Chat now with support
Chat with Support

We are currently experiencing issues on our phone support and are working diligently to restore services. For support, please sign in and create a case or email for assistance

Identity Manager 8.1.4 - Administration Guide for Connecting to SAP R/3

Managing SAP R/3 environments Setting up SAP R/3 synchronization Basic data for managing an SAP R/3 environment Basic data for user account administration SAP systems SAP clients SAP user accounts SAP groups, SAP roles, and SAP profiles SAP products Providing system measurement data Reports about SAP systems Configuration parameters for managing an SAP R/3 environment Default project templates for synchronizing an SAP R/3 environment Referenced SAP R/3 table and BAPI calls Example of a schema extension file

Specifying categories for inheriting SAP groups, SAP roles, and SAP profiles

NOTE: In order to easy understanding the behavior is described with respect to SAP groups in this section. It applies in the same way to roles and profiles.

In One Identity Manager, groups can be selectively inherited by user accounts. For this purpose, the groups and the user accounts are divided into categories. The categories can be freely selected and are specified using a mapping rule. Each category is given a specific position within the template. The mapping rule contains different tables. Use the user account table to specify categories for target system dependent user accounts. In the other tables enter your categories for the target system-dependent groups. Each table contains the Position 1 to Position 31 category positions.

NOTE: If central user administration is implemented, define the categories in the central system as well as in the child system. The same categories must be defined in the child system as in the central system so that groups from a child system can be inherited by user accounts.

To define a category

  1. In the Manager, select the client in the SAP R/3 | Clients category.

  2. Select the Change master data task.
  3. Switch to the Mapping rule category tab.
  4. Extend the relevant roots of a table.
  5. To enable the category, double-click .
  6. Enter a category name of your choice for user accounts and groups in the login language that you use.
  7. Save the changes.
Detailed information about this topic

How to edit a synchronization project

Synchronization projects in which a client is already used as a base object can also be opened in the Manager. You can, for example, check the configuration or view the synchronization log in this mode. The Synchronization Editor is not started with its full functionality. You cannot run certain functions, such as, running synchronization or simulation, starting the target system browser and others.

NOTE: The Manager is locked for editing throughout. To edit objects in the Manager, close the Synchronization Editor.

To open an existing synchronization project in the Synchronization Editor

  1. Select the SAP R/3 | Clients category.
  2. Select the client in the result list. Select the Change master data task.
  3. Select the Edit synchronization project... task.
Detailed information about this topic
  • One Identity Manager Target System Synchronization Reference Guide
Related topics

SAP user accounts

You can manage SAP R/3 user accounts with One Identity Manager. One Identity Manager concentrates on setting up and editing SAP user accounts. Groups, roles, and profiles are mapped in SAP, in order to provide the necessary permissions for One Identity Manager user accounts. The necessary data for system measurement is also mapped. The system measurement data is available in One Identity Manager, but the measurement itself takes place in the SAP R/3 environment.

If user accounts are managed through the central user administration (CUAClosed) in SAP R/3, access to the child client can be guaranteed for or withdrawn from user accounts in One Identity Manager.

Detailed information about this topic

Linking user accounts to employees

The main feature of One Identity Manager is to map employees together with the master data and permissions available to them in different target systems. To achieve this, information about user accounts and permissions can be read from the target system into the One Identity Manager database and linked to employees. This provides an overview of the permissions for each employee in all of the connected target systems. One Identity Manager offers the option of managing user accounts and their permissions. You can provision modifications in the target systems. Employees are supplied with the necessary permissions in the connected target systems according to their function in the company. Regular synchronization keeps data consistent between target systems and the One Identity Manager database.

Because requirements vary between companies, One Identity Manager offers different methods for supplying user accounts to employees. One Identity Manager supports the following methods for linking employees and their user accounts:

  • Employees can automatically obtain their account definitions using user account resources. If an employee does not yet have a user account in a client, a new user account is created. This is done by assigning account definitions to an employee using the integrated inheritance mechanism and subsequent process handling.

    When you manage account definitions through user accounts, you can specify the way user accounts behave when employees are enabled or deleted.

  • When user accounts are inserted, they can be automatically assigned to an existing employee or a new employee can be created if necessary. In the process, the employee master data is created on the basis of existing user account master data. This mechanism can be implemented if a new user account is created manually or by synchronization. However, this is not the One Identity Manager default method. You must define criteria for finding employees for automatic employee assignment.
  • Employees and user accounts can be entered manually and assigned to each other.
Related topics

For more detailed information about employee handling and administration, see the One Identity Manager Target System Base Module Administration Guide.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating