Netweaver Identity Management 7.1 Concepts

Similar Messages

• The CENTRAL SOURCE OF INFORMATION about SAP NetWeaver Identity Management

  Check out the central homepage for "SAP NetWeaver Identity Management" on the SDN:
  The direct link to <a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/sdn/nw-identitymanagement">SAP NetWeaver Identity Management</a> can be found using the following menu path:
  - SAP NetWeaver Product
  - Complementary Offerings
  - <a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/sdn/nw-identitymanagement">SAP NetWeaver Identity Management</a>
  Here you will find all kind of information about the product.
  Have fun!
  Kristian

  Congratulations!
  Very Nice!

• Execute PowerShell Scripts via SAP NetWeaver Identity Management

  Hello,
  Has anyone implemented the execution of a PowerShell script from SAP NetWeaver Identity Management (7.1, 7.2, 8.0?).  Currently implementing 8.0, and our client is looking to kick off PowerShell scripts that would generate Active Directory accounts, Exchange accounts etc.
  Thanks!

  Hey Brendan,
  We've done this out of a 7.2 implementation for exchange 2010 admin processes.  We started with running powershell via a command line pass.  It worked pretty well but it wasn't plain sailing.  We used positional parameters to pass data to the scripts in question, we also had to come up with a return process that deals with any errors that might come of the powershell session.  We had some issues with the shell sessions closing after the script completed.
  We've since redesigned and now drop flat files to a constantly running powershell script that acts a bit like an IDM dispatcher (but obviously not integrated with IDM).  It kicks off other powershell sessions and monitors their progress allowing it to process time outs, stack work up, etc.
  We also found timing the processes to be an issue.  If you create an AD account in IDM and then try to immediately move onto mailbox enable (for example) the account we created wasn't yet replicated to exchange so we had to build wait time into various parts of the process.
  Thanks,
  Pete.

• Netweaver identity management comparison

  Hi
  I would like a comparison of   Identity management products including Netweaver Identity management.
  please help me with any whitepaper or discussion document.

  Hi Biswajit,
  if you search for Gartner and user provisioning you will find their often quoted magic quadrant. Unfortunately the document is high-level with a focus on sales and information about SAP IdM is just outdated. You will find mainly German information on kuppingercole.com. Interesting are some scenarios like in a PoC where vendors have to cope some tasks - but I couldn't find a comparison which includes SAP IdM.
  It just depends on the focus you have on Identity Management. I see advantages for SAP IdM in a flexible data management and good provisioning rules in a heterogenous environment. With the 7.1 release you will get pretty workflows in the SAP Portal. It's also recommended as a replacement of the CUA. Other vendors may have a focus on authentification or use a Virtual Directory instead of a database.
  Best regards,
  Nils

• Netweaver identity management RFP response

  Any one with sample Netweaver identity management RFP response

  Esther,
  That's a function of experience and reading SAP's documentation.  Please contact me via direct message for more discussion on this as I think will will go outside of SAP's forum rules.
  Cheers,
  Matt

• Need information about notification with SAP Netweaver Identity Management

  Dear Experts,
  I need some informations about send e-mail from SAP NIM. We want to send an e-mail after creation of sap users etc.
  Please note that today we have a Domino/Lotus server.
  I  undertsood that we can send e-mail through the Identy Center (IC) component. But I did not find how to set up this solution? I did not find architecture informations?
  Could you please provide me the different configuration steps?
  Should I install another component? Or I just have to configure my SMTP Server?
  Also, have you got the best practices for this step?
  Thanks a lot for your help
  Regards
  Hocine NAÏ

  Hello,
  For notification, first you need to create a repository of generic type and provide the lotus notus host details in the repository constant.
  Eg:
  EMAIL_SERVER                     abc.def.com
  EMAIL_ORIGINATOR              orignator mail ID
  Then create a task with the "To Generic" type Pass.
  Select the name of the function below in the Next data entry of the Destination tab of the pass.
  and provide the attribute and value as below:
  MSKEYVALUE                                   %MSKEYVALUE%
  EMAIL_RECIPIENT                               recipients mail ID
  EMAIL_SUBJECT                                 Hello %DISPLAYANEM%
  LOCATION                                          %LOCATION%
  Eg of a Function to sent mail is shown below:
  function SendEmail(Par){
       Recipient = Par.get("EMAIL_RECIPIENT");
       Subject = Par.get("EMAIL_SUBJECT")
       Location = Par.get("LOCATION");     
       Body = "This is a report from SAP NetWeaver Identity Center at %$ddm.date% %$ddm.time%<BR><BR>";
       Body = Body + "Your location is <B>" + Location + "</B><BR>";
       Body = Body + "<BR>";
       Body = Body + "Best regards<BR>";
       Body = Body + "MaXware AS<BR>";
       UserFunc.uSendSMTPMessage("%$glb.EMAIL_ORIGINATOR%", Recipient,Subject,Body,"%$glb.EMAIL_SERVER%",1);

• NetWeaver Identity Management Screen Locking Up

  When I go to the identity management screen, it gets into some kind of llop. I know it is some kind of loop because I can see the cursor flashing and I have sound turned on the pc and I here it clicking. To get out of it I have to bring up the task manager and kill it.
  Any idea of how to fix this?

