Netweaver identity management comparison
Hi
I would like a comparison of Identity management products including Netweaver Identity management.
please help me with any whitepaper or discussion document.
Hi Biswajit,
if you search for Gartner and user provisioning you will find their often quoted magic quadrant. Unfortunately the document is high-level with a focus on sales and information about SAP IdM is just outdated. You will find mainly German information on kuppingercole.com. Interesting are some scenarios like in a PoC where vendors have to cope some tasks - but I couldn't find a comparison which includes SAP IdM.
It just depends on the focus you have on Identity Management. I see advantages for SAP IdM in a flexible data management and good provisioning rules in a heterogenous environment. With the 7.1 release you will get pretty workflows in the SAP Portal. It's also recommended as a replacement of the CUA. Other vendors may have a focus on authentification or use a Virtual Directory instead of a database.
Best regards,
Nils
Similar Messages
-
The CENTRAL SOURCE OF INFORMATION about SAP NetWeaver Identity Management
Check out the central homepage for "SAP NetWeaver Identity Management" on the SDN:
The direct link to <a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/sdn/nw-identitymanagement">SAP NetWeaver Identity Management</a> can be found using the following menu path:
- SAP NetWeaver Product
- Complementary Offerings
- <a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/sdn/nw-identitymanagement">SAP NetWeaver Identity Management</a>
Here you will find all kind of information about the product.
Have fun!
KristianCongratulations!
Very Nice! -
Execute PowerShell Scripts via SAP NetWeaver Identity Management
Hello,
Has anyone implemented the execution of a PowerShell script from SAP NetWeaver Identity Management (7.1, 7.2, 8.0?). Currently implementing 8.0, and our client is looking to kick off PowerShell scripts that would generate Active Directory accounts, Exchange accounts etc.
Thanks!Hey Brendan,
We've done this out of a 7.2 implementation for exchange 2010 admin processes. We started with running powershell via a command line pass. It worked pretty well but it wasn't plain sailing. We used positional parameters to pass data to the scripts in question, we also had to come up with a return process that deals with any errors that might come of the powershell session. We had some issues with the shell sessions closing after the script completed.
We've since redesigned and now drop flat files to a constantly running powershell script that acts a bit like an IDM dispatcher (but obviously not integrated with IDM). It kicks off other powershell sessions and monitors their progress allowing it to process time outs, stack work up, etc.
We also found timing the processes to be an issue. If you create an AD account in IDM and then try to immediately move onto mailbox enable (for example) the account we created wasn't yet replicated to exchange so we had to build wait time into various parts of the process.
Thanks,
Pete. -
Netweaver identity management RFP response
Any one with sample Netweaver identity management RFP response
Esther,
That's a function of experience and reading SAP's documentation. Please contact me via direct message for more discussion on this as I think will will go outside of SAP's forum rules.
Cheers,
Matt -
Need information about notification with SAP Netweaver Identity Management
Dear Experts,
I need some informations about send e-mail from SAP NIM. We want to send an e-mail after creation of sap users etc.
Please note that today we have a Domino/Lotus server.
I undertsood that we can send e-mail through the Identy Center (IC) component. But I did not find how to set up this solution? I did not find architecture informations?
Could you please provide me the different configuration steps?
Should I install another component? Or I just have to configure my SMTP Server?
Also, have you got the best practices for this step?
Thanks a lot for your help
Regards
Hocine NAÏHello,
For notification, first you need to create a repository of generic type and provide the lotus notus host details in the repository constant.
Eg:
EMAIL_SERVER abc.def.com
EMAIL_ORIGINATOR orignator mail ID
Then create a task with the "To Generic" type Pass.
Select the name of the function below in the Next data entry of the Destination tab of the pass.
and provide the attribute and value as below:
MSKEYVALUE %MSKEYVALUE%
EMAIL_RECIPIENT recipients mail ID
EMAIL_SUBJECT Hello %DISPLAYANEM%
LOCATION %LOCATION%
Eg of a Function to sent mail is shown below:
function SendEmail(Par){
Recipient = Par.get("EMAIL_RECIPIENT");
Subject = Par.get("EMAIL_SUBJECT")
Location = Par.get("LOCATION");
Body = "This is a report from SAP NetWeaver Identity Center at %$ddm.date% %$ddm.time%<BR><BR>";
Body = Body + "Your location is <B>" + Location + "</B><BR>";
Body = Body + "<BR>";
Body = Body + "Best regards<BR>";
Body = Body + "MaXware AS<BR>";
UserFunc.uSendSMTPMessage("%$glb.EMAIL_ORIGINATOR%", Recipient,Subject,Body,"%$glb.EMAIL_SERVER%",1); -
NetWeaver Identity Management Screen Locking Up
When I go to the identity management screen, it gets into some kind of llop. I know it is some kind of loop because I can see the cursor flashing and I have sound turned on the pc and I here it clicking. To get out of it I have to bring up the task manager and kill it.
