Quantcast
Channel: SCN: Message List - SAP Identity Management
Viewing all 5016 articles
Browse latest View live

IDM8: How to customize Provisiong Framework

December 1, 2015, 7:20 am
$
0
0

Hi all

I have a brand new IDM 8 installation at hand and imported the provisiong framework / the different packages.

Now I'd like to customize a few things and don't know what's the best approach. Btw, where is this kind of framework customization documented?

 

In IdM 7.2

* you created Job folders for every single Repository, because you had to customize each Initial Load pass (e.g. "Write only when adding entry") separatly.

* you made a copy of the Create/ModifyABAPUser Task, added/removed Attributes you did'nt need and _linked_ this Task into the source task in the provisoning framework.

 

How is this handled in IDM8?

 

Regards

Michael

Search

Re: User deletion: mskeyvalue replaced by MX_

December 1, 2015, 11:29 am
$
0
0

Hi,

 

The provisioning queue is empty. The user was created using the Add User... option under the Identity store (without admin privs)

 

thanks!

Re: IDM8: How to customize Provisiong Framework

December 1, 2015, 11:41 am
$
0
0

Hi Michael,

 

For the customization part, I copy what I need to change from the standard provisioning framework package to the custom package.

 

I then disable the task in the standard (check out first, disable, check in)

 

Example: I need to change the "Create Identity' task.

 

I check out the standard package, disable the create identity, copy the webtask, paste it in the custom package, check in the standard package and do all the changes

 

The standard package will be left intact and used as reference in case I need to recreate some jobs.

 

Regards,

 

Marco

Re: SAP IDM 8.0 SP1: Issue with Developer studio login

December 1, 2015, 3:02 pm
$
0
0

Hi Yatin,

 

Thanks, we had working system until we upgraded IDM components to SP1. So not sure how the things you mentioned would have changed.

 

I'm using same JVM and certificate is there in cacerts. Let me know how you resolved.

 

Kind regards,

Jai

Re: IDM8: How to customize Provisiong Framework

December 2, 2015, 12:40 am
$
0
0

Thanks Marco.

How do you handle Initial Load Jobs per Repository?

Do you import the abap package multiple times, once for each repository?

Do you create copies of the standard Initial Load for each repository?

Re: User deletion: mskeyvalue replaced by MX_

December 2, 2015, 2:37 am
$
0
0

Hello Marco,

 

just tried to reproduce this on our test system but I cannot seem to do it but we are not running SP10 admittedly. Can you check if you find anything for one of these users in the audit table? If you created the guy directly via the add user option and afterwards deleted him via a Job and changetype delete there should probably be nothing in there. Is this happening for all of your users? Does the same happen when you for example try to delete a privilege or a business role?

 

Regards

Tobias

Importing profit center hierarchy into IDM

December 2, 2015, 4:14 am
$
0
0

Hi,

 

We are currently implementing context-based assignments on business roles and privileges.

The customers require that we use profit centers and profit center groups as contexts.

 

My question is:

How do we import the profit center hierarchy from ERP to IDM? We have not found a

connector that allows us to do this directly. We have looked into the fromSAP connector, but it

does not allow profit center as an entrytype parameter.

 

We know that the parameter "Table" can be used to import a given SAP table, for example

"CEPC" (Profit centers), "SETNODE" and "SETHEADER" (Profit center group). This is not

a feasible solution as the amount of data transferred exceeds the system memory capacity

because no filtering is allowed as far as we know.

 

We are using IDM 7.2 SP9, Windows Server, MS SQL Server.

 

Any ideas?

Re: IDM8: How to customize Provisiong Framework

December 2, 2015, 6:00 am
$
0
0

Hi Michael,

 

Initial loads are Per repository. I usually take the standard, copy it to a job folder for each repository. So yes, you can copy them and customize them for each repository depending on your needs.

 

As for the ABAP package, you only need to import it once. It will be used by all repositories.

 

regards,

 

Marco

Search

Re: User deletion: mskeyvalue replaced by MX_

December 2, 2015, 8:21 am
$
0
0

Hi Tobias,

 

There's nothing on the provisioning or audit tables. It's a fresh new install. No provisioning framework has been imported yet, no repositories, no privileges or business roles.

 

As soon as I finish setting up the config point, I added the user manually. Created a to IS pass:

     mskeyvalue: testuser and changetype: delete.

 

Thanks for your help

 

Marco

Re: User deletion: mskeyvalue replaced by MX_

December 2, 2015, 11:06 am
$
0
0

Hi Marco,

 

I would agree with Tobias' comments, however I have seen one other scenario where this happens, and it is when provisioning goes through without an explicitly defined MSKEYVALUE.  It takes a little bit of work but it can happen.

 

This could also happen if the deprovisioning process gets interrupted or if the IDM account is removed and then the identity is reconciled (as opposed to loaded) back into IDM.

 

Most updates to IDM have tried to address this, but I guess it can still happen.

