cancel
Showing results for 
Search instead for 
Did you mean: 

IDM different systems

Former Member
0 Kudos

Hello!

Following scenario:

IDM and different systems:

example:

ERP 3x different users

EP 1x different users to ERP (user source LDAP)

CRM 2x

BI 2x

and so on...

Is it possible to handle SSO the to different backend systems also if the users have different user IDs?

Or FPN between portal standalone and portal (BI) also with different users?

So can the IDM handle the different user IDs, to get SSO to work without harmonize the different user IDs?

cheers, Christian

Accepted Solutions (0)

Answers (2)

Answers (2)

Frank_Buchholz
Advisor
Advisor
0 Kudos

Hi Christian,

well, NW IdM can easily handle different user accounts for one identity in different systems .

However, this doesn't help you concerning single sign-on.

If you are using the SAP Logon Ticket for a part of your system landscape then you have to use one (in some cases two are possible, too) user account for this part of the landscape.

If you are using other methods like client certificates, SAML or SNC then you usually have to deal with some kind of mapping between external id and internal account in a specific target system.

Conclusion: Within the SAP world you should use one user account per identity to be able to get SSO using the SAP Logon Ticket.

Kind regards

Frank

Former Member
0 Kudos

Christian,

Not sure what you're looking for here.

Your SSO solution would have to manage various user/ids passwords itself.

If you have users that would loginto IDM under different credentials this would need to be managed from the SSO application.

That being said, IDM will process SAP tickets, work with external LDAPs or the SAP portal if you need it to.

Can you expand on the use case a bit?

Thanks,

Matt

Former Member
0 Kudos

Thank you for your answer!

Use case:

We have different portals with different user stores (Act.Dir., ABAP). In fact the user id's are not the same.

We want to set up a FPN bewteen this portals. And therefor we need SSO (remote role) which is not possible with different user id's.

Could the IDM handle this issue?

BR, Christian

Former Member
0 Kudos

Christian,

With SSO solutions you generally need to have some common attribute that can be used as the central bind ID.

There's a few ways to do this:

1. Data cleansing to set up new/update account names and provide a common standard

2. Use Metadirectory/synchronization technologies to help create other attribtues to be used for bind credentials.

Please contact me via my SAP business card for more information on how this can be done.

Cheers,

Matt