Any idea of how to fix this?If you are using IE9 you probably have to use compatibility mode. Web dynpro doesn't seem to like IE9.
[http://windows.microsoft.com/en-US/windows7/why-do-some-webpages-look-incorrect-in-internet-explorer-9|http://windows.microsoft.com/en-US/windows7/why-do-some-webpages-look-incorrect-in-internet-explorer-9] -
SAP Netweaver Identity Management
When does the sap defined Global JScript gets listed in the identity center console?
Maybe you want to know that you have to import the SAP Provisioning Framework into your Identity Center.
It's located in the installation directory, e.g. "C:\Program Files\SAP\IdM\Identity Center\Templates\Identity Center\SAP Provisioning framework"
After import you can find the Global JScripts where Zaheer told you
Thats what you needed?
Regards
Michael -
Running Netweaver Identity Management SP 2 with Oracle 10g
Hello,
I'm having some troubles installing NW IDM SP2 on Oracle 10g in a Windows 2003 (32 bit) environment.
According to my MMC snap in, I am running Identity Center 6778-ORA-04.2008.
I installed the updates per the installer to Schema update level (186 I think)
I then downloaded the update ORACLE script pack to bring it up to Schema update 198.
However I am getting the following message: There is a mismatch between the latest schema update (6778-ORA-04.2008) and the program version (7.0.6753)
Is there something else I need to download?
This only seems to affect the MMC snapin. I am able to access the Workflow and Monitoring interfaces.
Thanks for your help!Hi,
It is useful to refer below SAP note.
https://websmp230.sap-ag.de/sap(bD1qYSZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1069458
It says,
"When you start the Identity Center user interface you will see a warning that there is a mismatch between the installed databse update and the installed version of the Identity Center user interface. This warning can be ignored."
And the warning message like above will disappear if you install Identity Center SP2 patch1or2.
Best Regards,
Daisuke Ikari -
Netweaver Identity Management 7.1 Concepts
Please describe in brief each of the following topics and the useful links for the same with relation to NW IDM 7.1 asap.
Provisioning Design Document
IdM Transport Design
ECC Mini Master Provisioning
Provisioning Unit Test
Provisioning Build
AD Password ChangeI would suggest reviewing the documentation that comes with 7.1 and that can be found here on SDN.
https://websmp106.sap-ag.de/installguidesnwidm
/docs/DOC-8556#section2 [original link is broken]
Lots of little changes, and some major ones in how NW IDM relates to other SAP modules.
Matt -
Federated identity management on SAP IDM
Hi Guys
Does SAP IDM support federated Identity Management. If so can you give some configuration documents or how exactly it is possible?.
Please shed some lights into this.
Thank you.Hi All,
SAP support have confirmed the following.
SAP NetWeaver has some federation capabilities with varying
support in different components (SAML 1.1) SAML 2 support
is planned in a future release.
SAP NetWeaver Identity Management does not have federation
support on its own. This could be introduced in future releases.
Does Any one know how SAML 1.1 support Federation capabilities? Which all sap netweaver platforms have them? -
URGENT: Does ALBPM support RadiantOne Identity Management?
Hi Expert,
Please help to answer this question.
1. Does ALBPM support RadiantOne Identity Management?
2. What is the standard protocol to configure to RadiantOne?
3. Any documentation on Identity Management Configuration?
ThanksHi All,
SAP support have confirmed the following.
SAP NetWeaver has some federation capabilities with varying
support in different components (SAML 1.1) SAML 2 support
is planned in a future release.
SAP NetWeaver Identity Management does not have federation
support on its own. This could be introduced in future releases.
Does Any one know how SAML 1.1 support Federation capabilities? Which all sap netweaver platforms have them? -
Error when starting UI for first time (Identity Management 7.1)
Hello. I've installed Identity Management 7.1 on top of a fresh Netweaver 7.0 (patch 17)
Now,I want the UI up and going. I've used the SAP-NW_IdM_IC_Install_IdMUI_7-1.pdf document as reference for setup. I can't find anything missing but still i get an errormessage when trying the http:// (Welcome)
! Java.lang.NullPointerException
Tjenesten er nede (Service is Down)
Kan ikke hente MSKEY for sperret bruker (Cannot get MSKEY for locked user)
What's wrong?
Appreciate some help
Regards Günther SchnellI too encountered this error. After taking a look at the default trace file I observed the following error:
Error#1#/System/Database/sql/jdbc/direct#Java#com.sap.sql_0003##SQL error occurred on connection CLKLABVM3
IDM:mxmc_db:dbo: code=207, state="S0001", message="Invalid column name 'recoverpwdfailtask'."; SQL statement is "select is_id,resultsize, workflowrepository,enablepwdprovisioning,PwdUseDictionary,ChkPwdHistory,wfWelcomeFieldHeader,wFwelcomeFieldFooter, recoverpwdtask, recoverpwdfailtask,authqminvalues,authqalternateattr,authqalternateboth,authqalgorithm,authqpar1,authqpar2,authqpar3,authqgetpwdmethod,authqaddpwdtoume, maxloginattempts,authqStep1,authqStep2,authqStep3,authqStep4 from mxi_idstores where is_id=?".
