cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Opinions on CUA vs IDM

Go to solution
Former Member

on ‎10-28-2009 2:30 PM

0 Kudos

Hello, I have been reading about IDM for a time now and attended all the workshops I could at Teched this year about the product. It looks great. However, let me give you a brief history. My company installed SAP in 1993 and their security design was to give each individual user their own "personal role" and have been adding transactions ad hoc to these roles since. I was hired on about 6 months ago as Security in order to clean this mess up and go to a position based model. (It is a long tedious task.....)

Now, we have 9 installs of SAP. I believe that since we don't have our roles in SAP laid out correctly yet, IDM provides us not much benefit. CUA is great, but also provides us no real benefit other than I can create users in one central location and not in 9 systems.

We have about 800 PRD users total. We are on ECC 6.0 in all systems except we also have SolMan 7.0 on one.

My short term goal is to get some sort of password synchronization for all these systems. Eventually I definitely want to make use of everything IDM has to offer.

What would be some of your opinions, recommendations, experience for something like this?

Thank you much,

Michael

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎11-03-2009 7:25 AM
0 Kudos

Hi Michael,

You can install IdM and get to know the product without affecting your SAP systems, by just getting IdM up and running and making sure you can import all users from Active directory or directly from the different SAP systems into the IdM Repository.

In addition, setup a test system or client where you can test the provisioning of users from the repository to a SAP system.

If you get that to work, you could start rolling out password synchronization.

At that point, you have everything in place to start provisioning roles once the company is ready for it.

While you're at it, make sure you define "business roles" roles in IdM and map these to technical roles which can be distributed to your SAP systems.

Kind regards,

Dagwin

Show replies
Show replies

Answers (1)

Answers (1)

Former Member
‎11-06-2009 8:36 AM
0 Kudos

> 

> Now, we have 9 installs of SAP. I believe that since we don't have our roles in SAP laid out correctly yet, IDM provides us not much benefit. CUA is great, but also provides us no real benefit other than I can create users in one central location and not in 9 systems. 
>

I think that's where IdM can help you or help you in laying out target system roles properly with business roles. The pain point is in designing the business roles that contain your technical roles (target system roles) so that meaningful set of rights is available to business users.

Show replies
Show replies
Former Member
‎11-10-2009 6:44 PM
0 Kudos

Thank you for your opinions. It does appear like IDM is the way to go for us. I am still struggling with getting it setup to test but will soon have it ready. Thanks again

Ask a Question