S-user Lifetime

Welcome to the S-user lifetime support page. To help protect your sensitive company information and ensure GDPR compliance, SAP is assisting customers and partners in their responsibility of user administration by assigning an expiry date to all S-users, which started June 2nd, 2020. You can find the S-user lifetime expiration date in your User Profile. Administrators will find more in-depth information relevant to the user account management activities in the User Management Application.

S-user Lifetime Process

Phase 1 - Active

  • With S-user lifetime, S-user IDs now have an "expiry date." This means all new users will have a default validity period of 24 months.
  • Administrators have the ability to amend the expiration date as needed.
  • A valid email address is now mandatory for all S-user IDs.

Phase 2 - Expiring

  • The expiring phase is 90 days.
  • The administrators will be notified as soon as the S-user enters the expiring phase. There is no impact to the S-user at the time of these notifications.
  • S-users will be notified via email three times at 30 days, 14 days, and 2 days before their S-user ID expires.
  • Administrators may choose to extend the S-user lifetime of each user, allow them to expire or they may delete any S-user IDs at any time. Note: There is also a mass update available.
  • At any time, S-users may request an extension of their ID's expiry date via a self-service. Note: S-users will be informed about any changes to their expiration dates.

Phase 3 - Expired

  • For 90 days after the expiry date passes, the S-user ID will be disabled (please note that the S-user ID will not be deleted yet).
  • The S-user will be unable to authenticate into SAP platforms and systems.
  • Administrators can see expired S-users in the User Management Application.
  • Administrators can reactivate the S-user ID up until the S-user ID is deleted.

Phase 4 - Deleted

  • 90 days after the S-user ID has expired, it will be deleted.
  • Administrators can view deleted S-user IDs for 12 months; however, the S-user ID will be unable to be reactivated. 
  • If the deleted S-user requires access to SAP systems again, the administrator will have to create a new S-user ID for that individual (the deleted S-user ID will no longer exist). 
  • Please note: SAP cannot bring this S-user ID back.
  • The deleted S-user's history will also be deleted from the SAP systems permanently.

Frequently Asked Questions

Please, select...

All new and existing S-users are in scope except for super, cloud or user administrators, security managers, technical communication users and P-users.

S-user lifetimes are mandatory for all customers and partners as part of the new user management processes started June 2nd, 2020.

An S-user ID gets the "inactive" status when their S-user ID information does not have valid email address information. Inactive S-user IDs cannot be used. User administrators must provide the missing information to reactivate the S-user ID.

Make sure notifications are enabled in your user profile in the Support Launchpad (select Manage Notifications in the user drop down menu). In addition, make sure notification-service@sap.com is not in your junk or deleted email folder.

The incident handling process will not be affected even if the S-user ID of the Reporter has been deleted/expired. However, if your S-user ID has already expired, contact your user administrator to request reactivation and extension of your expiry date. Once completed, you should again be able to access your incident(s). However, if your S-user gets deleted, you will need to request a new S-user ID to resume incident processing. Meanwhile, any other active user within the company with incident authorization can take over and process the incident.

Yes, administrators can update the lifetime of a specific user at any point before they expire. If using the mass update functionality, it can only be used for S-users in the active, expiring or expired status; the expiry date of S-users can only be set to a maximum of 24 months.

Note: Administrators should only extend S-users that are required to continue transacting on behalf of the company.

Yes administrators may delete any S-user ID's at any time.

All administrators (i.e super, cloud, or user administrators as well as Partner Security Managers) will be notified about the expiring S-user IDs.

The customer/partner user administrators can use the SAP ONE Support Launchpad "Support User Management" tile (Manage My Users application for Partners) to check the 'Expiry Date' of their users. One can extend the expiry date via the 'Action' column.

No. There is no automatic extension capability within the S-user Lifetime functionality. During the creation of a new S-user ID, the validity period defaults to 2-years. The user administrator can amend the validity date if needed. The ‘last log in’ date can be used by the user administrator to determine whether the S-user ID is still being used, and thus merit an extension.

The same guidelines and rules apply to VAR-d partners: administrators must maintain S-user IDs regularly. Like customers, partners will also receive notifications for expiring users within your organization.  

Also, if you are using SAP Solution Manager for incident management, please ensure that S-user IDs in your AISUSER table are still active. Those S-user IDs are used for incident forwarding to SAP Support. Incident forwarding to SAP Support is not possible if the S-user IDs used are either expired, inactive, or deleted.

No. Only your end customers will receive such notifications for their own S-user IDs. It is your customer's responsibility to manage their own S-user IDs.

Do the VAR-d user administrators have an overview of all S-user IDs and their expiry dates?

Your SAP Solution Manager system will still be able to read and update your incidents within SAP Solution Manager, even if the end customer's or your own S-user ID of the end customer becomes expired or deleted. However, it will not be possible for the SAP Solution Manager to send or forward your incident back to SAP if any S-user ID involved (either the "Reporter" or the "Creator") in forwarding to SAP is either expired or deleted. Therefore, if the S-user ID has expired, please contact your user administrator to reactivate the S-user ID and extend its expiry date.  

It is important that your end customer ensure that they keep track and ensure that their S-user ID expiry dates are updated accordingly. If S-user IDs are not maintained, then incident exchange with SAP may be disrupted. 

Yes. If the VAR-d partner knows which end customer S-user ID is active, s/he can change the "Contact Person" entry from the AISUSER table to the active S-user ID. Please also reference SAP Note 2511493.

No, it is also relevant for logging into various SAP portals and systems.

Yes, your customers will need to manage, review all created S-user IDs for their organization and decide for themselves which ones to extend and which ones to allow to expire (or they can already delete them manually, if applicable). For this purpose, the user administrators can reference the "last login" date, which provides some information on whether the S-user ID is still being used. VAR-d end customers also need to be conscious and check with their Service Providers which S-user IDs are being used by the Service Provider when sending incidents to SAP. VAR-d customers need to ensure that those S-user IDs do not expire. Otherwise they will be impacted when forwarding incidents to SAP Solution Manager.

For general partner User Lifetime information and FAQ, see here.