In order to resolve this, I had to apply the latest update (ICDESIGNTIME01_0-10007480) for the IDM design time. The update will add the missing column tot he table structure.
As per the instructions, ensure that you make a backup of your database before applying the patch. -
Using Netweaver ID Management to map Business Partners
Kristian,
The Netweaver ID management is linked to (e.g.) a Business Partner based on SAP HR and maps roles like authorisation, based on roles and tasks based on protocols like LDAP. It is a strong and usefull framework.
Can SAP ID management also be linked to the Business Partner, in such away such that the role of a Business Partner in a "network of business relations" can be used in determining access rights?
1)
As an example, if in a purchaseorder a vendor is identified with a role for a person of that vendor (as mapped in SRM) can then this ID be used to set access to the purchase order and the underlying case (of that logistics order)?
2)
Or as another example, if a payment is not recieved, and a collections case is made, can this then be accessed by the Business Partner associated to the collections case as bailiff?
Of course we touch on issues such as IDentity federation here.
albert kuiperAlbert,
currently SAP does not offer a special connector for the integration between identities (in the Identity Center) and business partners (in CRM, SRM, ...) which would be neccessary to support the describved scenario.
However, we know about the requirement and are checking how to solve the isssue with one of the later releases.
Kind regards
Frank Buchholz -
Unable to see Default alias in Identity management
Hi Experts!!!!!
I have added a new system in the portal which connects my backend system, I have defined the system alias and in the screen it shows me the alias is ready for user mapping,
But i have selected SAPLOGON ticket, then the system is not visible in the identity management.But when i select uwidp the system is available for user mapping.Due to this the connector test gets failed.
I have seen in some of the posts and found that eu_role should be given in permissions i have done it.Does this needs server restart to make the changes to take effect.
What would be the problem I am able to see the alias in the other system when i selected SAPLOGON ticket.
After creating the alias do we need to make any changes?
I have followed the help document of SAP.
Regards,
Vamshi.Hi Vamshi,
basically, SAP NetWeaver Portal offers two different Single Sing-on techniques to connect seamlessly with integrated backend systems.
1) SAP Logon Ticket
2) User Mapping
This are two totally different techniques to achieve the same goal: Single Sign-on.
Using SAP Logon Ticket, the SAP NetWeaver Portal issues an encrypted and signed HTTP coockie containing the portal user's logon id. The backend system checks the ticket and authenticates the corresponding user.
Using User Mapping, the SAP NetWeaver Portal uses previously given backend credentials (username/password) to log into backend application on behalf of the users. The user can enter his credentials either via personalization dialog (therefore the user needs the eu_core_role) or in identity management.
If you select SAP Logon Ticket the user does not need to map his backend credentials. That's why you do not see the system in the identity management (tab user mapping).
However, if you select User Mapping (UIDPWD) and run a connection test the SAP NetWeaver Portal tries to log into the backend system using the mapped credentials of the current user. If the current user did not map any credentials (or if he entered wrong credentials) the connection test will fail.
Hope this helps you to understand how the portal works.
Best regards,
Martin -
Customize the Identity Management Web Dynpro iView
Hi SDN
I need to customize the Identity Management Web Dynpro iView in order to add certain functionalities to the application. I would also like to know the path from where this type of standard application needs to be downloaded.Please let me know if there is a way to download this project into Netweaver Developer Studio and modify it.
Thanks in Advance
BashaHi Basha,
As you are trying to modify a standard Webdynpro application, I believe that we can achieve that with the help of JDI only. Once you have that configured in NWDS then you can call the standard wdp project to modify. Ofcourse, I don't have a solution as I too am new to it and trying with it now
Regards,
NR
Maybe you are looking for
-
What are id3 tags and which versions should I use? In iTunes, I have versions: 1.0,1.1,2.2,2.3 and 2.4. Which is the best for burning MP3 cd's to play in my car? Also, even though my car has an MP3 player, it sometimes has trouble reading the songs a
-
Trash won't delete--Dialog box says: "...not have sufficient privileges"
Help!! The dialog box, which is labled "Trash" at the top, says in full: "The operation cannot be completed because you do not have sufficient privileges for some of the items." I did the following, which had no effect on this problem. 1. I ran Repai
-
HELP!!!
-
Are there any payment gateways that will display the BC invoice number in transaction info?
MI've been told by BC suppor that this functionality is not available for Paypal, and am wondering if any Payment gateways would support this. My client wants to see the invoice number (from BC) in each transaction in Paypal to be able to easily reco
-
How to configure reading pane in Mail
How does one configure the reading pane in such that it is on the right hand side in Mac Book Pro