- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- External identity management in SAP
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
External identity management in SAP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-08-2012 12:35 PM
Hello guys,
Our company is implementing a new Identity Management System (Oracle Identity Management). In a first stage, it will comunicate with SAP for provisioning and account reconciliation.
Project team are requesting us a new field in SAP user master record in order to maintain an external ID to reconciliate OIM identities with SAP accounts. We are in doubt if we should create a new field in USR02 table (this table is categorized as "cannot be enhanced").
We've been looking for some information and we've found standard table USREXTID, which seems to be for this purpose. Can we use this table for it?
What are your opinion about that?
Best regards,
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-08-2012 1:49 PM
The USREXTID table has a particular use in SAP software and it is not designed to maintain identities of the user for IdM purposes - it is used for mapping external identities for authentication, so changing this table might have unpredictable results. Maybe you can add an extra field in Oracle IdM which holds the SAP user and then Oracle software will know which Oralce id relates to a particular SAP user.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-08-2012 1:49 PM
The USREXTID table has a particular use in SAP software and it is not designed to maintain identities of the user for IdM purposes - it is used for mapping external identities for authentication, so changing this table might have unpredictable results. Maybe you can add an extra field in Oracle IdM which holds the SAP user and then Oracle software will know which Oralce id relates to a particular SAP user.
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-09-2012 10:03 AM
Hi,
I agree with Tim that USREXTID is probably not the best idea. The only way how you could use it would be defining new record type. I also agree with you that extending USR02 is not a good idea.
I am wondering why Oracle IdM has to have additional number stored in SAP. IdM systems should be able to consolidate accounts across multiple systems without enhancing data in the systems. In SAP IdM you define identity in IdM and this identity is projected into all required systems. But there is no reason to have unified names in all systems.
Cheers
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-12-2012 3:14 PM
Hi all,
Do you have any additional documentation about USREXTID table and related functionality?
Best regards,
- SAP Managed Tags:
- Security
