Federated identity management  on SAP IDM

Similar Messages

• Migration from SIM(Sun Identity Manager) to Oracle IDM

  hi
  Anyone having any knowledge on Migration from SIM(Sun Identity Manager) to Oracle IDM. Please share the knowledge/doc/links. Would helps me lot.
  Thanks
  .\idm

  Hi,
  Basic migration information can be found here. http://www.oracle.com/us/products/middleware/identity-management/upgrade/index.html
  I believe more detailed information will be available soon.

• Identity Manager and SAP 5.0 support?

  Hi all,
  does anybody know if the IDM will support SAP 5.0 (ECC 5.0)? Customer is using IDM + SAP HR ActiveSync adapter and wishes to upgrade their SAP 4.7 to "ECC 5.0". I don't even know what ECC 5.0 is, but it should be "SAP 5.0".
  Will this version of SAP be supported?
  Many thanks,
  Ivan

  Hi
  IDM 6.0 supports SAP R/3 v4.5,4,6 ad 4.7 and SAP Enterprise Portal V6.20 SP2+
  Thanks

• Identity Management requirement

  sir,
  we have a Identity management project implementation. i am gathering IDM docs regarding where to start, what is the pre requisites for implementing Idenetity management project. i am going to take this a challenge. please give your valuable suggestions (details)
  regards
  ramesh

  Hi Ramesh,
  installation and sizing is easy, practice for complex requirements will need some time...
  Installation and Sizing:
  Have a look at the PDF for the installation overview, provided with the install files. Usually, you only need a sizing between the explained S or M.
  Practice:
  The follwing site will help you: https://www.sdn.sap.com/irj/sdn/nw-identitymanagement?rid=/webcontent/uuid/f0b68fb1-d8af-2a10-2a8e-cc431c15bb39&anchor=section2.
  Go through the tutorials for the Identity Center and make your own scenarios. Especially the "Identity Management for SAP System Landscapes: Configuration Guide" is good to set up scenarios in the Identity Center with SAP Systems and Directories. There are also prerequisities and limitations in this document. "Identity Center - Identity Store Schema" gets into details about the data model. There are additional blogs, e.g. getting HCM data via SAP PI instead of VDS, if you intend to implement this.
  Best regards,
  Nils

• SAP GRC - SAP IDM integration

  Hello,
  may I ask you how SAP GRC Access Control can be integrated with Identity Management?
  I would like a description of the model and to understand if CUP, ERM, RAR are all mandatory components to do the integration (it's not clear to me if only CUP should be use to integrate IDM).
  Thank you to all
  Daniela

  Hi Daniela,
  there are two basic options of integrating Netweaver Identity Management and SAP BusinessOBjects Access Control:
  - CUP can call IdM to provision roles to non-SAP systems through IdM
  - IdM can call CUP to hand over a request (or parts of it) for SoD and critical transaction checks
  As a third option, I have seen customers using both tools in parallel, provisioning users and master data through IdM and assigning SAP authorizations through CUP/RAR.
  The best kind of integration for your scenario is something that depends on your requirements and your desired processes. Technically you can do a lot, but it makes sense to invest the effort to find out what the best option is in your exact case.
  Kind regards,
  Frank.

• Advantage and disadvantages of SAP IDM & Microsoft Identity management Tool

  Hi Folks,
  I am looking some points on SAP IDM and Microsoft tool for Identity Management. I am looking below mention points.
  1. Difference in the feature and prize.
  2. Limitation
  3. Solution architecture for both
  Relevant answers will be rewarded.
  Regards,
  Akshay Shail

  Hi,
  I can add some points about SAP NW IdM. Regarding your question about the prize: If you only connect SAP systems (it can handle all types of SAP ABAP and SAP Java Systems) they don't charge you extra, because it's already in the NetWeaver license. Furthermore, if you use the SAP Central User Administration: It isn't further developed and will be replaced by SAP NW IdM.
  The systems you mentioned can be connected, I think these are basics for everey IdM solution. HR interation is possible with SAP IdM, don't know about the other solution in this point.
  There are some whitepapers and presentations about SAP NW IdM: https://www.sdn.sap.com/irj/sdn/nw-identitymanagement?rid=/webcontent/uuid/f0b68fb1-d8af-2a10-2a8e-cc431c15bb39&anchor=section2.
  Nevertheless, your question about limitations and solution architecture probably needs a PoC if you want to answer them in deep.
  Best regards,
  Nils

