cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Integrate SAP IDM with SAP PI

Go to solution
Former Member

on ‎07-22-2013 11:05 AM

0 Kudos

Hello Experts,

Can anyone please let me know that how can we integrate SAP IDM with SAP NW PI (Process Integration)?

And which protocol SAP IDM supports to send/receive data?

Thanks

Amit Srivastava

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member2987
Active Contributor
‎07-22-2013 1:36 PM
0 Kudos

Amit,

This is an interesting question that I have encountered from time to time.

IDM is based on a central database repository called the Identity Store held on a SQL Server, Oracle or DB2 database.

This being said, the easiest way to integrate is to have PI write the information to a custom table within the database (or a separate database if you prefer) and then have IDM read the information using a FROM Database pass.

Optionally you can put the information in a LDAP directory (and use the FROM LDAP pass).

If you need these activities to occur in "real time" you can use an IDM Event agent to watch the assigned database table for changes that would start IDM workflows that would process the data.

I am not aware of any supported functionality for having PI put information directly into the Identity Store.

Hope this points you in the right direction.

Regards,

Matt

Show replies
Show replies
bxiv
Active Contributor
‎07-22-2013 2:06 PM
0 Kudos

With PI being a dual/double stack, are you not using UME for IDs on the ABAP side to be created on the Java side?

It may be helpful to provide more information on what you are looking to accomplish with IDM and PI.

Former Member
‎07-22-2013 2:17 PM
0 Kudos

Hello Billy,

I am using SAP Process Orchestration (PI7.31 Single stack)

Actually, my requirement is that Employee termination needs to be propagated to multiple downstream systems e.g. Identity Management System. The ERP system and downstream systems are on independent platforms. So i though i will use SAP PO to integrate the same but not sure how i will do the same?

Thanks

Amit Srivastava

Former Member
‎07-22-2013 2:18 PM
0 Kudos

Hello Matt,

Thanks for your reply!!

Thanks

Amit Srivastava

bxiv
Active Contributor
‎07-22-2013 2:22 PM
0 Kudos

I would go with Matt's suggestion about using LDAP and let IDM lock/delete the account in LDAP to control access to PI.  I would think this would be less administration in the long run, but you are going to need to find a way to add groups/roles to the user ID, which I would find a way to control through AD; as PI has enough to do in it already. 

former_member2987
Active Contributor
‎07-22-2013 4:41 PM
0 Kudos

Amit,

Why not just pass the termination information to IDM and then let the IDM workflow handle the deprovisioning as a result of the new information.

This lets you have an auditable and flexible workflow that can handle not only ERP and other parts of the SAP Landscape, but also reach out into the rest of your enterprise and handle your Enterprise Directory, Mail Server, etc.

Matt

Answers (2)

Answers (2)

Former Member
‎08-08-2013 7:03 PM
0 Kudos

Hello All,

Thanks for the much appreciated help!!

Thanks

Amit Srivastava

Show replies
Show replies
ivan_petrov
Active Participant
‎07-23-2013 6:28 AM
0 Kudos

Hi Amit,

All mentioned above is correct, but there are also other ways to trigger IDM workflow.

- The most easiest one is using IDM REST API - this way you can make a direct call to IDM Task and provide some parameters.  

- If this still doesn't fit your needs, you can always write a java class inherit ToPass or FromPass, depends on your needs and integrate this class in IDM via ToCustom or FromCustom passes.

Of course as Mat said I'll also use IDM to handle the action it self in order to use its flexibility, but still this is your choice

Best regards,

Ivan

Show replies
Show replies
Ask a Question