercase letters shall be included in the users’ password | |
Minimum Number of Uppercase Letters | Enter an integer number of how many uppercase letters shall be included in the users’ password | |
Minimum Number of Digits | Enter an integer number of how many number of digits shall be included in the users’ password | |
Minimum Number of Special Characters | Enter an integer number of how many special characters shall be included in the users’ password | |
Mobile App Password Validity | Prompt for Password After | The time in minutes can be specified when a user has to reenter the app password. This is only necessary when a session is being paused – for example when the user opens another app for some minutes. If this is set to 0 minutes, that means a user must manually log on each time they run the app |
Maximum Number of Password Attempts | The maximum number of password attempts before mobile App data is deleted | |
When enabling the setting App Password Enabled the Business User have to enter a password for the APP itself, which can be seen in the next figure. You can also see here, the settings for Minimum Number of Characters, Minimum Number of Lowercase Letters, Minimum Number of Uppercase Letters, Minimum Number of Digits, and Minimum Number of Special Characters. After the set up the mobile application asks the user to use Touch ID instead of the App password, which can only be used if the mobile hardware offers the possibility. The third figure shows how it looks like, when the mobile application asks for the App password.
Do you need consulting from our experts?
The Customer Experience team at Camelot ITLab deals with exciting and challenging CRM related topics every day and serves a large portfolio of different customers from a wide range of industries. Trust in this collaboration and feel free to contact us at tlil@camelot-itlab.com.
Was this article helpful?
If you like our content we would highly appreciate your review on Trustpilot
#SAP C4C #SAP Cloud 4 Customer #Cloud 4 Customer #Cloud for Customer #SAP Sales Cloud #Sales Cloud #BusinessUsers #Users #Employee #Password #Security Policy #PasswordManagement
