cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

IDM & Non SAP app integration

Former Member

on ‎09-18-2014 8:26 AM

0 Kudos

Hi All,

I have to integrate one Non SAP application with IDM and conduct provision and de-provision. Can somebody provide me some design/approach how provisioning tasks can be configured to fulfill the same. The Non SAP app has oracle database where I have to provision user. Is there any OOB sample available or any existing thread which I can read?

Thanks,

Dhiman Paul.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎09-24-2014 7:54 AM
0 Kudos

Hello Tero and Matt,

Yes, we are able to run the procedure successfully from SQL Developer.

We are using a dedicated user (not mxmc_rt) for accessing the "3rd party" database.

The same configuration we are using for connection in both SQL Developer and IDM.

But, still while running the stored procedure from IDM, we are not able to commit the query even though in IDM job log it shows that provision is successful.

Thanks

Show replies
Show replies
Former Member
‎09-22-2014 8:57 AM
0 Kudos

Hello Tero,

Thanks for your response.

We have managed to get a workaround for the job in IDM. There are a couple of issues we are facing.

  • We are using a "To Database" pass.
    • In that, we have sql updating and we are using a stored procedure for insertion into non-sap application.
    • The stored procedure runs fine and we get a success entry log in IDM.
    • When we try to find the same user in non-sap app, it doesn't return any value.

  • For connection to non-sap and sap, we are having a communication user (not mxmc_rt).
    • We are using the same user for connection purpose between the app.
    • Does mxmc_rt require the privileges to write into the database table? As, we are not using the user for connection purpose.

    

Thanks,

Show replies
Show replies
former_member2987
Active Contributor
‎09-22-2014 2:46 PM
0 Kudos

Dhiman,





    

      

    • The stored procedure runs fine and we get a success entry log in IDM.
      • 

    • When we try to find the same user in non-sap app, it doesn't return any value.
      •

If you do this manually does it work?  When I've tried to do this in the past and it hasn't worked, it's usually because I have not located the correct procedure or find out that there is some other prerequisite that is missing.

    • 

        

      • 

          

        • Does mxmc_rt require the privileges to write into the database table? As, we are not using the user for connection purpose.
          •

Quite probably.  Check with the administrator of the application / database

terovirta
Active Contributor
‎09-23-2014 10:26 AM
0 Kudos 


Dhiman Paul wrote:




  


    

  • We are using a "To Database" pass.

      

    • In that, we have sql updating and we are using a stored procedure for insertion into non-sap application.
      • 

    • The stored procedure runs fine and we get a success entry log in IDM.
      • 

    • When we try to find the same user in non-sap app, it doesn't return any value.
      • 

    

    • 







    

  • For connection to non-sap and sap, we are having a communication user (not mxmc_rt).

      

    • We are using the same user for connection purpose between the app.
      • 

    • Does mxmc_rt require the privileges to write into the database table? As, we are not using the user for connection purpose.
      • 

    

    •

Like Matt said if you run the procedure from SQL Developer or SQL+ does it work? If so what userid/password do you use? Use the same useid/password in the URL of your to Database-pass in IdM.

You don't need to use mxmc_rt for the connection to "3rd party" database, probably better if you get a dedicated user for the interface that has access only to the needed table / stored procedure etc.

regards, Tero

terovirta
Active Contributor
‎09-18-2014 8:48 AM
0 Kudos

Hello,

if your provisioning/deprovisioning actions are just writing to table(s) in Oracle DB, then you can get away easily by just duplicating the needed SAP PF plugins/logic of any other "standard" repository. The only difference would be compared for exampe to AS ABAP that the toSAP-passes are toDatabase.

Create a repository representing the system with connection parameters, add the add/del-member tasks (use the standard Provisioning/Deprovisioning workflows) and create system/account privileges.

Does the system have any roles that you would need to represent as privileges in IdM?

I am not aware of any sample.. But if you already know the connection parameters and DB-schema of the target system and can create users by using SQL Developer the next step of attempting the same thing in IdM is not too difficult.. Just create first a dummy task that can do the same with hardcoded parameters, then next try with actual Id Store entry, once that works try provisioning by adding the account privilege and SAP PF Provisioning workflow.. small steps.

regards, Tero

Show replies
Show replies
Ask a Question