on 06-23-2009 2:50 PM
Hello!
Following scenario:
IDM and different systems:
example:
ERP 3x different users
EP 1x different users to ERP (user source LDAP)
CRM 2x
BI 2x
and so on...
Is it possible to handle SSO the to different backend systems also if the users have different user IDs?
Or FPN between portal standalone and portal (BI) also with different users?
So can the IDM handle the different user IDs, to get SSO to work without harmonize the different user IDs?
cheers, Christian
Hi Christian,
well, NW IdM can easily handle different user accounts for one identity in different systems .
However, this doesn't help you concerning single sign-on.
If you are using the SAP Logon Ticket for a part of your system landscape then you have to use one (in some cases two are possible, too) user account for this part of the landscape.
If you are using other methods like client certificates, SAML or SNC then you usually have to deal with some kind of mapping between external id and internal account in a specific target system.
Conclusion: Within the SAP world you should use one user account per identity to be able to get SSO using the SAP Logon Ticket.
Kind regards
Frank
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Christian,
Not sure what you're looking for here.
Your SSO solution would have to manage various user/ids passwords itself.
If you have users that would loginto IDM under different credentials this would need to be managed from the SSO application.
That being said, IDM will process SAP tickets, work with external LDAPs or the SAP portal if you need it to.
Can you expand on the use case a bit?
Thanks,
Matt
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you for your answer!
Use case:
We have different portals with different user stores (Act.Dir., ABAP). In fact the user id's are not the same.
We want to set up a FPN bewteen this portals. And therefor we need SSO (remote role) which is not possible with different user id's.
Could the IDM handle this issue?
BR, Christian
Christian,
With SSO solutions you generally need to have some common attribute that can be used as the central bind ID.
There's a few ways to do this:
1. Data cleansing to set up new/update account names and provide a common standard
2. Use Metadirectory/synchronization technologies to help create other attribtues to be used for bind credentials.
Please contact me via my SAP business card for more information on how this can be done.
Cheers,
Matt
User | Count |
---|---|
84 | |
24 | |
11 | |
9 | |
7 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.