Workflow Jobs in SAP Identity Management
Hello Experts,
We have SAP Idm 7.1, Novell eDirectory and GRC AC 5.3 Installed successfully.
Now, I have to create 2 workflow jobs in SAP IdM 7.1 for Novell eDirectory.
1- One job to query the Novell IDM Vault for any new identities and populate NW IDM.
2- The second job to query Novell IDM to determine if any identities have been changed from u2018Activeu2019 to u2018Terminatedu2019. If the ID has been changed to u2018Terminatedu2019 then lock the SAP ID and remove the roles, and set the User Group to u2018Expiredu2019, and set the expiration date to the day prior to termination."
Can anyone let me know, how can I create those 2 workflow jobs?
Thanks,
Haleem
the implementation guide contains an error:
in the class MyOnSubmit{...
the head of the function should be:
public IdMValueChange[] onSubmit(Locale aLocale, int aSubjectMSKEY, int aObjectMSKEY, Task aTask, IdMSubmitData aValidate) throws IdMExtensionException {
the guide defines the task as int.
br
Andreas
Similar Messages
-
SAP Identity Management Job/Position to Roles mapping
Hi All,
I am working on sap identity management 7.1 and use case is the one where HCM is the source of all employee data.
When i extract employee data from HCM, i need to find the roles the employee has based on their position
I have an excel sheet that describes this mapping in two columns(position/role).
My question is this :
I have two choices :
1- Create MX_role in IDM with an attribute position and load the excel sheet. Then when i receive data from HCM, i will do a select on the roles having the position which will give me the MXREF_ROLE for the user.
2- I would create positions as MX_ROLEs and load the excel sheets with the aclual roles as childs of the position roles. This way once i put MXREF_ROle=position in MX_PERSON, the user will get through inheritance : the roles and the privileges that inherited from the position.
Any idea if anyone tested any of these cases ?
Any other suggestions are welcome.
Thanks a lotHi Jack,
From what I understood, you have MX_ROLE with an attribute position(POSITION_ID), if that is the case, the select will look like:
select * from idmv_vallink_basic where mskey in (
select mskey from idmv_vallink_basic where mcattrname like 'POSITION_ID' and mcsearchvalue like 'POSITION_ID_VALUE' and mskey IN (
select mskey from idmv_vallink_basic where mcattrname='MX_ENTRYTYPE' AND mcsearchvalue like 'MX_ROLE'));
If the case is not like that, just explain it with more details and I'll try to make another select.
Kind Regards,
Simona Lincheva -
Integration of MS Active directory with SAP Identity management
Hello
I am implementing SAP identity Management 7.1with external tools MS active Directory with Single sign on using SAP IDM . Is there any documentation as to how do I connect SAP IDM with MS AD with the roles and their user provisioning process .
Also does anyone have a architectural work flow template on this process .Hi
I guess, using VDS you can achive this. ref the LDAP connection part.
https://websmp203.sap-ag.de/~sapidb/011000358700001449652008E
https://www.sdn.sap.com/irj/sdn/nw-identitymanagement
Regards
Shridhar Gowda -
How to use Virsa with SAP Identity Management?
I have been assigned to handle my company's SAP Identity Management and
I am asked to use Virsa control.
I am not quite clear about the relationship between the 2 SAP products.
Would you please help? Thanks!Jennifer,
There is no product called virsa control by SAP. Virsa was a small company which made different solution for SOX compliance. It was acquired by SAP. If you are talking about SAP BusinessObjects Access Control 5.3 then see the links below to understand the integration between SAP IdM and SAP AC 5.3.
https://www.sdn.sap.com//irj/sdn/go/portal/prtroot/docs/library/uuid/b0aafd33-e662-2a10-a197-dd3137f7f7e0
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/b0da2dba-0480-2b10-a7ae-f055ab6e9355
Regards,
Alpesh -
Basics of SAP Identity Management
Hi All
Currently i need to explore SAP Identity Management , what it is and how to implement, if any one have docs or guides or links then it would be great help to me.
How exactly the Identity Management works??
Thanks,
Sapuser1342
Edited by: TRanSAP on Jun 2, 2011 3:35 AMThis is the overview document:
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/10c33889-cc14-2a10-a7a8-a8eef7483dee?quicklink=index&overridelayout=true -
Identity Management 8.0 - SAP Provisioning Forms UI display
Hi guys!
I'm trying to setup a new environment with SAP Identity Management 8.0, using the standard SAP Provisioning Framework.
I've already followed all install guide and configuration steps, but the Web forms for default provisioning tasks are not appearing on the Self Service tab or Manage tab. I've already tried to modify the forms to let anonymous and everyone to execute the form, but no clue.
The tabs appears OK, but no tasks are available to choose
We are using the lastest patches available until today.
Any help would be appreciated.Hi Eduardo,
Please go to the forms and right click over the Identity folder.
