cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Custom Connectors for SAP IDM

Go to solution
Former Member

on ‎02-17-2014 2:29 AM

0 Kudos

We are to implement SAP IDM 7.2 for a client with several SAP systems in place for some of which the connectors are not yet defined.

From an initial research on SAP web site and looking at the connector overview document, we have come to an understanding that IDM's provisioning framework can be extended to JAVA/ABAP based SAP systems for provisioning. But for non-SAP systems, we have to build a connector from the Connector Development Kit and get it certified by SAP

To my understanding, provisioning to an SAP system like SAP Workforce Productivity Builder or SAP Business Objects which are not based on a JAVA/ABAP stack will require a custom connector to be built instead of extending the provisioning framework.

Please let me know if my understanding is correct.

Also, do help if you have developed any custom connectors for connecting to such type of systems in evaluating the effort required. Below is the summary of the applications in scope.

Systems

Non SAP systems

2

SAP JAVA/ABAP based systems with no connectors defined

3

SAP with no JAVA/ABAP component

6

Thanks

Chaitanya

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

terovirta
Active Contributor
‎02-18-2014 8:27 AM
0 Kudos

Do the non-SAP applications support access management via LDAP/AD-groups?

If so map the non-SAP rights to LDAP/AD-groups within the non-SAP application and provision group access from IdM. The IdM does all the provisioning and all the access is visible in IdM and can be reported out of IdM.

regards, Tero

Show replies
Show replies

Answers (1)

Answers (1)

Former Member
‎02-18-2014 9:22 AM
0 Kudos

Appreciate your input Tero.

Have a small concern. Considering that non SAP applications support Access management via AD groups,

1. Does provisioning happen on assigning the group access when the non-SAP rights are mapped to AD groups in the application? Just wanted to make sure it works.

If the non SAP applications do not support access management via AD, do you think we have any other alternative?

We are gathering requirements and at this point, are not sure if these applications support access management via AD. Will put forth a question to the owners.

Regards

Chaitanya

Show replies
Show replies
former_member188338
Explorer
‎02-18-2014 1:40 PM
0 Kudos

Hi Chaitanya,

I agree with Tero, if you are in the requirements gathering stage, you need to look for:

  1. Possible authentication and access control sources available to the system (e.g. they can run from active directory, AS ABAP, etc)
  2. What communication protocols they understand for user provisioning. (e.g. LDAP, JDBC, SPML).

Based on these things, you can determine if a custom connector is required. If you have the list of applications and the answer to these questions where you know them, post them on here and I'm sure someone will help you determine the best option for provisioning access.

Thanks,

Ian

Former Member
‎02-18-2014 10:33 PM
0 Kudos

Hi Ian,

Thanks for the info. I will get the necessary information and update the post.

Thanks

Chaitanya

Former Member
‎03-17-2014 10:41 PM
0 Kudos

Hi guys,

We are progressing in getting the requirements done.

Have a question though. As far as the non SAP applications go, managing them via AD groups is an alternative.

Can you throw some light on managing SAP systems with no JAVA/ABAP component for example, SuccessFactors , Business Objects(Information Steward and so on).

Can the AD groups be leveraged even in this scenario ?

Thanks

Chaitanya

Ask a Question