If you have a deal with external auditors, and you must set and configure your password policy on SAP Business One application to meet their requirements, don’t worry, as an IT internal and superuser, you can easily set up this rules for all of your users on SAP Business One.
This feature called “Password Administration” it allows you to define the security strength of a company by setting parameters such as: how often a password must be changed, whether the password should contain digits and/or lower-uppercase characters, and so on.
Go to Main Menu: Administration > Setup > General > Security > Password Administration
Here’s the key point:
Security Level: Choose Low, Medium, High, or Custom from the dropdown list.
Expiration After: Total number of days validity of password, until expires. You can fill with -1 if you want to set the password never expires.
Minimum Length: minimum character length of password (approx. between: 4-10 char)
Minimum Number of Uppercase Characters: minimum number of uppercase characters that must be included in the password.
Minimum Number of Lowercase Characters: minimum number of lowercase characters that must be included in the password.
Minimum Number of Digits: minimum number of digits must be included in the password (usually: 1 for medium/high security level).
Minimum Number of Non-Alphanumeric Characters: minimum number of non-alphanumeric characters that must be included in the password (such as: !, $, ?, *, etc.)
Password Cannot Match X Previous Passwords: You can fill X with a number between 0 and 10. When a password is changed, SAP Business One verifies that the new password is different than the last X passwords.
Authentication Before User Account is Locked: The number of failed logons (incorrect user name or password) that a user is allowed to perform before his account is locked. After a user account is locked, this user is no longer able to logon to SAP Business One.
But, only a super user can unlock a locked user. In order to unlock a user, the super user chooses Administration ->Setup ->General ->Users and deselects the ‘Locked’ checkbox in the Users – Setup window. The values for the predefined security levels are: 100 for low, 5 for medium, and 3 for high.
You can also try to generate various password example, that meets a rule defined above, with click on Generate button.
The example password is displayed when the user is asked to change his password.
Don’t forget to click Update button, after you’ve done.
The user may also initiate a password change by choosing Administration → Setup → General → Change Password. The Change Password window opens and the user will be able to change his/her password with entry the old password first, then entry the new password.