• ActiveDirectory - SAP IDM integration in Identity Life cycle Management

  Hi Experts
  In our landscape SAP HCM is supposed to be  the  leading data source and SAP IDM takes identity information from SAP HCM.  From SAP IDM it will provision into Active directory and other third party systems, Sap systems.
  Here are the questions
  1) How  can we leverage on the investment on Active directory after  SAP IDM -Active directory investment ?  I mean after SAP IDM comes to a landscape,  Active directory will only be used to login to domain and for authentication if for java system Active directory have been set as user data source.  What are the other advantages of Active directory- SAP IDM integration as Active directory will not be leading data source and identity information will be in identity store.?
  2) After the user details are taken from SAP HCM system, will  the user record will be created in SAP IDM on Identity store ?  Is it where we actually assign the SAP IDM business role and the related technical role  to the  user? 
  3) Suppose if we assign a business role " employee " , will IDM actually create user id in all target system and assign all the technical roles? . Or we have to manually select each repository for target system in Identity center and  select the privileges and provision it ?  Will there be any automated feature that after assigning the business role to identity in identity store users and roles get automatically provisioned on all the target systems?
  Thank you in advance for your help.

  Hi Matt,
  Thank you very much.
  Only change we have is before approval it should go to GRC AC check all the compliance   and only after that it is approved and it should come back to SAP IDM  .
  I am actually looking for a tutorial which actually shows how you assign a business role and the whole procedure of SAP IDM automatically provisioning to target systems which you have just explained.  I suppose there is no such exact tutorial and I want to know how we can configure this on SAP IDM . Any  specific clues?
  Also  I am describing the exact steps that will follow . Correct me if I am wrong.
  1) User id will be created on AD with same user name and password as it is in Identity store. Will be assigned AD groups
  2) Create same user in Portal and make the user data source as AD and will assign the technical role portal as per the business role definition
  3) create same user in all abap systems and set abap database as user data source and assign the technical role needed as per the business role definition
  4) Create same user in third party systems  and with the privileges on their target systems as per the business role definition.
  With this provisioning stops. I suppose all the above steps will be automatically done by SAP IDM with no manual interaction required after final approval. Correct me if I am wrong.
  So some other information i wanted is
  1) When you assign business role at work flow,  how exactly SAP IDM  know about the target systems that user should be created and  assigned roles and made their authentication source.
  for eg:- for  a  business role "employee"  should get  access to ERP with role X,  AD with group Y, Portal with role Z.  So in work flow when business role employee is assigned  how SAP IDM will know that user should be created on to ERP with role X,  AD with group Y, Portal with role Z. Can you explain technically along with  detail steps? Or how exactly we configure a business role which knows the target systems and their techical roles.
  Thank you once again for the fabulous help . You/Matthew is a tremendous  help in understanding SAP IDM better.

• Integration of MS Active directory with SAP Identity management

  Hello
  I am implementing SAP identity Management  7.1with external tools MS active Directory with Single sign on using SAP IDM . Is there any documentation as to how do I connect SAP IDM with MS AD with the roles and their user provisioning process .
  Also does anyone have a architectural work flow template  on this process .

  Hi
  I guess, using VDS you can achive this. ref the LDAP connection part.
  https://websmp203.sap-ag.de/~sapidb/011000358700001449652008E
  https://www.sdn.sap.com/irj/sdn/nw-identitymanagement
  Regards
  Shridhar Gowda

• SAP Identity Management Job/Position to Roles mapping

  Hi All,
  I am working on sap identity management 7.1 and use case is the one where HCM is the source of all employee data.
  When i extract employee data from HCM, i need to find the roles the employee  has based on their position
  I have an excel sheet that describes this mapping in two columns(position/role).
  My question is this :
  I have two choices :
  1- Create MX_role in IDM with an attribute position and load the excel sheet. Then when i receive data from HCM, i will do a select on the roles having the position which will give me the MXREF_ROLE for the user.
  2- I would create positions as MX_ROLEs and load the excel sheets with the aclual roles as childs of the position roles. This way once i put MXREF_ROle=position in MX_PERSON, the user will get through inheritance : the roles and the privileges that inherited from the position.
  Any idea if anyone tested any of these cases ?
  Any other suggestions are welcome.
  Thanks a lot

