Let's follow up this discussion at the Neptune Community
(this forum will be kept in read-only mode)
"Forgotten password" button in the logonscreen, where you can request a new SAP password. Could have two ways to handle this:
a) When pressing this, a new password is sent to your username on mail.
b) Ask a series of questions that are semi secret (example: personal number from infotype 0002, credit card number from infotype 0105, etc). Configurable for each customer of course. (ESS solution or HR department could also add a "secret" to an infotype to use. Like "Your favorite movie").
Create a way to match the telephone ID with SAP. Like they do in SAP Success Factors. Example: The user run a transaction in SAP, which generates a "one time code", which then is stored in SAP somewhere on that user. Then the user add this code in the APP, and the telephone and SAP is linked as long as the user owns the telephone. No more username or password. You could then also create another app for helpdesk, to create this code on behalf of others.
Same as above, just add another layer of security with a fingerprint for iPhone users.
PS: Reasons why I ask for this: Our auditors request that we have a parameter setting forcing users to change SAP and AD passwords in a certain interval. And since most users use SSO when using SAP GUI, they will always forget their SAP password (or disable it in backend when it is time to renew). Which again will cause a lot of calls to helpdesk. We should be able to give them a more self-service approach to this.
Thanks for your suggestions. We will take them into account when discussing about features for next releases.
In SP01 we added functionality for "Forgot password" link. The link is set on the Bundle App level in Neptune Application Management (NAM) and valid for Mobile Bundle.
We now have SP01, and can now see the "reset password URL" field, under NAM-->Bundle App-->Autenthication-->Connection.
Is there a more complete solution surrounding this field, or is this field more general? (where we have to create a web page ourselves, with capabilities to reset the password).
this field is just a URL. You will have to create a web page yourself for the specific functionality you want to implement.