Proper setup of the IDM Account in SAP Backend

Similar Messages

• I'm new to mac and I'm not sure if I have made a proper setup of my email account

  I can receive some mails but not all. I'm receiving emails through my PC Outlook that I'm not receiving with the Mac Book Air Mail.
  I don't understand what is going on. Maybe something's wrong with my email account settings?

  If the setup assistant doesn't have your mail server in its database, then you'll have to find out from the service provider what the correct settings are.

• Initial Load and Reconcile of IdM accounts vs Resources. Any advices?

  Hellos.
  Time is now to begin the initial startup of Idm where target resources already have entries.
  Is there anywhere an idiots guide explaining to a novice IdM user the steps involved in loading and linking IdM accounts for the first time? I have to stress the guide has to be designed to meet novices needs i.e. those doing it for the first time.
  We are fairly confident in running IdM from day 1. What I am unsure about is the best techniques to employ on day 0 so that the first FF Async run on day 1 will update IdM accounts rather than attempt to reinsert them.
  We have 3 target resources: 1 AD 2 LDAP and 1 input FF Async source (plus a form for manual adds/mods)
  The targets hold a mix of contract staff and employees. The FF source holds just employees, the contactor's data is entered by hand.
  Am I being stupid if I do the following:
  1. Load IdM Accounts from latest FF source (employees)
  2. reconcile matching AD accounts by name.
  3. reconcile matching LDAP1 accounts by name.
  4. reconcile matching LDAP2 accounts by name.
  5. from unmatched AD accounts since an AD account must exist for current staff make 2nd load file for contractors and load these accounts into IdM.
  6. reconcile matching AD accounts by name
  7. reconcile matching LDAP1 accounts by name
  8. reconcile matching LDAP2 accounts by name
  9 examine the leftovers and manually correct the mispelt or erroneous ones treating the rest as ghosts.
  I am unsure just what the reconciliation is doing, I hope it builds the links between IdM and the resource.
  What I am trying to achieve is a situation where I end up at the end of day0 where I have all the Idm accounts in my repository and are correctly linked to resource accounts so that the FF async can manage the bulk of them
  I believe this has to be done for every IdM implementation. What I am after is advice and pointers to guidance from those who have had the experience of going though the implementation cycle at least once.

  I had a similar problem although I was doing a load from file and I was linking the account to the resource.
  I noticed you had:
  <Field name='accounts[ISA].created'>
  <Default>
  <s>true</s>
  </Default>
  </Field>
  Try using the following instead:
  <Field name='waveset.accounts[GrandSlamXML].created'>
  <Expansion>
  <Boolean>true</Boolean>
  </Expansion>
  </Field>     
  That is what worked for me.

• How to delete G/L account from Sap?

  Hello gurus,
  Can any one please suggest me the procedure how to delete the gl account from SAP?
  Regards
  K.srinivasrao

  Dear K.srinivasrao
  If there are any Transactions posted in GL Account you cannot delete the GL Account unless the balnce of the GL Account
  Go to OBR2 and delete the GL Account
  In FS00 U can Mark the GL Account for deletion
  hope this will help
  Regards
  CA.Prasad

• How to disable IdM Account

  ALL
  One of my requirement is to disable the IDM account of the users if they have not logged in for more than 60 days.
  I will also like to know where does IDM store the Last Logon Date for a user?
  Any ideas/suggestions are welcome.
  Thanks

  Another alternative is to register a deferred task, 60 days in advance, when the user logs in using the password login workflow. On each login you can just add a the deferred task which will disable the user's account when it runs (60 days from the time it was added). If there is already a deferred task added to the user there already then the old task is overwritten when a new one is added or it is removed when the task executes. So if the user logs in within the 60 day time frame then the old deferred task is removed and a new one is added. If they fail to login then the task executes.
  The only problem you have is the initial addition of the deferred tasks to all users but that can be accomplished with a custom workflow that you'd execute once.
  I do something similar to notify people of password expiry. When a user changes his password a deferred task is added that will generate an email notification some time in the future. (Existing deferred tasks are overwritten.) If the password is rotated often enough the notice is never sent out because deferred task never executes. If the password is not changed within the time frame the notice is sent out and eventually the account is locked.

