Integration of MS Active directory with SAP Identity management

Similar Messages

• Active Directory, GRC, and Identity Management

  I had originally posted this in the Security forum, but was directed here:
  A client I am working at would like to explore using Active Directory groups to assign SAP roles to users, both portal roles and ABAP roles. They are currently using Microsoft AD. However they have a requirement to use GRC Access Controls (v5.2) to assist with role maintenace and assignment for SOX compliance. I have been told that the Identity Management product can assist with integrating GRC and AD that will still allow for SOD checking/SOX compliance while role assignments can take place in AD.
  Does anybody have experience with using Identity Management either with or without GRC? Does in work with Microsoft AD or is it is own AD product? What was your experience with it?
  Are there any other products that can be recommended that will allow for integration between GRC Access Controls and Microsoft AD?
  Steve

  Hi Steve,
  We integrated SiteMinder(eTrust) from CA with the Portal and it is pretty good and stable.
  The one thing i like with SiteMinder is they are pretty stable and once it is configured the maintenance is very less and it is very stable also.
  Also, they provide integrations with major webservers and application servers.
  Cheers, Nag

• How to use Virsa with SAP  Identity Management?

  I have been assigned to handle my company's  SAP Identity Management and
  I am asked to use Virsa control.
  I am not quite clear about the relationship between the 2 SAP products.
  Would you please help? Thanks!

  Jennifer,
     There is no product called virsa control by SAP. Virsa was a small company which made different solution for SOX compliance. It was acquired by SAP. If you are talking about SAP BusinessObjects Access Control 5.3 then see the links below to understand the integration between SAP IdM and SAP AC 5.3.
  https://www.sdn.sap.com//irj/sdn/go/portal/prtroot/docs/library/uuid/b0aafd33-e662-2a10-a197-dd3137f7f7e0
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/b0da2dba-0480-2b10-a7ae-f055ab6e9355
  Regards,
  Alpesh

• How to integrate Active Directory with Oracle Weblogic

  hi
  is there any Oracle Document that descripes how to integrate the LDAP Active directory with Oracle Weblogic 10.3
  Regards
  Edited by: qasas on 28-Nov-2009 13:56

  weblogic docs (and there identity asserters) - http://one-size-doesnt-fit-all.blogspot.com/2008/12/configuring-wls-with-ms-active.html

• Outlook integration for ms outlook 2013 with SAP B1 9.0PL08

  Hi experts,
  I am not able to do outlook integration for ms outlook 2013 with SAP B1 9.0 PL08.
  Can anyone let me know, how to achieve this.?
  Is this supported by SAP B1 or not.?
  I have gone through several thread on sdn. I am not getting clear answer...Please let me know how to do this one..
  With Regards

  Hi,
  9.0 version will not support outlook 2013. Please check admin guide for installing 9.0 version.
  Thanks & Regards,
  Nagarajan

• Integration with SAP Records Management

  Dear SAP gurus,
  We are in SRM 7 EHP 1 with backend ECC 6 EHP 5. We are exploring PPS (Procurement for Public Sector) feature in SRM. We see that using PPS we can have integration with SAP Records Management. To be honest, I never see SAP Records Management so we want to confirm the functionality. Our legacy system require a electroning filing system, in which all documents related to procurement is scanned (whether it is document from system, or the one created manually), and then stored in a server in a pdf format.
  Does SAP Records Management have this functionality in which it stores the pdf doc inside one server? If not, what is exactly the functionality of SAP Records Management?
  Best regards,
  John

  Hi,
  SAP Record Management is now known as SAP NetWeaver Folders Management.
  Contact your NetWeaver consultant to imlement SAP NetWeaver Folders Management.
  Some important links:
  1. http://wiki.sdn.sap.com/wiki/display/HOME/SAPRecordsManagement
  2. http://www28.sap.com/businessmaps/0531547C7FE54C6A9E9B5850836F5E43.htm
  3. http://help.sap.com/saphelp_nw04/helpdata/en/f5/18fc39eb31a700e10000000a11402f/frameset.htm
  Regards,
  yaniVy
  reward if helps