  If you are using IE9 you probably have to use compatibility mode. Web dynpro doesn't seem to like IE9.
  [http://windows.microsoft.com/en-US/windows7/why-do-some-webpages-look-incorrect-in-internet-explorer-9|http://windows.microsoft.com/en-US/windows7/why-do-some-webpages-look-incorrect-in-internet-explorer-9]

• SAP Netweaver Identity Management

  When does the sap defined Global JScript gets listed in the identity center console?

  Maybe you want to know that you have to import the SAP Provisioning Framework into your Identity Center.
  It's located in the installation directory, e.g. "C:\Program Files\SAP\IdM\Identity Center\Templates\Identity Center\SAP Provisioning framework"
  After import you can find the Global JScripts where Zaheer told you
  Thats what you needed?
  Regards
  Michael

• Running Netweaver Identity Management SP 2 with Oracle 10g

  Hello,
  I'm having some troubles installing NW IDM SP2 on Oracle 10g in a Windows 2003 (32 bit) environment.
  According to my MMC snap in, I am running Identity Center 6778-ORA-04.2008.
  I installed the updates per the installer to Schema update level (186 I think)
  I then downloaded the update ORACLE script pack to bring it up to Schema update 198.
  However I am getting the following message:  There is a mismatch between the latest schema update (6778-ORA-04.2008) and the program version (7.0.6753)
  Is there something else I need to download?
  This only seems to affect the MMC snapin.  I am able to access the Workflow and Monitoring interfaces.
  Thanks for your help!

  Hi,
  It is useful to refer below SAP note.
  https://websmp230.sap-ag.de/sap(bD1qYSZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1069458
  It says,
  "When you start the Identity Center user interface you will see a warning that there is a mismatch between the installed databse update and the installed version of the Identity Center user interface. This warning can be ignored."
  And the warning message like above will disappear if you install Identity Center SP2 patch1or2.
  Best Regards,
  Daisuke Ikari

• Federated identity management  on SAP IDM

  Hi Guys
  Does SAP IDM support federated Identity Management.  If so can you give some configuration documents or how exactly it is possible?.
  Please shed some lights into this.
  Thank you.

  Hi All,
  SAP support have confirmed the following.
  SAP NetWeaver has some federation capabilities with varying
  support in different components (SAML 1.1) SAML 2 support
  is planned in a future release.
  SAP NetWeaver Identity Management does not have federation
  support on its own. This could be introduced in future releases.
  Does Any one know how SAML 1.1 support Federation capabilities?  Which all sap netweaver platforms have them?

• URGENT: Does ALBPM support RadiantOne Identity Management?

  Hi Expert,
  Please help to answer this question.
  1. Does ALBPM support RadiantOne Identity Management?
  2. What is the standard protocol to configure to RadiantOne?
  3. Any documentation on Identity Management Configuration?
  Thanks

  Hi All,
  SAP support have confirmed the following.
  SAP NetWeaver has some federation capabilities with varying
  support in different components (SAML 1.1) SAML 2 support
  is planned in a future release.
  SAP NetWeaver Identity Management does not have federation
  support on its own. This could be introduced in future releases.
  Does Any one know how SAML 1.1 support Federation capabilities?  Which all sap netweaver platforms have them?

• Confusion with a current state of Oracle Identity Management

  I would like to know if anyone has successfully implemented the complete suite of IdM. If yes, please share this experience. I want to clarify the definition of "successful integration". It should include the following:
  - SSO for Partner applications
  - SSO for External (third parties) applications
  - Provisioning and Synchronization
  - Delegated Administration
  - WNA with Kerberos
  - SAML implementation (optional)
  I would appreciate all answers on this subject

