1.1. Changing fullname, display name, address, etc work - but salutation or title info doesn't display correctly (only when language independant).
1.2. Can lock the user - but not unlock.
can you check the provisioning job update user and capture the details of Lock attribute in the Job log.
Problem cannot be at Source.
1.3. Can change password (self service or via Management tab) - but password "disappears" and user can't login again via the UI or directly thru the LogonGUI.
We got two attributes for User i.e Password and Encrypted Password.By default Encrypted Password in Used in SAP Provisioning and Passord attribute is used for UME system.
Even i faced some problem when trying to decrypt the encryped password..i Unchecked the ecrypted properties of MX_ENCRYPTED_PASSWORD atrribute ...and removed the script for the Password field in the Provisioning process.
1.4. If the user's password expires, he gets prompted to change it - this change works fine.
After "devouring" all the documentation I could fine... I read in the Release Notes the following:
2.1. Users are authenticated by the SAP NetWeaver AS Java (and not by the Identity Center). The password policy of the Identity Center is not used.
= enabling or disabling "password provisioning" in the Password Policy tab makes no difference then?
password provisoioning of IDM can be used to synch with UME ..as similar to fIrst name last name from UME
2.2 The login task does no longer exist since the authentication is done by the SAP NetWeaver AS Java (UME).
= ok I get this part...
right.
2.3 Change of password is handled by SAP NetWeaver AS Java (UME) and the change password task is no longer available.
= so the Password Reset tab is also "pointless"?
All the users are provisioned depnding on their system specific roles/privileges..since we didnt assign any UME role to the IDM users we cant provision User changes to UME system..if we want to do so then we can explicity add a job where it uses UME details as the target system... Password reset tab will chnage the Password of IDM user that can be used to provision to the UME system..
u can define the event tasks for Password attribute as UME Password Provisioing job.
IDM is very flexible from event programming perspective.
2.4 A user's MSKEYVALUE is used as the UME logon ID.
= right
yes we can find the MSKEYVALUE as UME login ID in inital UME loads
2.5 Password reset is handled by SAP NetWeaver AS Java. See SAP NetWeaver Identity Management Identity Center Implementation Guide u2013 Self-service password reset for details
= (what should I do with this?) I did get this working but stopped with some error about the "encrypt password".
AS MENTIONED unchek the ecryption option for MX_ENCRYPTED_PASSWORD and pass the valUe directly to the provisioning process AS %MX_ENCRYPTED_PASSWORD% inplace of script.
My SAP landscape is pretty standard (no custom fields/attributes) - so the IDM Provisioning framework should work "out of the box" - in my understanding...
yes it will ...
Any ideas?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.