• Integration SUS with SAP Invoice Management

  Hi,
  We are implementing the SUS portal (Supplier Self-Service) of SRM, together with SAP Invoice Management by OpenText. When you create an invoice in the SUS portal, it is send to the backend (ECC) as an IDoc of type INVOIC01.
  We can read this IDoc into SAP Invoice Management (SIM), through the IDoc interface, for which we have mapped the data fields in the configuration of SIM. This works fine for most of the fields, but we have difficulties with two fields.
  The SUS portal seems to put the ISO code of the unit of measurement (UOM) in the IDoc, but SIM expects the internal SAP UOM code. Similarly, the Service Entry Sheet number in the IDoc is only the external reference number, and not the internal SES number (which SIM needs).
  Is there any way to configure these fields (either in SUS or SIM), without having to make a conversion function module? I ask this question, because my client is really hesitant when requesting to make a development....
  Many thanks in advance for any suggestions that you make!
  Kind regards, Paul

  Hi Paul,
  If there is no way to change it in SUS (which I don't know as I don't know SUS), then I don't think there is an option other than using a own development for the conversion. Either using a conversion function module or using a custom business rule which does the conversion.
  Do you use the standard delivered function module /OPT/DP_INBOUND_IDOC_PROC as the processing FM? If not, maybe you could do the conversion in the processing FM (provided you already use a custom processor).
  Regards,
  Martin

• Error message is 'The Request Error : 400' with SAP Download Manager

  Hello,
  The authorization object SWDOWNLOAD (download software) is assigned to the My user ID.
  But I could not download below that file.
  SAP_ABA 710 (4~8)
  SAP_BASIS 710 (4~8)
  PI_BASIS 2006_1_710 (4~8)
  SAP_BW 710 (4~8)
  Error message is 'The Request Error : 400' with SAP Download Manager
  I logged on to SAP Service Marketplace, software download area /swdc.
  I have created objects in the download basket and have received approvals (->Maintenance-Optimizer) where required.
  I start the SAP Download Manager and the objects from the download basket are visible in the object list of the program window.
  After I choose "Objects for Download", the system starts the download.
  In the info-line (in the lower part of the window), the system displays the message 'Processing object...' and then 'The request failed: 400'.

  Hello,
  In these cases the following things should be checked:
  1.- Please be sure that you are using the latest Donwload Manager version
  2.- S-User and password should be active
  3.- Specify the proxy. Please refer to SAP Note 155954
  4.- It might be that you are not licensed for the product you want to download.
  If the checkings above are correct and the problem is still alive, I would recommend you to open an SAP customer message under component XX-SER-SAPSMP-SDM providing the following information:
  1.- The exactly software product name and package or stack number you try to download.
  2.- Attach to the message the results of the trace file generated as per note 574885:
  574885 - Download Manager: Generate trace file for analysis
  I hope this helps you.
  Regards,
  Blanca

• SAP Identity Management Job/Position to Roles mapping

  Hi All,
  I am working on sap identity management 7.1 and use case is the one where HCM is the source of all employee data.
  When i extract employee data from HCM, i need to find the roles the employee  has based on their position
  I have an excel sheet that describes this mapping in two columns(position/role).
  My question is this :
  I have two choices :
  1- Create MX_role in IDM with an attribute position and load the excel sheet. Then when i receive data from HCM, i will do a select on the roles having the position which will give me the MXREF_ROLE for the user.
  2- I would create positions as MX_ROLEs and load the excel sheets with the aclual roles as childs of the position roles. This way once i put MXREF_ROle=position in MX_PERSON, the user will get through inheritance : the roles and the privileges that inherited from the position.
  Any idea if anyone tested any of these cases ?
  Any other suggestions are welcome.
  Thanks a lot

  Hi Jack,
  From what I understood, you have MX_ROLE with an attribute position(POSITION_ID), if that is the case, the select will look like:
    select * from idmv_vallink_basic where mskey in (
        select mskey from idmv_vallink_basic where mcattrname like 'POSITION_ID' and             mcsearchvalue like 'POSITION_ID_VALUE' and   mskey IN (
                    select mskey from idmv_vallink_basic where  mcattrname='MX_ENTRYTYPE' AND                          mcsearchvalue like 'MX_ROLE')); 
  If the case is not like that, just explain it with more details and I'll try to make another select.
  Kind Regards,
  Simona Lincheva

• Configuration Guide Job Scheduling Management with SAP Solution Manager

  Dear Gurus
  Could you please help me with the configuration guide of the Job Scheduling Management with SAP Solution Manager
  Best Regards

