Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

OIM - SAP CUA Connector - Unlocking Accounts

Former Member

‎08-31-2010 6:13 PM

0 Kudos

Hello All

We are implementing the Oracle Identity Manager connector for SAP CUA, and have the following concern:

If a user is locked manually by the SAP Security Administrator in a target SAP System (Prod for example), what is to prevent the End User from logging into OIM Self Service and unlocking themselves?

The OIM Connector Doc seems to state that the target system is unlocked regardless of locked state (meaning it sends an unlock request regardless of whether the user is locked or not).

How does this take Maintenance/Downtimes into consideration (where no business/end users should be in the system)? What about fraudulent or suspicious accounts (where the Security team has frozen/locked someone's account to prevent further activity)?

My thinking is that if an SAP Security Admin has locked an account, OIM should not unlock the account. The only unlocks which should take place are for Incorrect Passwords?

Just wondering if anyone has experience with OIM connecting to SAP CUA

2 REPLIES 2

Former Member

‎08-31-2010 9:19 PM

0 Kudos

> 

 
> My thinking is that if an SAP Security Admin has locked an account, OIM should not unlock the account.  The only unlocks which should take place are for Incorrect Passwords?
> 
> Just wondering if anyone has experience with OIM connecting to SAP CUA

Not worked with OIM, but worked with SAP IDM/GRC:

But I was asking why you would use CUA once you will have OIM working ?

1.you should have only a single point of user administration, why dont you lock the user from OIM instead of logging into CUA.

2.In our present project , DEV and QA we are using ACCESS enforcer for all user administration purposes with approval workflows, it works very well. security should not login to the systems without approval.

mvoros
Active Contributor

‎09-01-2010 12:30 AM

0 Kudos

Nigel,

your question looks more suitable for Oracle forum than SAP forum. In SAP you can see if user is locked by administrator or due to incorrect logons. Check domain definition for field USR02-UFLAG. I have no idea what logic OIM uses during locking but I guess that you have better chance to get an answer for your question on forum dedicated to OIM.

Cheers