The option Show Folder in User Interface should be selected
If this doesn't help please try restarting the JMX and check your Datasource.
Regards,
Todor -
Using SPML for Identity Management in EJB WebService
Dear All,
I have a requirement af using SPML(Service Provisioning Markup Language) for Identity management. Identity management is used to manage the user like deleting a user, modifying, adding a user etc for a application.For that the request for all these functions need to be made using the SPML. The idea is that first the data used to make any request will come from the SAP R3 using an EJB which will retrieve that data by calling a BAPI via JCO and then it is needed to be passed to the entitlement system using the SPML.Thus I have to publish a web service which will get data by calling BAPI and give it to entitlement system using SPML and how can I achieve it?. I have less knowledge about SPML, your guidence will help.
Thanks & Regards,
SamirThere is a document on the SAP Service Market Place that covers the SPML in the UME APIs. This quote is from the [UME documentation|http://help.sap.com/saphelp_nw04s/helpdata/en/5b/5d2706ebc04e4d98036f2e1dcfd47d/frameset.htm]:
SPML Support
The UME APIs support access using the Service Provisioning Markup Language (SPML). For more information, see service.sap.com/security > Security in Detail > Secure User Access > Identity Management > SAP Identity Management APIs.
-Michael
Edited by: Michael Shea on Jan 17, 2008 9:01 AM -
Integrate external identity management solution in SAP GRC Access Control
We need to integrate an external identity management solution into SAP GRC Access Enforcer. Some white paper mention extensibility is provided by web services. It seems that none of these web services are documented. Does anybody have infos about these services and documentation. Any hint is appreciated.
thanks
DetlefUnfortunately Access Enforcer doesn't implement a number of critical requirements and implementing it "as is" would be a lot of steps backwards in our process.
what do the published webservices do? Is there any documentation about them?
In a part of our process, we must manually pick the current roles(1), the pending roles(2) (roles that were approved but not given due to training prerequisites) and the requested new roles(3) and make the simulation in the VCC.
The information (1) and (2) and (3) we have in our internal system, the information (1) we have inside VCC and (2) and(3) must be manually inputted by the operator to run the simulations. Since this operation is repeated 6000+ times a month in my company, eliminating this manual input will cause a great gain in efficiency.
Other thing that we want to do is to create a job where it would automatically desassociate the mitigating controls if the user does not have the risks anymore (users can lose roles automatically in some events here, so it would be coherent that the user also loses the associated mitigating controls)
IMHO as a former programmer, these are classic cases where I would like to consume some webservices for this tasks to avoid a lot of ctrc ctrlv from the operators (inefficient and error prone)
VCC has any documentation that would help me to find how I would do this integrations?
Thanks in advance -
SAP Audit Management - standard workflow available for the audit component?
Hi,
Is there any standard workflow setup available in SAP for any of the audit components, as part of Audit Management?
I tried doing a Where-Used list for BO's BUS20300 and BUS20350, but could not find any workflow templates or tasks.
Regards
DeepthiHi,
We dont have any standard workflow templates for SAP AM. You can also verify it under PLM_AUDIT package-business engineering.
We delegated the AM BOs and developed custom workflows to achieve our functionality.
Regards, -
The CENTRAL SOURCE OF INFORMATION about SAP NetWeaver Identity Management
Check out the central homepage for "SAP NetWeaver Identity Management" on the SDN:
The direct link to <a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/sdn/nw-identitymanagement">SAP NetWeaver Identity Management</a> can be found using the following menu path:
- SAP NetWeaver Product
- Complementary Offerings
- <a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/sdn/nw-identitymanagement">SAP NetWeaver Identity Management</a>
Here you will find all kind of information about the product.
Have fun!
KristianCongratulations!
Very Nice! -
Federated identity management on SAP IDM
Hi Guys
Does SAP IDM support federated Identity Management. If so can you give some configuration documents or how exactly it is possible?.
Please shed some lights into this.
Thank you.Hi All,
SAP support have confirmed the following.
SAP NetWeaver has some federation capabilities with varying
support in different components (SAML 1.1) SAML 2 support
is planned in a future release.
SAP NetWeaver Identity Management does not have federation
support on its own. This could be introduced in future releases.
Does Any one know how SAML 1.1 support Federation capabilities? Which all sap netweaver platforms have them? -
JSM : Job Management in SAP Solution Manager - Questions ?
01. I want to use the job request process in SAP Solution Manager. Which
technical prerequisites need to be fulfilled to use this functionality ?
02. I am using a service desk other than the SAP Solution Manager service
desk. How can the job request information be forwarded to this service desk?
03. I want to create a job request via a link in your companyu2019s intranet. What
authorizations does my user need to create the job request?.
04. What is the consequence if i assign the job in your job documentation to a
logical component instead of a business process?
05 How can i configure the monitoring for a job scheduled with job
documentation?