• PDF generated in SAP backend to be stored in Cloud Proxy object

  Dear Colleagues,
  We generate the pdf file in SAP backend system and send the pdf as an attachment to email address. Along with this we also want to automatically have this pdf file stored in Cloud Proxy object. So that users can access these files in Cloud portal when needed.
  If anyone has expertise on this topic, please share or suggest the solution.
  Thanks,
  Arun

  Hi Arun,
  Would you like to achieve an automatic way to store the document in cloud portal? Can you elaborate a bit more?
  Check out this blog demoing the documents repository capabilities and read the official documentation here.
  I believe the public folder can fit for your needs.
  Regards,
  Eliel.
  Cloud Portal Development.

• Serialize IDOCs PI to SAP Backend

  HI,
  I need to serialize IDocs thats PI send to a sap backend system.
  rigth now we have one CC with max connection = 1 but it is not enough.
  but something is not clear at all for me.
  I need to send IDocs with QoS EOIO so, i asume that checking the parameter "Queue Processing" in the IDoc Receiver Channel the IDocs will sen them to SAP in EOIO, but that means --> One queue will be defined(in backend) for each IDoc that use this Channel?.
  If i set this functionality could i increase the parameter max connection to 10( for example) and the channel should know which queue was defined for each IDoc in the backend or it is not possible and I am thinking crazy things.
  Is it possible also to configure the transaction IDXQUEUE in SAP Backend?
  Best Regards.

  Searching for othar alternatives y found that is possible to change the QoS or the Queue id values in a Messager Mapping.
  Change Queue name in Message mapping
  http://help.sap.com/saphelp_nw04/helpdata/en/6e/ff0bf75772457b863ef5d99bc92404/frameset.htm
  but as i can see, there is not possible to access the variables QUEUE_ID and QUALITY_OF_SERVICE since those are ReliableMessaging's variables(help.sap link above)
  so i can access all Main's variables like SENDER_SERVICE, MESSAGE_ID, etc etc)
  How can i get access to this ReliableMessaging's variables from UDF or Adapter Module?
  In the thread above someone mentions that was not able to modify those values in a UDF but in a Adapter Module (i asume using the same code below) what could be the difference accessing frmo UDF o Adapter Module?
  UDF Code
  java.util.Map map;
  DynamicConfiguration conf = (DynamicConfiguration)container.getTransformationParameters().get(StreamTransformationConstants.DYNAMIC_CONFIGURATION);
  DynamicConfigurationKey qos = DynamicConfigurationKey.create("http://sap.com/xi/XI/System","QUALITY_OF_SERVICE");
  conf.put(qos,"EOIO");
  DynamicConfigurationKey key = DynamicConfigurationKey.create("http://sap.com/xi/XI/System","QUEUE_ID");
  conf.put(key,queueName);
  return "";

• What is the proper setup for Gmail on iOS

  I have been struggling with this since I made the switch to iPhone in November.   I use gmail and would like my emails to be sent from my own domain.   Exchange no longer works.  Any help is appreciated

  Google stopped supporting their version of Exchange (ActiveSync) unless you have a premium GMail account.
  The "proper" setup depends on your preferences and needs.
  You can use the standard iOS profile to set up your GMail account using the standard iOS Mail app, or use the GMail app.  The GMail app supports Push, the standard iOS GMail does not.
  If you want your Google contacts to be available on your iPhone, the GMail app will pull a contact into a new message without the contacts actually being installed in your iOS Contacts app, but of course they won't be available for any other purpose.  The standard iOS profile for GMail does not let you sync your Google contacts, so the best route is to set up your Google contacts as a CardDAV account:
  http://support.apple.com/kb/HT4872?viewlocale=en_US
  This is done as an additional account to your iOS GMail account (or just set up contacts only and use the GMail app).
  The GMail app does not provide Calendar or Notes support, only the iOS GMail profile does.
  Personally I use the standard iOS GMail account for Mail, Calendar, and Notes, and set up a separate CardDAV account to sync my Google contacts.  I'm OK with not having Push support for mail, there are more important things to fret over.