  To restart from your initial question, it's quite strange because the components you mention are all included in the AS10g Enterprise Edition or in AS10g Portal, and are perfectly integrated. I know numerous customers which use Oracle Portal, for instance, and leverage on SSO (patner or external), Delegated Administration (DAS) , Synchro with AD server and Windows native authentication, without a single line of specific code. Provisioning is done automatically by DIP in the case of Portal with AD, as well, or with a Human resource system. Even the password synchro can be made betwwen AD and OID (Oracle LDAP)
  Now, it's a sligthy different discussion if we consider the recent acquisitions made by Oracle, and which are sold in the so call : Oracle Identity management 10g.
  OAM (previously Oblix) is a more ambitious product that Oracle SSO.
  OIM (provisioning and identity management) is far more sophisticated than Oracle DIP.
  The goal, for Oracle, is to unify the workflow engine and the Human interface (with ADF). This task is probably on the rails for the next year.
  OVD (previously OctetSting) is an architectural component which allow virtualisation of LDAP server.
  About Federation, OIF allow all existing Oracle Portal customer (using SSO) to rely on SAML tokens in order to trust partners site.
  So, in my opinion, acquisitions oblige to make a substantial effort to unify human interface and make arbitration between some concepts, but it's within the Oracle means.

• Java class integration with Oracle Identity Manager 9.1.0.2

  Hello Friends,
  I have a java class that is responsible for sending notifications, my question is how do the relationship of this class with the Oracle Identity Manager 9.1.0.2 so you can take the class and notify users when an application is approved or rejected.
  Any recommendation for this process.
  Thanks for the support
  Edited by: JLK on Jun 12, 2012 5:20 PM

  Hi
  Java class integration with OIM happen through concept of adapters. You can go through OIM documentation of how to create adapters.
  In your case you should create a process task adapetrs adn attach it on the Approved response code in your approval process.
  Desingn Console --> Process management --> Process definition --> <Apprlication Process Ex: AD User>.
  Alternatively you can also send notification using OIM OOTB email templates.
  Regards
  user12841694

• Error when starting UI for first time (Identity Management 7.1)

  Hello. I've installed Identity Management 7.1 on top of a fresh Netweaver 7.0 (patch 17)
  Now,I want the UI up and going. I've used the SAP-NW_IdM_IC_Install_IdMUI_7-1.pdf document as reference for setup. I can't find anything missing but still i get an errormessage when trying the http://                  (Welcome)
  ! Java.lang.NullPointerException
  Tjenesten er nede                   (Service is Down)
  Kan ikke hente MSKEY for sperret bruker (Cannot get MSKEY for locked user)
  What's wrong?
  Appreciate some help
  Regards Günther Schnell

  I too encountered this error.  After taking a look at the default trace file I observed the following error:
  Error#1#/System/Database/sql/jdbc/direct#Java#com.sap.sql_0003##SQL error occurred on connection CLKLABVM3
  IDM:mxmc_db:dbo: code=207, state="S0001", message="Invalid column name 'recoverpwdfailtask'."; SQL statement is "select is_id,resultsize, workflowrepository,enablepwdprovisioning,PwdUseDictionary,ChkPwdHistory,wfWelcomeFieldHeader,wFwelcomeFieldFooter, recoverpwdtask, recoverpwdfailtask,authqminvalues,authqalternateattr,authqalternateboth,authqalgorithm,authqpar1,authqpar2,authqpar3,authqgetpwdmethod,authqaddpwdtoume, maxloginattempts,authqStep1,authqStep2,authqStep3,authqStep4 from mxi_idstores where is_id=?".
  In order to resolve this, I had to apply the latest update (ICDESIGNTIME01_0-10007480) for the IDM design time.  The update will add the missing column tot he table structure. 
  As per the instructions, ensure that you make a backup of your database before applying the patch.

• Using Netweaver ID Management to map Business Partners

  Kristian,
  The Netweaver ID management is linked to (e.g.) a Business Partner based on SAP HR and maps roles like authorisation, based on roles and tasks based on protocols like LDAP. It is a strong and usefull framework.
  Can SAP ID management also be linked to the Business Partner, in such away such that the role of a Business Partner in a "network of business relations" can be used in determining access rights?
  1)
  As an example, if in a purchaseorder a vendor is identified with a role for a person of that vendor (as mapped in SRM) can then this ID be used to set access to the purchase order and the underlying case (of that logistics order)?
  2)
  Or as another example, if a payment is not recieved, and a collections case is made, can this then be accessed by the Business Partner associated to the collections case as bailiff?
  Of course we touch on issues such as IDentity federation here.
  albert kuiper

  Albert,
  currently SAP does not offer a special connector for the integration between identities (in the Identity Center) and business partners (in CRM, SRM, ...) which would be neccessary to support the describved scenario.
  However, we know about the requirement and are checking how to solve the isssue with one of the later releases.
  Kind regards
  Frank Buchholz