RgdsHello,
you should have a look into SAP note 1054005 - "FAQ: Job Scheduling Management with SAP Solution Manager" for technical requirements. If the job doc is not assigned to a business process then BPMon cannot be used for the respective job.
All other questions should have been answered at [http://wiki.sdn.sap.com/wiki/display/SM/FAQJobSchedulingManagement|http://wiki.sdn.sap.com/wiki/display/SM/FAQJobSchedulingManagement]
Best Regards
Volker -
Configuration Guide Job Scheduling Management with SAP Solution Manager
Dear Gurus
Could you please help me with the configuration guide of the Job Scheduling Management with SAP Solution Manager
Best RegardsHello Luis,
the configuration activities can be accessed via the "Implementatiopn Guide" by calling transaction SPRO in your SAP Solution Manager system.
In SPRO navigate to -> SAP Solution Manager -> Scenario-Specific Settings -> Job Scheduling Management -> Standard Configuration and execute the following two activities.
1. Activate Solution Manager Services
2. Set Up Work Center for Job Scheduling Management
Make sure that your user has role SAP_SM_SCHEDULER_EXE (or_ADMIN) assigned.
Afterwards you should be able to access the Job Management Work Center and to create Job Documentation or to import Jobs from a Managed System into new Job Documentations.
The following SAP notes might be usefuly as well:
1054005 - FAQ on Job Scheduling Management
1117355 - Work Center roles
Kind regards,
Martin
http://service.sap.com/jsm -
Advantage and disadvantages of SAP IDM & Microsoft Identity management Tool
Hi Folks,
I am looking some points on SAP IDM and Microsoft tool for Identity Management. I am looking below mention points.
1. Difference in the feature and prize.
2. Limitation
3. Solution architecture for both
Relevant answers will be rewarded.
Regards,
Akshay ShailHi,
I can add some points about SAP NW IdM. Regarding your question about the prize: If you only connect SAP systems (it can handle all types of SAP ABAP and SAP Java Systems) they don't charge you extra, because it's already in the NetWeaver license. Furthermore, if you use the SAP Central User Administration: It isn't further developed and will be replaced by SAP NW IdM.
The systems you mentioned can be connected, I think these are basics for everey IdM solution. HR interation is possible with SAP IdM, don't know about the other solution in this point.
There are some whitepapers and presentations about SAP NW IdM: https://www.sdn.sap.com/irj/sdn/nw-identitymanagement?rid=/webcontent/uuid/f0b68fb1-d8af-2a10-2a8e-cc431c15bb39&anchor=section2.
Nevertheless, your question about limitations and solution architecture probably needs a PoC if you want to answer them in deep.
Best regards,
Nils -
Execute PowerShell Scripts via SAP NetWeaver Identity Management
Hello,
Has anyone implemented the execution of a PowerShell script from SAP NetWeaver Identity Management (7.1, 7.2, 8.0?). Currently implementing 8.0, and our client is looking to kick off PowerShell scripts that would generate Active Directory accounts, Exchange accounts etc.
Thanks!Hey Brendan,
We've done this out of a 7.2 implementation for exchange 2010 admin processes. We started with running powershell via a command line pass. It worked pretty well but it wasn't plain sailing. We used positional parameters to pass data to the scripts in question, we also had to come up with a return process that deals with any errors that might come of the powershell session. We had some issues with the shell sessions closing after the script completed.
We've since redesigned and now drop flat files to a constantly running powershell script that acts a bit like an IDM dispatcher (but obviously not integrated with IDM). It kicks off other powershell sessions and monitors their progress allowing it to process time outs, stack work up, etc.
We also found timing the processes to be an issue. If you create an AD account in IDM and then try to immediately move onto mailbox enable (for example) the account we created wasn't yet replicated to exchange so we had to build wait time into various parts of the process.
Thanks,
Pete.
Maybe you are looking for
-
When I arrive at a website on my mac, videos automatically pen, I want them set on "pause" when I arrive. Is that possible?
-
Getting nullpointer exception in Tomcap using getRealPath()
Hi, I have the following code snippet, but getting nullpoint exception when I try to read a file in jsp. String realPath = this.getServletConfig().getServletContext().getRealPath("//AUDIT_TRAIL.xml"); File fileDef = new File(realPath); Can someone te
-
Essential of my problem is folloving: when i have just attempted to add some tools on my brouser-pane it is cleared up - the necessery tools are missing ( Only three of all former icons are had available ). Say me please, how can I get another icons
-
What do red circles with minus sign mean?
Just set up time machine on my new Mac Pro, and on the first backup it made, several of the folders have red circles with a minus sign in them on the backups. When I try to open them off the backup it tells me I don't have permission. I am the only u
-
var w = new Window ("palette"); var f = File ("~/Desktop/Script tests/Icons/folder.png"); var a = File ("~/Desktop/Script tests/Icons/accept.png"); var button = w.add ("iconbutton", undefined,ScriptUI.newImage ( f,undefined, a, undefined), {style:'t