Chat now with support
Chat with Support

Identity Manager 8.1.4 - Administration Guide for Connecting to SAP R/3

Managing SAP R/3 environments Setting up SAP R/3 synchronization Basic data for managing an SAP R/3 environment Basic data for user account administration SAP systems SAP clients SAP user accounts SAP groups, SAP roles, and SAP profiles SAP products Providing system measurement data Reports about SAP systems Configuration parameters for managing an SAP R/3 environment Default project templates for synchronizing an SAP R/3 environment Referenced SAP R/3 table and BAPI calls Example of a schema extension file

Email notifications about login data

Table 39: Configuration parameters for notifications about actions in the target system
Configuration parameter Meaning

TargetSystem | SAPR3 | Accounts |
InitialRandomPassword | SendTo

This configuration parameter specifies to which employee the email with the random generated password should be sent (manager cost center/department/location/business role, employee’s manager or XUserInserted). If no recipient can be found, the password is sent to the address stored in the “TargetSystem | SAPR3 | DefaultAddress” configuration parameter.

TargetSystem | SAPR3 | Accounts |
InitialRandomPassword | SendTo |
MailTemplateAccountName

This configuration parameter contains the name of the mail template sent to provide users with the login data for their user accounts. The Employee - new user account created mail template is used.

TargetSystem | SAPR3 | Accounts |
InitialRandomPassword | SendTo |
MailTemplatePassword

This configuration parameter contains the name of the mail template sent to provide users with information about their initial password. The Employee - initial password for new user account mail template is used.

TargetSystem | SAPR3 | DefaultAddress

The configuration parameter contains the recipient's default email address for sending notifications about actions in the target system.

You can configure the login information for new user accounts to be sent by email to a specified person. In this case, two messages are sent with the user name and the initial password. Mail templates are used to generate the messages. The mail text in a mail template is defined in several languages. This means the recipient’s language can be taken into account when the email is generated. Mail templates are supplied in the default installation with which you can configure the notification procedure.

To use email notifications about login data

  1. Ensure that the email notification system is configured in One Identity Manager. For more detailed information, see the One Identity Manager Installation Guide.
  2. In the Designer, set the Common | MailNotification | DefaultSender configuration parameter and enter the sender address for sending the email notifications.
  3. Ensure that all employees have a default email address. Notifications are sent to this address. For more detailed information, see the One Identity Manager Identity Management Base Module Administration Guide.
  4. Ensure that a language can be determined for all employees. Only then can they receive email notifications in their own language. For more detailed information, see the One Identity Manager Identity Management Base Module Administration Guide.

When a randomly generated password is issued for the new user account, the initial login data for a user account is sent by email to a previously specified person.

To send initial login data by email

  1. In the Designer, set the "TargetSystem | SAPR3 | Accounts | InitialRandomPassword" configuration parameter.
  2. In the Designer, set the "TargetSystem | SAPR3 | Accounts | InitialRandomPassword | SendTo" configuration parameter and enter the message recipient as value.
  3. In the Designer, set the "TargetSystem | SAPR3 | Accounts | InitialRandomPassword | SendTo | MailTemplateAccountName" configuration parameter.

    By default, the message sent uses the mail template "Employee - new account created". The message contains the name of the user account.

  4. In the Designer, set the "TargetSystem | SAPR3 | Accounts | InitialRandomPassword | SendTo | MailTemplatePassword” configuration parameter.

    By default, the message sent uses the mail template "Employee - initial password for new user account". The message contains the initial password for the user account.

TIP: To use custom mail templates for emails of this type, change the value of the configuration parameter.

SAP systems

NOTE: The Synchronization Editor sets up the SAP systems in the One Identity Manager database.

To edit an SAP system's master data

  1. Select the SAP R/3 | Systems category.
  2. Select an SAP system in the result list and run the Change master data task.
  3. Edit the system's master data.
  4. Save the changes.
Table 40: Master data for an SAP system
Property Description
Display name The SAP system's display name.
System number The SAP system number.
System measurement enabled Specifies whether system measurement for this system is carried out. One Identity Manager provides the measurement data but the actual system measurement takes place in the SAP R/3 environment.
Related topics

SAP clients

NOTE: The Synchronization Editor sets up the clients in the One Identity Manager database.

To edit client master data

  1. Select the SAP R/3 | Clients category.
  2. Select the client in the result list. Select the Change master data task.
  3. Edit the client's master data.
  4. Save the changes.

General master data for SAP clients

Enter the following general master data on the General tab.

Table 41: General master data for a client

Property

Description

Client no.

Number of the client.

Name

Client's name.

System

System to which the client belongs.

Canonical name

Client's canonical name.

Company

Company for which the client is set up. The company given here is used when a new user account is set up.

City

City where company resides.

Has user administration

Specifies whether the client is used for user administration.

If this option is set, the most significant license of the user account is used for system measurement.

Account definition (initial)

Initial account definition for creating user accounts. This account definition is used if automatic assignment of employees to user accounts is used for this client and if user accounts are to be created that are already managed (Linked configured). The account definition's default manage level is applied.

User accounts are only linked to the employee (Linked state) if no account definition is given. This is the case on initial synchronization, for example.

NOTE: If the CUAClosed status Child is assigned, no account definition should be assigned.

Target system managers

Application role, in which target system managers are specified for the client. Target system managers only edit the objects from clients to which they are assigned. A different target system manager can be assigned to each client.

Select the One Identity Manager application role whose members are responsible for administration of this client. Use the button to add a new application role.

Synchronized by

NOTE: You can only specify the synchronization type when adding a new client. No changes can be made after saving.

If you create a client with the Synchronization Editor, One Identity Manager is used.

Type of synchronization through which data is synchronized between the client and One Identity Manager. Once objects are available for this client in One Identity Manager, the type of synchronization can no longer be changed.

If you create a client with the Synchronization Editor, One Identity Manager is used.

Table 42: Permitted values
Value Synchronization by Provisioned by
One Identity Manager SAP R/3 connector SAP R/3 connector
No synchronization none none
NOTE: If you select No synchronization, you can define custom processes to exchange data between One Identity Manager and the target system.

ALE name

Name used to map the client as logical system in the SAP distribution model.

ALE model name

Name of the SAP distribution model that maps the relation between the logical systems of the central user administration. SAP roles and profiles of all child systems with the same ALE model name as the central system, are synchronized when the central system is synchronized.

CUA status

Client usage when the central user administration is in use. Possible values are Central and Child.

The value None indicates that the client is not being used in a central user administration.

CUA central system

Central system to which the client belongs. Assign the relevant system for clients with the CUA status Child.

Description

Text field for additional explanation.
Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating