How to Configure Enterprise Authentication Policy in SAP BusinessObjects Business Intelligence (BI)

Here are steps to configure Enterprise Authentication Policy in SAP BusinessObjects Business Intelligence (BI)

1- Go to Authentication on menu, with one of following ways: Under CMC Home, go to Manage section on right side then click Authentication, or choose Authentication in drop down list menu, or scroll down on icons list in left side then click padlock icon.
2- Double click on Enterprise
3- Fill respective fields as per needed then Apply

Enterprise Authentication in SAP BusinessObjects BI platform 4.1 SP5 versus 4.1 SP7

Above steps have been tried in SAP BusinessObjects BI 4.1 SP5 and SP7. Just as additional info, there is slight difference for Enterprise Authentication between 4.1 SP5 and 4.1 SP7 which in newer version, it has two additional parameters under Password Restrictions Section which are Enforce numeral in passwords and Enforce special characters in passwords.

Suggestion Before Applying Policy

First, if the policy will be implemented for the first time, better to change the password of predefined account or system account (like Administrator) to comply with Password Restrictions rules.

For instance, if Enforce special characters in passwords parameter will be enabled, then better to reset the password of predefined account or system account (like Administrator) to make sure there is special character in it’s password. It will avoid problem toward system account once policy is activated.

Second, if Disable account after N failed attempts to log on under Logon Restrictions section will be activated, then kindly consider to set Re-enable account after N minute(s) parameter with acceptable value.

Let’s say, the value for Disable account after N failed attempts to log on is set to 3. There is big chance Administrator is getting locked by mistake. In this case, by putting Re-enable account after N minute(s) not too high will make Administrator password recovery becoming faster. Or, there is another suggestion which is to set another user as part of Administrators Groups. So, in case Administrator is getting locked, this user can unlock it directly.