• SAP BPC installation - Errors during setup in the create database step

  Hi! I have a real big problem installing SAP BPC. It's a Microsoft multi-server installation.
  I've got two servers: 1) the database server with the SQL Database and Analysis Server 2) the application server with all the rest.
  I log on and I installed everything on the servers with a specific domain user: this user is administrator on both servers and even on SQL Server.
  My problem occours when I execute the "SAP BPC setup" on the application server: during the "create database" step I receive two errors:
  first error pop-up:
  Error ([SQL-DMO]This cache contains no result sets, or the current result set contains no rows.)
  second error pop-up:
  System.Data.SqlClient.SqlException: Cannot open database "ApShell" requested by the login. The login failed. Login failed for user MyDomain\MyUser
  After the SAP BPC setup:
  - in the SQL Database Engine the ApShell database was created
  - nothing for ApShell was created in Analysis Sever
  - in the Even Viewer of the database server I've got this error: Login failed for user 'MyDomain\MyUser'.
  It's very strange because if from the application server, using "SQL Server Management Studio" (always with 'MyDomain\MyUser'), I connect to the database server: I can login, create and delete databases on the SQL Database Engine and even on Analysis Server without any sort of problem.
  To complete my status, I can say you Analysis Sever is on the default port. I use SQL Server 2005 and I even tryed to reinstall it and SAP BPC but nothing change. 
  At this point I checked these two topics on this forum:
  Mulit-Server Install - Installation fails while creating AppServer Database
  Problem during BPC installation
  1) At first I tryied this solution:
  Into multiserver installation guide is specified that actually in case of multiserver environment you have to copy apshell.db9 file from installation kit into db server. Into a drive from where SQL server is able to read when you are doing restore with Management Studio.
  During the installation you have to go into advance options and to specified the path (local path from db server where you did the copy of apshell.db9).
  but nothing change: the "SAP BPC setup" problem I have still persists.
  2) Then I tryed this workaround:
  If so, you can try a "restore appset" from server manager. Rename the Apshell.db9 file (or copy it) and name it Apshell.bak
  During server manager restore, point only to the Apshell.bak file. Server Manager will tell you that webfolders and filedb files are missing, but it found the webfolders and filedb (again, only if the original bpc installation successfully created those folders)- and then it will try to restore Apshell.
  That may work in spite of whatever problem is keeping the installation program from performing the same tasks.
  but the "restore database" fails > I've got the error written in red: OLAP database - fail
  What can I do to solve the problem? If it is necessary, I can reinstall SQL Server and SAP BPC but I need to know the way to solve the setup error.
  Thanx very much in advance for your kindness if you can help me.

  Thanx very much to everyone for the kind support. Unfortunatly, my problem persists.
  - SQL server is EE.
  - I installed SQL server (including SSAS) using MyDomain\MyUser.
  - MyDomain\MyUser is windows administrator on both servers.
  - MyDomain\MyUser is SQL Server and SSAS administrator.
  - SSAS service is running under the same service account than the SQL Service. 
  - All my MSSQL services runs as Local System.
  - I'm installing SAP BPC using MyDomain\MyUser.
  - I also checked the SSAS service account specific rights to the SSAS data folders.
  SAP BPC installation still fails exactly as above (popup errors during SAP BPC setup, no ApShell etc. etc).
  In the database server, windows event viewer errors after the unsuccessful installation are:
  1) SOURCE: MSSQLSERVER
  Failure Audit: Login failed for user MyDomain\MyUser
  2) SOURCE: MSSQLSERVER
  BackupDiskFile::OpenMedia: Backup device 'MyPath' failed to open. Operating system error 5(Access is denied.).
  As regard as point 1: The Failure Audit error into the event viewer happens only during SAP BPC installation. Otherwise it is always Success Audit.
  Also, as I told you, if from the application server I connect with SQL Server console to SSAS, located on the database server, using MyDomain\MyUser: I can create delete SSAS dbs without any sort of problem.
  For point 2:
  I tried 4 differents SAP BPC installations as follows:
  - to go into advance options and to specified the path (local path from db server where I did the copy of apshell.db9).
  - to go into advance options and to specified the path (local path from application server where is the copy of apshell.db9).
  - to go into advance options and to specified the path (network path of a share folder with apshell.db9 and permissions to everyone)
  - to don't go into advance options and to don't specify the path.
  but every time nothing change: the "SAP BPC setup" problem I have during my initial post still persists. In the same way I written at the beginning of the topic.
  I don't know how to solve it.
  Edited by: Francesco Andolfi on Jan 5, 2011 6:37 PM

• HT1766 When I setup my new iPhone 5c I inadvertently entered wrong email address for apple id.  I cannot verify the email sent.  I have a new apple id, but can neither use nor delete the iCloud account.  How do I get an iCloud account for this phone?

  When I set up my new iPhone 5c I inadvertently used wrong email for setting up my apple id.  I have since setup an id with correct email, but cannot verify the first account.  I cannot delete it either.  How can I get an iCloud account for this phone?

  You said "have since setup an id with correct email, but cannot verify the first account.  I cannot delete it either. ".
  Why can't you verify it?
  Do you not receive the verification email address?
  If problem contact iTunes by:
  http://www.apple.com/support/itunes/contact/

• I setup a separate itunes account for my iphone. I put my ipod music onto it. The music will not sync to my iphone. It tells that all info will be lost if I do it. HELP! The music is showing in the library.

