cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Problem Identity Management User Interface login

Former Member

on ‎01-30-2011 4:07 PM

0 Kudos

Hello consultant:

We have installed and configurated IDM with following guides:SAP-NW_IdM_IC_Tutorial_GettingStarted_7-1 and SAP-NW_IdM_IdMForSAPSystems_Configuration_7-1

We have configurated HCM scenarios

Now we need log in Identity Management User Interface (http://host:50000/idm) but we have a problem , we only have access monitoring tab.

We have created role"idm" with following actions :

sap.com_tcidmjmx~ump.idm_authenticated

sap.com_tcidmjmx~ump.monitoring_administration

sap.com_tcidmjmx~ump.monitoring_support

We have add user in our Identity Store

Click the General Tab

Click Add user

Entry Type: MX_PERSON

User name: user with role idm with action sap.com_tcidmjmxump.idm_authenticated,sap.com_tcidmjmxump.monitoring_administration and

sap.com_tcidmjmx~ump.monitoring_support

Then we have created temporary self-service task for privilege assignment1. In the Identity Center, select the identity store and choose New/Folderu2026 from the context menu to create a new folder. Rename the folder to "IdM UI".

2. Select the folder and choose New/Unordered task group from the context menu. Rename the task to "Assign privilege".

3. Select the "Attributes" tab:

Entry type - Select "MX_PERSON" entry type. Choose "u2026" to open a dialog box from which you select the entry type.

4. Choose "Apply".

5. Select the "Access control" tab.

6. Choose "Addu2026" and fill in the following:

Allow access for: Select "Logged-in user or identity store entry".

ID store: Select the correct identity store. In this example "Enterprise People" is used.

On behalf of: There are two ways of creating a self service task. You either select "User or identity store entity" or "Relation - Self". Both ways are legitimate.

7. Choose "OK".

8. Choose "Apply".

But when we log in the url we only acces a monitoring tab

Please help me

Thanks and Regards,

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (6)

Answers (6)

Former Member
‎02-01-2011 4:08 PM
0 Kudos

Hello consultant:

We have created new Identity store(SAP_Master) and when we try adding privileges we don`t view anything in the url , but when we have added privileges in Enterprise People(identity store) , we view all tabs in the url.

We have readed SAP-NW_IdM_IC_Tutorial_GettingStarted_7-1.pdf and SAP-NW_IdM_IdMForSAPSystems_Configuration_7-1.pdf because we need created IDm with HCM SAP.

Our first problem is resolved but now when execute RPLDAP_EXTRACT_IDM report we obtein following errors with all person number:

Object Not Found

LDAP_CREATE failed

Entry already exists

When we log in the URL we have all tabs but we don`t know how work it.

Is there a guide that explains how to work with the URL?

Thanks

Show replies
Show replies
ChrisPS
Contributor
‎01-02-2014 4:13 PM
0 Kudos

Hi Esther - just to simplify things please start a new thread for the  RPLDAP_EXTRACT_IDM issue (make sure first to search old threads to see if you can find an answer) as this is seperate to the logon issues to the UI.

Also don't forget to reward points with helpful and/or correct answer if the issue is resolved with the help of the members here.

Best of Luck

Chris

IdM SCN Moderator

Former Member
‎02-01-2011 2:07 PM
0 Kudos

Hello consultant:

Now we have logged in the url but we view monitoring tab only.

We have add following roles our user:(solman_admin)

idm.authenticated

idm_monitoring_administration

idm_monitoring_support

We have added privilege our user in our identity center with botton "Add manager privileges"

In the url we view monitoring tab with different actions, distpacher status ,lob job ....with correct data.

Many thanks

Reagrds

Show replies
Show replies
Former Member
‎02-01-2011 3:14 PM
0 Kudos

Hi Esther,

did you make an inital load and after this tried to add a is user with manager privileges?

You have to create first the IS user with manager privileges and do initial load after this.

Maybe this is your problem.

Br,

Philip

Former Member
‎02-01-2011 12:22 PM
0 Kudos

Hello consultant:

Now the new url work fine , but we have the same problem without sp05

In the url only view Monitoring tab.

We have add java-user with "add privileges" button , but the problem persist.

