After working with IDM for a while I still cannot find an obvious way to reconcile non-HCM users with their positions. For example, users already exist in the ABAP client and are not assigned to positions. Then IDM with HCM integration is implemented and new user creation is driven from HCM to IDM. If a user ID already exists for a user I can assign the user Id to the position via the 105 record. However IDM doesn't seem to know that the user ID now has a position and doesn't populate the User record in IDM with the HCM details. Am I missing something here?
I'm gathering you have some SAP users who for whatever reason are not in HCM, but you still wish to sync them with some SAP information such as position?
Thanks for the response, appreciated. Yes you are right, hopefully the following describes the scenario clearer. In this scenario IDM and position based security are implemented together;
Scenario:
1. Existing SAP landscape being managed by CUA with direct provisioning
2. IDM implemented to replace management of the SAP landscape
3. Position based security introduced at the same time
4. User ID’s are defined as the users first initial and surname by IDM script
5. IDM UI configured to show users HCM data
6. The initial read job in IDM pulls in all users from all SAP clients
7. New users are driven out of HCM to IDM, user ID is created and the 105 record populated with the users ID
In this scenario I have two distinct groups of users, the new users being created by IDM are associated with their HCM data and this data is available to view in IDM UI, all good.
For existing users that were not created via IDM, IDM has read their User ID during the initial read job when no HCM data was available for the user.
Now the user ID is assigned to HCM via the 105 (Manual process)
The problem;
IDM knows of an existing user e.g. JBOND. When the user is assigned to their 105, IDM has no interaction with the users HCM data so does not know to update the data for JBOND with any HCM data. So in the UI JBOND does not show any HCM data.
If I run the HCM extract for this users position IDM wants to create User ID JBOND. The ID already exists but IDM does not know that the existing ID JBOND is the same person that it is trying to create.
I could delete JBOND from SAP and then have IDM re-create the ID again from HCM output but I expect this is overkill and there is a simpler solution that I am missing.
Yes they are the same, maybe my script which determines the User ID is to blame then.
So if I used the standard methods for determining the user ID from the HCM export which are personnel number or ID maintained in the 105 (I have never got this one to work). Would IDM reconcile an existing ID with its HCM data once I had manually assigned the ID to its 105?
PS I have been getting to grips with IDM for the last two years and apart from the standard doco the most useful information I have found has been your many posts so big thanks for that Matt!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.