Chat now with support
Chat with Support

Identity Manager 8.1.4 - Administration Guide for Connecting to SAP R/3

Managing SAP R/3 environments Setting up SAP R/3 synchronization Basic data for managing an SAP R/3 environment Basic data for user account administration SAP systems SAP clients SAP user accounts SAP groups, SAP roles, and SAP profiles SAP products Providing system measurement data Reports about SAP systems Configuration parameters for managing an SAP R/3 environment Default project templates for synchronizing an SAP R/3 environment Referenced SAP R/3 table and BAPI calls Example of a schema extension file

Configuration parameters for managing an SAP R/3 environment

The following configuration parameters are additionally available in One Identity Manager after the module has been installed.

Table 79: Configuration parameter

Configuration parameter

Description

TargetSystem | SAPR3

SAP is supported. The parameter is a precompiler dependent configuration parameter. Changes to the parameter require recompiling the database.

TargetSystem | SAPR3 | Accounts

Default values should be used for SAP user accounts.

TargetSystem | SAPR3 | Accounts | CalculateLicence

Parameter for controlling the calculation of SAP system measurement for SAP user accounts.

TargetSystem | SAPR3 | Accounts | Datfm

Specifies the default date format for SAP user accounts.

TargetSystem | SAPR3 | Accounts | Dcpfm

Specifies the default decimal point format for SAP user accounts.

TargetSystem | SAPR3 | Accounts | ExtID_Type

Specifies the default type for external identification of SAP user accounts.

TargetSystem | SAPR3 | Accounts | Fax_Group

Specifies the default fax group for SAP user accounts.

TargetSystem | SAPR3 | Accounts | Guiflag

Specifies whether secure communication is permitted for SAP user accounts.

TargetSystem | SAPR3 | Accounts | InitialRandomPassword

This configuration parameter specifies whether a random generated password is issued when a new user account is added. The password must contain at least those character sets that are defined in the password policy.

TargetSystem | SAPR3 | Accounts | InitialRandomPassword |
SendTo

This configuration parameter specifies to which employee the email with the random generated password should be sent (manager cost center/department/location/business role, employee’s manager or XUserInserted). If no recipient can be found, the password is sent to the address stored in the "TargetSystem | SAPR3 | DefaultAddress" configuration parameter.

TargetSystem | SAPR3 | Accounts | InitialRandomPassword |
SendTo | MailTemplateAccountName

This configuration parameter contains the name of the mail template sent to provide users with the login data for their user accounts. The Employee - new user account created mail template is used.

TargetSystem | SAPR3 | Accounts | InitialRandomPassword |
SendTo | MailTemplatePassword

This configuration parameter contains the name of the mail template sent to provide users with information about their initial password. The Employee - initial password for new user account mail template is used.

TargetSystem | SAPR3 | Accounts | Langu_p

Specifies default language key for SAP users.

TargetSystem | SAPR3 | Accounts | Langup_iso

Specifies default language (ISO 639).

TargetSystem | SAPR3 | Accounts | MailTemplateDefaultValues

This configuration parameter contains the mail template used to send notifications if default IT operating data mapping values are used for automatically creating a user account. The Employee - new user account with default properties created mail template is used.

TargetSystem | SAPR3 | Accounts | Spda

Specifies default setting for printer parameter 3 (delete after print).

TargetSystem | SAPR3 | Accounts | Spdb

Specifies default setting for printer parameter 3 (print immediately).

TargetSystem | SAPR3 | Accounts | Splg

Specifies the default printer (print parameter 1).

TargetSystem | SAPR3 | Accounts | TargetSystemID

Specifies default target system identification for mapping external users.

TargetSystem | SAPR3 | Accounts | Time_zone

Specifies the default time zone value for the SAP user account’s address.

TargetSystem | SAPR3 | Accounts | Tzone

Specifies the default value for the time zone.

TargetSystem | SAPR3 | Accounts | Ustyp

Specifies the default user type for SAP user accounts.

TargetSystem | SAPR3 | AutoCreateDepartment

This configuration parameter specifies whether departments are automatically created when user accounts are modified or synchronized.

TargetSystem | SAPR3 | DefaultAddress

Default email address (recipient) for messages about actions in the target system.

TargetSystem | SAPR3 | KeepRedundantProfiles

This configuration parameter regulates behavior for handling single role and profile assignments to users.

If the parameter is set, the user's single roles or profiles, which are already part of the user's composite roles, are retained.

If the parameter is not set, the user's single roles or profiles, which are already part of the user's composite roles, are removed (default).

TargetSystem | SAPR3 | MaxFullsyncDuration

Specifies the maximum runtime for synchronization.