We have created task Assig privileges in Identity Center for add "Self Service "tab(guide Installing and configuring the Identity

Management User Interface) , but we don`t view the tab only "monitoring" tab.

Many thanks

Show replies
Show replies
former_member2987
Active Contributor
‎02-01-2011 1:19 PM
0 Kudos

What did you need to do to solve the Access Denied / Server Down message?

Regarding your login problems, I would suggest the following:

1. Check how your UME roles are configured? Are the correct with regard to the install guide?

2. Is your Identity Store database (usually mxmc_db) correct? It might have become corrupted. Have you considered using mxmc_remove and then reinstalling via mxmc_install?

What database, Oracle or SQL Server are you using.

Regards,

Matt

Former Member
‎02-01-2011 11:50 AM
0 Kudos

Hello consultant:

We have apllied last package (sp05)

Now we have "add manager privileges" button.

We have upgraded BBDD,VDS,Identity Center and IDMIC.sca

But we have new error , now qhen we have logged in the url http://host:port/idm we obtein following error:

Access denied

Service is down

Please could you help me again

Thank you very much

Regards

Show replies
Show replies
Former Member
‎01-31-2011 8:15 AM
0 Kudos

Hello consultant:

In the IdM MMC we have added a user to the Identity store that exists in the AS Java(solman_admin)

In the MMC --> Identity Stores --> Pick the IdS that your AS Java points to - SAP_Master, and press the Add user button

In this moments we have a popup with following options.

Entry type->we have added MX_PRIVILEGE

User name->Solman_admin

But we unknown how tick the "Add Manager Privileges".

We have logged in the URL but we have the same problem , only monitoring tab is display.

We have readed in the Security Guide :

Access to the other tabs in the User Interface is controlled by assigning privileges in the identity store to the person entries.

u2022 MX_PRIV:WD:TAB_TODO gives access to the "To Do" tab.

u2022 MX_PRIV:WD:TAB_MANAGE gives access to the "Manage" tab.

u2022 MX_PRIV:WD:TAB_HISTORY gives access to the "History" tab.

But we unkown how do it

Many thanks for your collaboration

Regards

Show replies
Show replies
Former Member
‎01-31-2011 5:52 PM
0 Kudos

Hi Esther,

If you apply the latest support package you get the "Add Manager Privileges" tick box on add user.

Cheers,

Ian

Former Member
‎01-30-2011 4:26 PM
0 Kudos

Hello consultants:

Now we have the self service tab but the tab is empty

Available Self Service Tasks:

Many thanks

Show replies
Show replies
Former Member
‎01-30-2011 10:28 PM
0 Kudos

Hi,

In the IdM MMC, you need to add a user to the Identity store that exists in the AS Java. In the MMC --> Identity Stores --> Pick the IdS that your AS Java points to - by default it is Enterprise People, and press the Add user button. Type in the user name - normally you can start with "Administrator" and ensure that you tick the "Add Manager Privileges".

This will give the AS Java Administrator User access to the IdM Privileges MX_PRIV:WD:TAB_MANAGE amongst others, and it is these that give you the other tabs. Once you have these on Administrator, you can use the MANAGE tab to add the WD(WebDynpro) privliege to any other users you like.

Hope this helps,

Ian

Former Member
‎01-01-2014 11:48 AM
0 Kudos

Hi Ian,

     A small doubt in your reply. I agree that we need to add user in Identity store in order to give access to UI for that user. But the problem is there are over 100000 users who has to have access to IdM UI and all these users shouldnt be given Admin access. Your reply would surely help us.

Thank You

Regards,

Mohamed Fazil

Former Member
‎01-02-2014 8:25 AM
0 Kudos

Hi Fazil,

Yes, the admin access is given only to the SAP IDM Administrators. it should not be given to all the users !! To add a administrator, you can follow the step mentioned above.

if no privileges are assigned, by default the user will have access to self-servies tab.

if you need to give access to specific tabs for a user, the respective privileges are to be assigned.

say MX_PRIV:WD:TAB_MANAGE  for Manage tab.

MX_PRIV:WD:TAB_TODO  for ToDo tab.

hope its clear..

~ Krishna.

Ask a Question