|NOTE: In order to easy understanding the behavior is described with respect to SAP groups in this section. It applies in the same way to roles and profiles.|
In One Identity Manager,
|NOTE: If central user administration is implemented, define the categories in the central system as well as in the child system. The same categories must be defined in the child system as in the central system so that |
To define a category
SynchronizationThe process of comparing data between One Identity Manager and a target system. Objects and their properties are compared by fixed rules. Synchronization results in the identical data situation in the target system and One Identity Manager database. projects, in which a
|NOTE: The Manager is locked for editing throughout. To edit objects in the Manager, close the Synchronization Editor.|
To open an existing synchronization project in the Synchronization Editor
You can manage the users of a One Identity Manager environment with the SAP R/3. One Identity Manager concentrates on setting up and editing SAP user accounts. Groups, roles and profiles are mapped in SAP, in order to provide the necessary permissions for One Identity Manager user accounts. The necessary data for system measurement is also mapped. The system measurement data is available in One Identity Manager, but the measurement itself takes place in the SAP R/3 environment.
If user accounts are managed through the central user administration (CUACentral user administration.) in SAP R/3, access to the child client can be guaranteed to or withdrawn from user accounts in One Identity Manager.
The central component of the One Identity Manager is to map employees and their master data with permissions through which they have control over different target systems. For this purpose, information about user accounts and permissions can be read from the target system into the One Identity Manager database and linked to employees. This gives an overview of the permissions for each employees in all of the connected target systems. One Identity Manager provides the possibility to manage user accounts and their permissions. You can provision modifications in the target systems. Employees are supplied with the necessary permissions in the connected target systems according to their function in the company. Regular synchronization keeps data consistent between target systems and the One Identity Manager database.
Because requirements vary between companies, the One Identity Manager offers different methods for supplying user accounts to employees. One Identity Manager supports the following method for linking employees and their user accounts.
Employees can automatically obtain their account definitions using user account resources. If an employee does not have a user account in
When you manage account definitions through user accounts, you can specify the way user accounts behave when employees are enabled or deleted.
|NOTE: If employees obtain their user accounts through account definitions, they have to have a central |
For more detailed information about employee handling and administration, see the One Identity Manager Target SystemAn instance of a target system in which the employees managed by One Identity Manager have access to network resources. Example: An Active Directory domain X for target system type "Active Directory", a directory Y for target system type "LDAP", a client Z for target system type "SAP R/3". Base Module Administration Guide.