TargetSystem | SAPR3 | PersonAutoDefault

This configuration parameter specifies the mode for automatic employee assignment for user accounts added to the database outside synchronization.

TargetSystem | SAPR3 | PersonAutoDisabledAccounts

This configuration parameter specifies whether employees are automatically assigned to disabled user accounts. User accounts do not obtain an account definition.

TargetSystem | SAPR3 | PersonAutoFullsync

This configuration parameter specifies the mode for automatic employee assignment for user accounts added to or updated in the database through synchronization.

TargetSystem | SAPR3 | ValidDateHandling

This configuration parameter is for handling validity periods in SAP role and structural profile assignments to SAP user accounts.

TargetSystem | SAPR3 | ValidDateHandling |
DoNotUsePWODate

This configuration parameter specifies whether the validity period is taken from the request and copied to the SAP role and structural profile assignments to SAP user accounts. If the configuration parameter is set, the Valid from and Valid until dates are not copies from the request to the assignments.

TargetSystem | SAPR3 | ValidDateHandling |
ReuseInheritedDate

Controls reuse of existing SAP role and structural profile assignments to SAP user accounts.

If this configuration parameter is set, existing assignments are reused if the same assignment is created by different means of inheritance and the validity period matches.

TargetSystem | SAPR3 | ValidDateHandling |
ReuseInheritedDate | UseTodayForInheritedValidFrom

This configuration parameter specifies whether the Valid from data of indirect SAP role and structural profile assignments to SAP user accounts is set to <today> or to 1900-01-01.

TargetSystem | SAPR3 | VerifyUpdates

This configuration parameter specifies whether modified properties are checked by updating. If this parameter is set, the objects in the target system are verified after every update.

Default project templates for synchronizing an SAP R/3 environment

A default project template ensures that all required information is added in One Identity Manager. This includes mappings, workflows, and the synchronization base object. If you do not use a default project template you must declare the synchronization base object in One Identity Manager yourself.

Use a default project template for initially setting up the synchronization project. For custom implementations, you can extend the synchronization project with the Synchronization Editor.

Detailed information about this topic

Project template for client without CUA

Use "SAP® R/3® synchronization (base administration)" to synchronize clients that are not connected to a central user administration. The template uses mappings for the following schema types.

Table 80: Mapping SAP R/3 schema types to tables in the One Identity Manager schema.
Schema type in the target system Table in the One Identity Manager Schema
Company SAPCompany
GROUP SAPGrp
LICENSETYPE SAPLicence
LicenceExtension SAPLicenceExtension
LoginLanguage SAPLoginLanguages
CLIENT SAPMandant
Parameters SAPParameter
Printer SAPPrinter
PROFILE SAPProfile
ProfileInProfile SAPProfileInSAPProfile
ProfileInRole SAPProfileInSAPRole
PROFITCENTER SAPProfitCenter
ROLE SAPRole
RoleInRole SAPRoleInSAPRole
STARTMENUE SAPStartMenu
SAPTSAD3T SAPTitle
USER SAPUser
UserComFax SAPComFax
UserComPhone SAPComPhone
UserComSMTP SAPComSMTP
SAPCOMMTYPE SAPCommType
UserExtId SAPUserExtId
UserHasParameter SAPUserHasParameter
UserInGroup SAPUserInSAPGrp
UserInProfile SAPUserInSAPProfile
UserInRole SAPUserInSAPRole

Project template for the CUA central system

Use "SAP® R/3® synchronization (base administration)" to synchronize a central user administration central system. The template uses mappings for the following schema types.

Table 81: Mapping SAP R/3 schema types to tables in the One Identity Manager schema.
Schema type in the target system Table in the One Identity Manager Schema
ALE SAPMandant
CLIENT SAPMandant
Company SAPCompany
GROUP SAPGrp
LICENSETYPE SAPLicence
LicenceExtension SAPLicenceExtension
LoginLanguage SAPLoginLanguages
Parameters SAPParameter
Printer SAPPrinter
CUAProfile SAPProfile
ProfileInProfile SAPProfileInSAPProfile
ProfileInRole SAPProfileInSAPRole
PROFITCENTER SAPProfitCenter
CUARole SAPRole
RoleInRole SAPRoleInSAPRole
STARTMENUE SAPStartMenu
SAPTSAD3T SAPTitle
USER SAPUser
UserComFax SAPComFax
UserComPhone SAPComPhone
UserComSMTP SAPComSMTP
UserExtId SAPUserExtId
UserHasLicense SAPUserHasLicence
UserHasParameter SAPUserHasParameter
UserInGroup SAPUserInSAPGrp
UserInMandant SAPUserInSAPMandant
UserInCUAProfile SAPUserInSAPProfile
UserInCUARole SAPUserInSAPRole
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating