on 09-06-2013 3:46 PM
Hi friends,
I have to integrate a non SAP application with SAP IDM.
I have seen this thread:
http://scn.sap.com/thread/3394472
But it's not clear for me, once I dont know IDM so much.
Do you know what kind of adapter I can use to create this cenario?
WEB System --> PI 7.3 (with abap) --> SAP IDM
Thank you so much,
Luciana
Is it the WEB system that has to be apart of IdM, or is it PI that needs to be part of IdM?
Also with PI is the Java UME set to the ABAP stack for IDs?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Billy,
What do you mean with "has to be apart of IdM" ?
My cenario is: the web system sends some data to IDM and PI makes this communication.
My SAP PI is not Java Only. I also have the abap part.
And I dont know anything about IDM .
We have an IDM team but they didt tell me if it's possible creating web service on the IDM side, or if exist another way to communicate with PI or with abap (SAP ECC for example).
Thanks,
Luciana
IdM consolidates all of your user IDs for various services in a business, SAP/Email/LDAP/etc.
I'm not 100% sure if you want to consolidate IDs on the web system or within PI? Basically, what IDs are you looking to control from IdM?
IdM does provide its own webservice, if it is installed in most cases requires a dedicated Java application server and then 3 additional components to be added in via SUM.
Hi Billy,
My "web service" is my HR System, that is a non SAP application.
I can communicate with this system, via SOAP. Due to that, I called it "web application".
So, my HR system, is going to send the employee informations (name, document number, birth date, etc), and IDM will record it and generates the employee's SAP user.
That's my scenario.
Thank you so much,
Luciana
I would have to agree with @Matt pulling data through web protocols is going to restrict the information that IdM can obtain...For example if the HR admins make a change, lets say add a new required field (lets say a SIP phone extension for the phone system), they have to then present that in a way that PI can obtain it, then PI has to have changes made to provide the data to the IdM server, then you have to update your IdM configuration to also include that data....thats a lot of changes to take place.
The DBA and HR admins should be able to provide a user ID that IdM can log into the DB, as another solution and you could have the data read directly...but then you get to learn the layout of the HR SQL DB... Fun fun fun
Hi Luciana
As Matt says - it can be easier to use a 'transfer' table. Nearly any HR system can export data to a readable format - either SQL or even CSV. You can then read that data in to get what you need.
You can write your own Java to accept SOAP requests and various other options but they tend to involve lots of work and you'd have to determine if its worth the effort.
Peter
Reading directly from HR has all sorts of issues - some around security (lots of HR contains very sensitive data that they will scream at if someone else gets access to it), and some around the integrity of the database.
It's safer to get an extract you can use that contains only the data you need. It removes the need to mine the HR structure.
Peter
Luciana,
I've always found it easiest to do the following:
1. Have the HR team prepare a SQL based extract. You'll want them to create the extract based on the minimal dataset needed, as Peter had mentioned, no need to get information that is not needed for the provisioning process. I prefer SQL since the DBAs can make sure that the tables have restricted access to protect privacy. They can also set up secure access to protect the data as well. Something not as easily or comprehensively done with CSV and other text formats.
2. Now you can create an IDM job that will read this data and begin the provisioning process. Simple use this HR table as the source and map it to the relevant IDM attributes in the destination tab.
Note you could also use this for identity updates as well as new user provisioning.
Hope this helps,
Matt
Hi friends,
Thank you so much.
I really apreciate each answer and help.
I will talk to them and suggest this solution.
I have only one question: does IDM have any service (SOA) to have the IDs updated or created?
I mean, can we call the IDM by service or only directly by database ?
Thank you so much,
Luciana
Hello Luciana,
IDM Identity Service can provide web services access to identity store, while currently it accepts SPML requests. Please you can refer to its doc from following page(search "identity service"):
http://scn.sap.com/docs/DOC-8397
BR, Keith
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.