cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Self service Password Reset Through IDM 7.2

Go to solution
Former Member

on ‎12-10-2013 4:58 AM

0 Kudos

Hi,

How does the pwd reset work through IDM ?

We have multiple systems in SAP like ECC,SRM,BI . Could this be configured for all systems in a single UI.

If yes, could dev,qlty and prd enviroments be configured in a single UI or does it have to be one UI for each environment.

Thank you,

Regards,

Praman.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎12-10-2013 8:08 AM
0 Kudos

Hi Praman,

Self Service password reset task can be configured to reset password for all the connected SAP Systems as well as Non-SAP systems.

Using Password reset task, on what systems the password should be reset depends on the configuration that you are going to do, based on your business requirement.

Also, while implementing, you should also take the password policies across the connected systems into consideration.

For more information on implementation, refer to the implementation guide here

For each environment, you will have the corresponding UI as below.

For Dev - http://<Dev-Server>:<port>/idm/pwdreset

For QAS- http://<QAS-Server>:<port>/idm/pwdreset

For PRD- http://<PRD-Server>:<port>/idm/pwdreset

So, you have to configure the task in each and every environment. Best way is to, configure in dev, transport to QAS and test, and later Transport to PRD.

Hope this help !! All the best...

~ Krishna.

Show replies
Show replies
Former Member
‎12-10-2013 11:37 AM
0 Kudos

HI Krishna,

Thanks for the info.

As per the document the password reset task has to be configured on an Identity Store.

Does it have to be a particular id store or it coud be any.

Thank you,

Regards,

Praman

Former Member
‎12-10-2013 2:11 PM
0 Kudos

Hi Praman,

The Identity store should be your master identity store. If you go through the documentation, IDM UI can connect to only one identity store and it should be your master identity store (SAP_MASTER) which is used for all the provisioning , deprovisioning purposes etc etc.

If you can look at the documentation of IDM UI installation & configuration, there in SAP AS JAVA, your will configure the id_store id ( which is your master ID store to which the IDM UI points to). So, the standard Password reset task which is a guided task will always point to this ID store id.

Hope you got it. Any confusion, let me know.

~ Krishna.

Former Member
‎01-01-2014 12:33 PM
0 Kudos

Many Thanks Krishna

    We did it successfully and the password reset works. But the problem here is the password gets reset only in UI and not in SAP Backend systems.

For Instance : We have a user in ECC and we do have the same user in UI. But how do we tell IdM that this UI user is same as the one we have in ECC. I mean there is no one to one mapping of users between the systems. Probably thats the reason the Password Reset works only for UI and not for ECC.

Kindly share your thought if you have any Idea.

Regards,

Mohamed Fazil

Former Member
‎01-02-2014 3:08 AM
0 Kudos

Hi Praman,

Happy new year !! See my answers for your queries.

Firstly, How do IDM understands on what all repositories on the user is present.

Say you have a user in a repository (target system), whose information is loaded through IDM (via Initial load). During initial load for the user sets ACCOUNT<repname> , that means, when you intial load user from REPA, the user will have attribute ACCOUNTREPA, say the user is also in REPB and you have done initial load to IDM , an attribute ACCOUNTREPB will be set.

This is the way IDM will understand on what repositories the user exists.

If the user is in both IDM and the target system, but the account attribute ACCOUNT<repName> is not set in IDM, IDM will not know that the user existence in target repository.

I hope now you are clear on how IDM identifies the repositories on which the user is present.

Now, coming to your scenario, are you running the corresponding hook task to provision the changed password to the target repository? which should be something like this.

And also you should use a script to identify the repositories in which the user is present, and start the password provisioning for the repositories.

Attached script may be helpful for you.

All the best !!

~ Krishna.

password reset.txt.zip

Answers (1)

Answers (1)

terovirta
Active Contributor
‎12-10-2013 8:31 AM
0 Kudos 


Praman Mulay wrote:




How does the pwd reset work through IDM ?


We have multiple systems in SAP like ECC,SRM,BI . Could this be configured for all systems in a single UI.


If yes, could dev,qlty and prd enviroments be configured in a single UI or does it have to be one UI for each environment.

There's different UI per each different IdM-instance. The password is then by default changed to all systems that are connected to IdM.

The rest then depends on your business role concept and IdM landscape. Does you production IdM provision only to production systems or do you treat your dev and Q/A also as productive system? (meaning developers and Q/A users are provisioned from fully working acceptance tested IdM-instance)

Show replies
Show replies
Former Member
‎01-02-2014 3:14 AM
0 Kudos

Its amazing how much effort I put into making the prod IDM system manage all systems and yet still having a dev/test/qa system which connects to the same system and doesn't destroy my prod users.

Every project I work on its a requirement.

So, I would extend this answer in that an IDM will reset the passwords for each system that is connected to it *for the users it manages*.  My dev 'users', managed by my dev IDM system cannot be reset from my prod system, although my developers dev accounts can be.

If you take my meaning...

Peter

Ask a Question