  Hi Jack,
  From what I understood, you have MX_ROLE with an attribute position(POSITION_ID), if that is the case, the select will look like:
    select * from idmv_vallink_basic where mskey in (
        select mskey from idmv_vallink_basic where mcattrname like 'POSITION_ID' and             mcsearchvalue like 'POSITION_ID_VALUE' and   mskey IN (
                    select mskey from idmv_vallink_basic where  mcattrname='MX_ENTRYTYPE' AND                          mcsearchvalue like 'MX_ROLE')); 
  If the case is not like that, just explain it with more details and I'll try to make another select.
  Kind Regards,
  Simona Lincheva

• SAP IDM on Solution Manager with Change Request Management

  Hi Experts,
  I'm facing a question. Does SAP Identity Management manage association between user in Solution Manager and links in PPOMA_CRM tree for Ticket validation on Change Request Management project ?
  It seems that it could be done using Compliant User Provisioning from GRC Access Control application.
  Thanks for your help,
  Ben

  Hello Ben,
  as far as I know currently there is no "business level" integration between IdM 7.1 and SAP Solution Manager. You only can create SU01 user data as for any other SAP ABAP system.
  I have heard that it is planned for the future to integrate the Solution Manager also in the business suite integration options the IdM product already provides for applications such as CRM, SRM and others.
  Nevertheless you could create your own implementation for your requirements.
  Regards,
  René Feister
  SAP Consulting Germany

• How to use Virsa with SAP  Identity Management?

  I have been assigned to handle my company's  SAP Identity Management and
  I am asked to use Virsa control.
  I am not quite clear about the relationship between the 2 SAP products.
  Would you please help? Thanks!

  Jennifer,
     There is no product called virsa control by SAP. Virsa was a small company which made different solution for SOX compliance. It was acquired by SAP. If you are talking about SAP BusinessObjects Access Control 5.3 then see the links below to understand the integration between SAP IdM and SAP AC 5.3.
  https://www.sdn.sap.com//irj/sdn/go/portal/prtroot/docs/library/uuid/b0aafd33-e662-2a10-a197-dd3137f7f7e0
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/b0da2dba-0480-2b10-a7ae-f055ab6e9355
  Regards,
  Alpesh

• Execute PowerShell Scripts via SAP NetWeaver Identity Management

  Hello,
  Has anyone implemented the execution of a PowerShell script from SAP NetWeaver Identity Management (7.1, 7.2, 8.0?).  Currently implementing 8.0, and our client is looking to kick off PowerShell scripts that would generate Active Directory accounts, Exchange accounts etc.
  Thanks!

  Hey Brendan,
  We've done this out of a 7.2 implementation for exchange 2010 admin processes.  We started with running powershell via a command line pass.  It worked pretty well but it wasn't plain sailing.  We used positional parameters to pass data to the scripts in question, we also had to come up with a return process that deals with any errors that might come of the powershell session.  We had some issues with the shell sessions closing after the script completed.
  We've since redesigned and now drop flat files to a constantly running powershell script that acts a bit like an IDM dispatcher (but obviously not integrated with IDM).  It kicks off other powershell sessions and monitors their progress allowing it to process time outs, stack work up, etc.
  We also found timing the processes to be an issue.  If you create an AD account in IDM and then try to immediately move onto mailbox enable (for example) the account we created wasn't yet replicated to exchange so we had to build wait time into various parts of the process.
  Thanks,
  Pete.

• SAP Netweaver Identity Management

  When does the sap defined Global JScript gets listed in the identity center console?

  Maybe you want to know that you have to import the SAP Provisioning Framework into your Identity Center.
  It's located in the installation directory, e.g. "C:\Program Files\SAP\IdM\Identity Center\Templates\Identity Center\SAP Provisioning framework"
  After import you can find the Global JScripts where Zaheer told you
  Thats what you needed?
  Regards
  Michael

• The CENTRAL SOURCE OF INFORMATION about SAP NetWeaver Identity Management

  Check out the central homepage for "SAP NetWeaver Identity Management" on the SDN:
  The direct link to <a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/sdn/nw-identitymanagement">SAP NetWeaver Identity Management</a> can be found using the following menu path:
  - SAP NetWeaver Product
  - Complementary Offerings
  - <a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/sdn/nw-identitymanagement">SAP NetWeaver Identity Management</a>
  Here you will find all kind of information about the product.
  Have fun!
  Kristian

  Congratulations!
  Very Nice!

• Sun Identity Manager (IDM)

  Any one any docs on SUN Identity Manager ? i have some doubts

  I have a feeling that it will be a never ending question as to the migration steps. For the time being, if you must "migrate", i would suggest re-evaluating what is being done in the Sun IDM system and develop a project plan to implement the same connectors, recon the data from Sun IDM or target, and then use OIM.
  -Kevin