  Hello Luis,
  the configuration activities can be accessed via the "Implementatiopn Guide" by calling transaction SPRO in your SAP Solution Manager system.
  In SPRO navigate to -> SAP Solution Manager -> Scenario-Specific Settings -> Job Scheduling Management -> Standard Configuration and execute the following two activities.
  1. Activate Solution Manager Services
  2. Set Up Work Center for Job Scheduling Management
  Make sure that your user has role SAP_SM_SCHEDULER_EXE (or_ADMIN) assigned.
  Afterwards you should be able to access the Job Management Work Center and to create Job Documentation or to import Jobs from a Managed System into new Job Documentations.
  The following SAP notes might be usefuly as well:
  1054005  - FAQ on Job Scheduling Management
  1117355  - Work Center roles
  Kind regards,
  Martin
  http://service.sap.com/jsm

• Basics of SAP Identity Management

  Hi All
  Currently i need to explore SAP Identity Management , what it is and how to implement, if any one have docs or guides or links then it would be great help to me.
  How exactly the Identity Management works??
  Thanks,
  Sapuser1342
  Edited by: TRanSAP on Jun 2, 2011 3:35 AM

  This is the overview document:
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/10c33889-cc14-2a10-a7a8-a8eef7483dee?quicklink=index&overridelayout=true

• Integrating Active directory  with oracle EBS 12.1.3 with 11g R2 database

  Hi,
  can any one let me know Integrating Active directory windows 2009 R2 with oracle EBS 12.1.3 with 11g R2 database software requirements and document ids for integrating.
  Is windows 2008 active directory is cerfied with 10g OID??
  regards,
  chandrasekhar.

  Hi
  I found exact note
  Is OID 10g/11g DIP Compatible / Certified With Microsoft Active Directory 2008 / Windows 2008 R1/R2? [ID 944298.1]
  From note:
  DIP 10g latest version (10.1.4.3) and DIP 11g up to PS4 / 11.1.1.5 Patchset releases integrations are certified with MS AD 2008 R1 only.
  DIP 11g certification with AD 2008 R2 is supported only with DIP 11g PS5 / 11.1.1.6 Patchset or higher.
  Note: Although DIP below 11.1.1.6 integration (synchronization, external authentication, etc.) with MS Windows / AD 2008 R2 may work, it is not officially compatible / certified. See also Note 1076018.1.
  Regard
  Helios

• Oracle 9i/10G DB authentication using Active Directory (with out OID)

  Hello All,
  We want to use a Single-Password authentication scheme using the Active
  Directory as the primary source for userId/Password.
  We don't want to use the Active Directory and OID bridge.
  As we have many databases and would like to configure all Databases to use Active
  Directory for Authentication. Our goal is to have single id/password across all
  the databases and any user should be able to login from any computer using their
  windows id/password, note that we don't want to use the OSAuthentication.
  We have read the documents provided by oracle for authentication using Active
  Directory, we were able to create Oracle Schema in Active Directory and were
  also able to register a DB with Active Directory and then created user as global
  user in Oracle Database and provided the DN of the user. When we tried
  authenticate with all this setup it comes back and says invalid ID/Password !!!
  And with 10G database we get the Oracle Error ORA-03113: end-of-file on communication channel !!
  Has any one tried or have information on Integrating Oracle to Auth against Active Directory?
  Envoirnment:
  Oracle DB Version: 9.2.0 and also tried on 10.0.1 with same results
  Operating System: Windows 2000/ Windows 2000 Server
  Constraint: We don't want to user OID ( as we don't have license for this
  product ! )

  I have a thread started similar to your request.
  OS Authenication on Windows
  Somewhere I read this. It works on Oracle 9i on Linux, but I have not tried it with Oracle 9i on Windows.
  SHOW PARAMETER OS_AUTHENT_PREFIX;
  SHOW PARAMETER REMOTE_OS_AUTHENT;
  CREATE USER OPS$SOMEUSER IDENTIFIED EXTERNALLY;
  GRANT CREATE SESSION TO OPS$SOMEUSER;
  For the username, I wonder if we are supposed to put the Windows Domain name as part of the username? Such as, for a Windows domain user MyDomain\SomeUser
  CREATE USER OPS$MYDOMAIN\SOMEUSER IDENTIFIED EXTERNALLY;
  I really wish Oracle or somebody created a guide or book on how to do this.

