cancel
Showing results for 
Search instead for 
Did you mean: 

Consuming and exposing services in IdM?

Former Member
0 Kudos

Hello there, I have several requirements in my IdM project that cannot be satisfied by the standard SAP provisioning framework and I was wondering if it would be possible to instead expose some functionality in the target system as services and consume these services inside javascripts? An example is the handling of structural authorizations which in our company is a little more complex than elsewhere. I should be able to represent structural profiles as privileges in IdM, but with the standard SAP provisioning framework I am not able to provision the profiles. A similar challenge exists with analysis authorizations in BI. I should be able to represent these authorizations as privileges, but I need a way to provision assigned analysis authorizations.

My idea is to conceal the functionality I need in the back end system in a web service which I would then like to be able to consume in a javascript in a script run in IdM. Is this possible?

Similarly for some automated assignements of data access profiles, I would like to be able to determine inside a javascript what part of the organization a user belongs to. Our current setup is that we push data from HCM into a staging area inside the Identity Center through the use of the VDS. The employee data that is received from HCM is used when determinining which users should be setup in the target systems. Would I need to enrich the extract of data from HCM to include the organizational model and represent it in the HCM staging area or would it be a better approach to expose services in HCM that could be consumed from inside IdM?

Exposing services in IdM is another topic. I seem to have read somewhere that it is possible to expose stored procedures in the underlying database (SQLserver) as web services, but do I have similar functionality for tasks and jobs in IdM?

Best regards,

Anders

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

Best practice seems to be to configure the Identity Services as a document here on SDN describes. ./Anders