  I setup a separate itunes account for my iphone. I put my ipod music onto it. The music will not sync to my iphone. It tells that all info will be lost if I do it. HELP! The music is showing in the library.

  you can connect the iPhone to your mac and import those iPhone photos and videos to iPhoto assuming you have iPhoto. You can create a folder and export all those photos to the Finder. Keep safe somewhere.  Also keep the iPhoto library for safe keeping. When you restore your iPhone you can sync all those photos back to the iPhone. so you will lose nothing. Just remember when you export from iPhoto select jpeg for photos and original for videos taken with the iPhone.

• My Mac has been stolen, but I have my iCloud account setup. The "find my mac" app has found the apartment block it's in, but I need an IP address. Is there a way to see the IP address of my Mac through iCloud?

  My Mac has been stolen, but I have my iCloud account setup. The "find my mac" app has found the apartment block it's in, but I need an IP address for the police to go and claim it. Is there a way to see the IP address of my Mac through iCloud? I've tried to get the IP address through Gmail and Dropbox but no success. Is there any software that updates automatically that I could find the IP address through?

  Shouldn't the IP address be on the box you bought the machine in? If you have the box, take it to the police as evidence that it's your machine. If I were you, I would set the firmware password when you get it back, but make sure you have the password written down in a safe place. If you forget it, there's only two ways to reset it. Either pay $400+ for the tool that can do it, or pay almost nothing for Apple to do it, I think it depends on where you live. The firmware password is this encrypted password and it can't be hacked either. The password prevents anyone from booting the machine into recovery mode, thus preventing them from restoring the computer to factory settings or performing any other functions. It's not stored in the hard drive so replacing that will be of no use either.
  I hope you get your Mac back and I hope this was helpful!

• Update manager in IdM automatically when the manager changes in SAP HR

  Hi Experts
  I have been given a requirement where the manager of a user in IdM should be updated automatically when the manager changes in SAP HR.
  The HR extraction job is currently in place and runs every 30mins.
  Please could you give me some ideas on how to implement this.
  IDM 7.2 SP 6
  Thanks
  Ran

  Hi Deepak
  I have been discussing this a bit more in detail with the client. So, the issue is as follows
  When a new/replacement manager is hired
  When people are moved from one org unit to another
  The scheduled extraction job (RPLDAP_EXTRACT_IDM with a variant with the delta tick on) does not update the new manager info in IDM for the relevant users who report to that manager. The client has to run the program (RPLDAP_EXTRACT_IDM with a variant with the delta tick off) manually each time for the affected users which updates the manager info successfully in idm.
  I investigated the query LDAP_IDM_QUERY from user group /SAPQUERY/L1 and want to know if the below should be ticked as well. Your thoughts please?
  Please advise.
  Thanks
  Ranjit

• How to see the log that the account logons sap system?

  hi, all
  I want to know that how many times  does  the account(eg,sapuser)  log on sap system in one month.
  and, when did log on in every time?
  thanks and Regards.

  To Deepak Agrawal:
      thanks very much for your answer.
      SM04 will show current users who are logged into system   ,  i know  it.
      but  now i  don't want to get the  current logon information.
      I want to get the logon information of the account(eg.sap*)  at yesterday , or at the day before yesterday. ............
  Thanks and regards

• Where do I find the Group account number in SAP system

  Hi All,
  I have the same problem. I work in a company where all was installed and configured before my arrival and so I always need to do a lot of research to solve a problem.
  I tried somedays ago using txcode FS00 to create a new GL account but got stocked because the system requested a Group Account Number (Consolidation data in Charts of Accounts).
  I do not know where to find this number in the system. After a very long search, I have given up searching and hereby ask for your help.
  Can anyone tell me where to find the Group Account Number in the system. Is there a txcode for this? I tried already OBD4.
  As I am new in the SAP world, a step by step explanation will be appreciated.
  Many thanks in advance

  Hello aolowu
  Group Account Number field has lot of year/period end ramifications. Here is the definition " When you define the balance sheet and PL structures, then accounts are assigned to line items within the balance sheet and PL. This assignment is made either via the G/L account number or alternatively via the group account number given in this field. The usage of the group account number offers the advantage that by specifying a number, a group of accounts can be assigned immediately to the balance sheet or P+L item".  Suggest you work with a FI guy.
  To quickly get over however, you can enter the same number that you are creating in that field. At my current client, I have seen several accounts set up like this, although many of them have a different number there.