Wednesday, April 13, 2011

Account Logins and Anonymous Access

For a process that is supposed to be all about promoting access, NW IDM certainly has enough ways to prohibit access to the system.

We recently enabled Anonymous Password reset and had a user that just could not authenticate. No matter what they entered they kept getting access denied when they answered their authentication questions.

As a test we had them reset their authentication answers to a single character.  We even tried clearing all the answers by dropping their MX_AUTHQ_00x entries (Set MX_AUTHQ_001 --> {D}, and so on) which had been the previous extreme solution to these problems.

Finally one of the other engineers on the project noticed that MX_FAILEDRECOVER was currently at 4 for the user with 3 being the limit in the system. We then executed our unlock IC user task which resets this value.  The user was then able to authenticate.

Kind of an interesting situation, since the "user" was logging in anonymously, the system was still checking this value before they could reset their password. Nice to see that SAP IDM is on duty and guarding the points of entry to the system.  Time for this user to call the help desk!
Post a Comment