Bhaskar Vh wrote:
How to overcome the situation?
Are there any other parameter which can help to over this password expiry situation?
Sorry to say this - but the system works exactly the way it was asked to behave:
- Do not prompt users to change their (initial/expired) password as long as they logon by SSO
- Inititial passwords which have not been used to logon will become invalid after 10 days
If this is not what you want, you should configure the system differently.
The rationale behind both profile parameters is:
Initial passwords (i.e. passwords which have been set by the administrator, not by the user) should be changed as soon as possible (because they are known to the administrator who has set them). If the user does not require the password (thanks to SSO) the password should actually be disabled - that might be even done immediately (see: login/password_change_for_SSO - it's possible to instruct the system to delete such passwords immediately when the user logs on using SSO). If the user is not making use of his passwords in the first 10 days after the password was set by the administrator, it's justified to disable the password. After that, the user is still able to logon to the system using SSO. If he really feels the requirement to be able to logon by password in addition, he need to request a new password from the administrator - and should use that new password then immediately (at least in the 10-days timeframe).
Maybe it's a good advice to inform the users about the fact that a new password (being obtained from the administrator) needs to be used in the next 10 days, otherwise it will be vanished.