Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for Connecting to SAP R/3

Managing SAP R/3 Environments Setting up SAP R/3 Synchronization Base Data for Managing SAP R/3 SAP Systems SAP Clients SAP User Accounts SAP Groups, SAP Roles and SAP Profiles SAP Products Providing System Measurement Data Reports about SAP Systems Appendix: Configuration Parameters for Managing an SAP R/3 Environment Appendix: Default Project Templates for Synchronizing an SAP R/3 Environment Appendix: Referenced SAP R/3 Tables and BAPI Calls Appendix: Example of a Schema Extension File

Testing a Password

When you test a password, all the password policy settings, custom scripts and the restricted passwords are taken into account.

To test whether a password conforms to the password policy

  1. Select the category Manager | Basic configuration data | Password policies in the SAP R/3.

  2. Select the password policy in the result list.
  3. Select Change master data in the task view.
  4. Select the Test tab.
  5. Select the table and object to be tested in Base objectClosed for test.
  6. Enter a password in Enter password to test.

    A display next to the password shows whether it is valid or not.

Testing Generating a Password

When you generate a password, all the password policy settings, custom scripts and the restricted passwords are taken into account.

To generate a password that conforms to the password policy

  1. Select the category Manager | Basic configuration data | Password policies in the SAP R/3.

  2. Select the password policy in the result list.
  3. Select Change master data in the task view.
  4. Select the Test tab.
  5. Click Generate.

    This generates and displays a password.

Assigning a Password Policy

The password policy "SAP R/3 password policy" is predefined for SAP R/3. You can apply this password policy to SAP user accounts (SAPUser.Password) of an SAP client.

If the clients' password requirements differ, it is recommended that you set up your own password policies for each client.

IMPORTANT: If you are not working with target system specific password policies, the default policy applies. In this case, ensure that the password policy "One Identity Manager password policy" does not violate the target system requirements.

To reassign a password policy

  1. Select the category Manager | Basic configuration data | Password policies in the SAP R/3.

  2. Select the password policy in the result list.
  3. Select Assign objects in the task view.
  4. Click Add in the Assignments section and enter the following data.

    Table 36: Assigning a Password Policy

    Property

    Description

    Apply to

    Application scope of the password policy.

    To specify an application scope

    1. Click next to the text box.
    2. Select the table which contains the password column under Table.
    3. Select the specific target system under Apply to.
    4. Click OK.

    Password column

    The password column's identifier.

    Password policy

    The identifier of the password policy to be used.

  5. Save the changes.

To change a password policy's assignment

  1. Select the category Manager | Basic configuration data | Password policies in the SAP R/3.

  2. Select the password policy in the result list.
  3. Select Assign objects in the task view.
  4. Select the assignment you want to change in Assignments.
  5. Select the new password policy to apply from the Password Policies menu.
  6. Save the changes.

Initial Password for New SAP User Accounts

Initial Password for New SAP User Accounts

Table 37: Configuration Parameters for Formatting Initial Passwords for User Accounts
Configuration parameter Meaning

QER\Person\UseCentralPassword

This configuration parameter specifies whether the employee's central password is used in the user accounts. The employee’s central password is automatically mapped to the employee’s user account in all permitted target systems. This excludes privileged user accounts, which are not updated.

QER\Person\UseCentralPassword\PermanentStore

This configuration parameter controls the storage period for central passwords. If the parameter is set, the employee’s central password is permanently stored. If the parameter is not set, the central password is only used for publishing to existing target system specific user accounts and is subsequently deleted from the One Identity Manager database.

TargetSystem\SAPR3\Accounts\
InitialRandomPassword

This configuration parameter specifies whether a random generated password is issued when a new user account is added. The password must contain at least those character sets that are defined in the password policy.

You have the following possible options for issuing an initial password for a new SAP user account.

  1. User the employee's central password. The employee’s central password is mapped to the user account password.
    • Set the configuration parameter "QER\Person\UseCentralPassword" in the Designer.

      If the configuration parameter "QER\Person\UseCentralPassword" is set, the employee's central password is automatically mapped to an employee's user account in each of the target systems. This excludes privileged user accounts, which are not updated.

    • Use the configuration parameter "QER\Person\UseCentralPassword\PermanentStore" in the Designer to specify whether an employee’s central password is permanently saved in the One Identity Manager database or only until the password has been published in the target system.

    The password policy "Employee central password policy" is used to format the central password.

    IMPORTANT: Ensure that the password policy "Employee central password policy" does not violate the target system specific password requirements.

  2. Create user accounts manually and enter a password in their master data.
  3. Specify an initial password to be used when user accounts are created automatically.
    • Apply the target system specific password policies and enter an initial password in the password policies.
  4. Assign a randomly generated initial password to enter when you create user accounts.

    • Set the configuration parameter "TargetSystem\SAPR3\Accounts\InitialRandomPassword" in the Designer.
    • Apply target system specific password policies and define the character sets that the password must contain.
    • Specify which employee will receive the initial password by email.
Related Topics
Related Documents