• How to integrate Active Directory with Primavera P6 8.2

  Dear All,
  I want to install LDAP for Integration with Active Directory for Primavera P6 8.2.
  Some advice please should i install Oracle Internet Directory and or Oracle Directory Service Manager for AD Integration.
  And should i install Fusion Middleware and or Service-Oriented Architectures (SOA) for integration for AD Integration.
  And what is the step by step procedure for the above installation with separate database if required.
  I want to install any above application or service on my weblogic environment.
  you can find the status of my web applications and enterprise applications services on the Weblogic Server Administration Console.
  p6 (Active)
  p6help (Active)
  p6tm (Active)
  P6Tutorials (Active)
  p6ws (Active)
  pr (Active)
  pr-help (Active)
  PrimaveraAPI (Active)
  Thanks in advance for your response.

  To provision LDAP user information for P6 EPPM for the first time:
  Caution: Ensure that all users are logged out of P6 EPPM to avoid a reset of the P6 Administrator application settings.
  Note: Verify which global profile is set as the default since this will be assigned to all provisioned users.
  1) Log into the P6 Administrator application.
  2) From the Authentication tab:
  a. Fill in the appropriate settings under the Authentication folder, and make sure that Login Mode is set to NATIVE.
  b. Fill in the appropriate settings under Database instance, and make sure that Authentication Mode is set to NATIVE.
  c. Click Save Changes.
  3) Restart the application server instance.
  Note: If you do not restart the application server instance, the settings will be restored to the previous configuration after the next step.
  4) Log into P6 as a user with privileges to create a new user.
  5) Creating User Accounts for P6 EPPM to add a new user (in Native mode) that exactly matches an LDAP server user with rights to read the LDAP directory. Make sure to assign a global profile that contains privileges to add new users and search the LDAP directory and assign the appropriate project profiles and module access.
  6) Log back into the P6 Administrator application.
  7) From the Authentication tab:
  a. Change Login Mode to LDAP.
  b. Change Authentication Mode to LDAP.
  c. Right-click the LDAP Connection Settings folder and select Test Connection.
  d. Click Save Changes.
  8) Restart the application server instance
  Note: If you do not restart the application server instance, the settings will be restored to the previous configuration after the next step.
  9) Log into P6 as the LDAP user created in step 5.
  a. On the Users page, click the Add icon. The Add Users from LDAP dialog box appears for you to provision users from the LDAP repository:
  Note: You must have the Add/Edit/Delete Users privilege and the Provision Users from LDAP privilege to search the LDAP directory. You do not need the Provision Users from LDAP privilege to import users from an LDIF file.
  1. Either click the Load LDIF button, or enter an LDAP query (for example, uid=*) under Search users. If a search was previously performed by a user with the privilege to search the LDAP directory, the last query entered by that user will appear.
  2. If you clicked the Load LDIF button, browse to the location of the LDIF file, and click Open. If you entered an LDAP query, click Search.
  Note: Depending on your P6 administrative configuration settings, you might be prompted to log into the LDAP server.
  3. A list of users will appear, grouped by status. For example, LDAP repository users that do not exactly match P6 EPPM users will be grouped together. If users exist in the LDAP repository, the User Name, Actual Name, E-mail, and Phone fields are populated (if you previously mapped those fields through the P6 Administrator application settings).
  Note: The User Name field is equivalent to the Login Name field in P6. The Actual Name field is equivalent to the Personal Name field.
  4. Select the option next to each user account that you wish to import, or select the option in the fields bar to select all users. New and modified users are automatically selected.
  5. Click Import.
  Note: The new users will be assigned the default global profile.
  follow the above mentioned procedure and let me know if its working.
  Ajishlal

• ACS 4.2.0.124 Appliance with Active Directory with windows 2008

  we have a solutions of 802.1x with Cisco ACS appliance wich is working fine, the soluction include two ACS appliance version 4.2.0.124, 02 remote Agent wich is setting up on windows 2003. The remote agent is integrated with Active Directory windows 2003. The computers have windows XP with service pack 2 and service pack 3, all computers do machine authentication and then user authentication. My customer in thinking in migrate the Active Directory windows 2003 to windows 2008. My question is ¿there wil be some problem with Active Directory 2008 with the current soluctión of ACS and 802.1x solution ? or I will have to do aditional task.     
  Marco

  Hi,
  You can find the suported Windows Server versions on the online documentation:
  ACS 4.2: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/installation/guide/windows/install.html#wp1041376.
  ACS 4.2.1: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2.1/Installation_Guide/windows/install.html#wp1041376.
  So, i would suggest you to double-check carefuly the Release and Service Pack of the new 2008 Servers and also the OS bit version to make sure you migrate to Win2008 but continue on a supported scenario.
  HTH,
  Tiago
  If   this helps you and/or answers your question please mark the question  as  "answered" and/or rate it, so other users can easily find it.