cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to connect non sap custom system?

Go to solution
Former Member

on ‎11-13-2015 10:51 AM

0 Kudos

Hi experts,

How can I connect custom built system to IDM?

The system was built by customer and uses dbms tables to manage it's login information.

The table structure is simple that USER table for user information and ROLE table for role information and USER_ROLE table for user role assignment information. IDM can connect the system through jdbc.


In IDM configuration guide, there is section for nonSAP system but it handles only MS AD and IBM NOTES system.

Any comment welcome.

regards,

dongsu

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member2987
Active Contributor
‎11-13-2015 1:24 PM
0 Kudos

Hi Dongsu,

Sounds like a simple system, so I'll give a simple answer

I'd just use To/From database passes to connect to the system. If you know the values that are required(role) you can read them directly from the system and keep them in IDM via a custom table (this can even be shown in the UI.  I have a blog link somewhere, or you could just map them as roles to MXREF_MX_ROLE.  It's kind of tough to say more without knowing the schema of the application.

One could also do it via To/From LDAP passes by putting VDS in front of the application, which has other potential pros and cons. (To/From LDAP can also be used if the application links to Active Directory or LDAP for authorizations)

Finally if it is a more advanced application that supports an API, you could work that way via To/From custom passes, but you would need to ask someone else about that.  I'm not really good at that part of IDM.

Let me know if you have questions.

Regards,

Matt

Show replies
Show replies
Former Member
‎11-14-2015 11:40 AM
0 Kudos

Dear Matt,

thanks for advice.

The schema of my test application is:

create table T_USERS(

user_login varchar(20)  constraint users_pk primary key,

first_name varchar(20),

last_name varchar(20) not null,

email_address varchar(40),

home_address varchar(15),

department varchar(15),

mobile varchar(15),

telephone varchar(15)

);

create table T_ROLES(

role_id varchar(20) constraint roles_pk primary key,

role_name varchar(20),

role_desc varchar(60)

);

create table T_USER_ROLE(

user_role_no integer constraint u_r_pk primary key,

user_login varchar(20),

role_id varchar(20),

constraint user_fk foreign key(user_login) references T_USERS(user_login),

constraint role_fk foreign key(role_id) references T_ROLES(role_id)

);

insert into T_ROLES values('ADM','ADMIN','System Administration');

insert into T_ROLES values('GRP1','SALES GROUP 1','Sales Team Domestic');

insert into T_ROLES values('GRP2','SALES GROUP 2','Sales Team International');

insert into T_ROLES values('SOP','SALES Operation Team','Sales Operation Team');

insert into T_ROLES values('MKT','Marketing','Marketing Team');

insert into T_ROLES values('FIN','FINANCE','Financial Service Team');

Basically what I have to do is

1. read T_ROLES table contents and store in Identity store as a privilege for that repository.

     - It is done by Initial load job in abap connector.

2. provisioning to that system.

     - Writing data in T_USERS table for account creation

     - Writing data in T_USER_ROLE table for privilege assignment.

Provisioning to ERP system was just done by give a special privilege to a user.

PRIV:REPOSITORY:ONLY

It seems there are a kind of trigger setting implemented by connector package.

Would you give me more advice what should I do with this custom application?

thanks

dongsu

former_member2987
Active Contributor
‎11-14-2015 6:53 PM
0 Kudos

Hmmm....

So you have a list of users and roles in separate tables that don't seem to be linked together, but you do have the user_roles table that seems to have it.

First you would need to set up a repository and let it know that all of your roles come from T_ROLES. (this might need to be a custom piece modeled after one of the initial load jobs) It would also set up the ONLY and SYSTEM roles.

So it would seem that when you assign the ONLY role it would trigger a task that creates the user in T_USERS.

Then you would be able to assign the previously loaded repository roles and assign them to users with the application assigned to them.

If you need I can model this more on my test system.  This is all coming out of my head at the moment.

Matt

Former Member
‎11-15-2015 12:54 AM
0 Kudos

Dear Matt,

If you would model this more on your test system, it would be GREAT!!

This USERS - USER_ROLE - ROLES structure is most common architecture I meet in non-SAP, non-commercial applications.

In usual IT environment of customers, I do connect some numbers of application with built-in connectors. Using connector for SAP ERP, MS AD, General LDAP, etc.

But much more numbers of customer systems are custom built.

No connectors prepared and we only know the schema.

So I have to handle them with this approach.

Best Regards,

dongsu

********

I am new to SAP NW IDM this time.

But I used to use other IDM solution for years. That of O** company.

They provide separate tool for this purpose.

So I expected SAP IDM would provide similar tool but still I could not found it.

Thank you again!

*******

former_member2987
Active Contributor
‎11-15-2015 5:59 PM
0 Kudos

Hi Dongsu,

I have the repository and initial load configured and working.  I'll write these up as a blog post in the next couple of days.

Matt

Update: Blog posted.  Enjoy!

Answers (0)

Ask a Question