 

Matt

Re: Importing profit center hierarchy into IDM

December 2, 2015, 11:09 am
$
0
0

Hi Thomas,

 

That's an interesting one.  I don't believe that functionality is specifically supported in the IDM Provisioning framework.

 

There would be a number of ways that I could think of addressing this but it really depends on what the actual data looks like (Sorry I am more of a IDM expert than a SAP Systems Expert)

 

I would guess that it would somehow be possible to bring in the hierarchy as a custom entry type that could be related to MX_PERSON, or just imported as an attribute that is assignable to users with the profit-center ONLLY privilege. 

 

At the end of the day, it just might be best to put your idea for supporting this functionality on the SAP NetWeaver Identity Management (SAP IDM): Idea Place.

 

 

Hope this helps somewhat...

 

Matt

Re: IDM 7.2 Oracle JDBC connection with OCI8 Driver?

December 2, 2015, 11:13 am
$
0
0

Hi Mathias,

 

My first thought would be to check the PAM, to see if it's listed there, but somehow I don't think so.

 

I would assume that it should work, but then there's the additional complexity of integrating with Dataguard.  So unfortunately I can only reccomend:

 

1. Testing in a DEV environment.

2. Opening a Support Note to see what SAP has to say, and keep them posted about your findings.

 

Sorry I can't be more helpful.

 

Matt

Is MS Exchange 2013 supported on SAP IdM

December 2, 2015, 4:19 pm
$
0
0

Hello,

 

I am trying to provision Microsoft exchange using IdM 8.0, but I can´t find any information on version 2013. Can anyone tell me if this version is supported and if the standard connection works?

 

Thank you.

Re: Is MS Exchange 2013 supported on SAP IdM

December 2, 2015, 4:57 pm
$
0
0

Hi Catherine,

 

There's no reason it wouldn't work, but I don't know if the Product team has updated the configuration yet.

 

You could try referring to this document: SAP NetWeaver Identity Management Identity Center: Implementing and Configuring the Template for Microsoft Exchange 2007 and 2010

 

The 2010 stuff should work for 2013, and you can import the job to IDM 8 (the import process will convert everything)

 

Or you could just use the documentation as a starting point for building it yourself.

 

Let us know how it goes!

 

Matt

Re: IDM 7.2 Oracle JDBC connection with OCI8 Driver?

December 2, 2015, 11:12 pm
$
0
0

Hi Matt, Thanks for your suggestions. I opened later a SAP OSS Call. In this I have also described the problem. I got in response: In this constellation, we should even use the OCI8 driver. Basically, it should be noted, that SAP makes to the SAP Notes contradictory information. Mathias

Search

Re: User deletion: mskeyvalue replaced by MX_

December 3, 2015, 12:57 am
$
0
0

Hello Marco,

 

OK, this is a little bit of a special case then. You will have pretty severe issues in the complete IDM system if you do not import the provisioning framework. If you for example create an initial load job for a repository through the wizard everything will be set up by the system but you will encounter all global scripts being used within the job are empty for example.

 

To be honest I do not know if this can also be the root cause for your deletion behaviour but I would really suggest to import the provisioning framework first, since the behaviour you are encountering is usually triggered by different situations coming together as Matt and I pointed out. But since you do not have anything imported into your IDstore this changes the game a bit.

 

Regards

Tobias

Re: Error on log on in IDM development studio eclipse

December 3, 2015, 4:14 am
$
0
0

Hello Jai,

thanks for your answer. Sorry that i am answer so late.

 

Next Week i will have a Training for idm at sap Germany.

 

Best regards

Andreas

Re: User deletion: mskeyvalue replaced by MX_

December 3, 2015, 6:06 am
$
0
0

Thanks to both of you for your replies,

 

This "empty" environment is the second that I installed for troubleshooting purposes. The first being a fully deployed environment, with a provisioning framework, etc.. and having the same issue.

 

I'll just assume it works as designed

 

Thanks again!

 

Marco

Re: User deletion: mskeyvalue replaced by MX_

December 3, 2015, 8:52 am
$
0
0

Hello Marco,

 

this depends a little bit on the frequency this occurs when users are deleted in your system. If it happens all the time I would recommend to review the deletion process for users. E.g. what is running prior to this, what is the condition a user needs to be in in your system when it is deleted etc.

and if nothing can be found there, open a case with SAP to report this so they have a look at your system.

 

If this only happens occaisonally it might be something you have to cope with and fix the cases manually, (unfortunately) yes.

 

Regards

Tobias

Re: Is MS Exchange 2013 supported on SAP IdM

December 3, 2015, 4:00 pm
Viewing all 5016 articles
Browse latest View live
Search

Latest Images

7 clever tricks Primark does to keep you walking & buying more than you need...

7 clever tricks Primark does to keep you walking & buying more than you need...

July 20, 2025, 5:14 am
Art for Everyone! Autism advocacy, local stories, and indigenous pride in one...

Art for Everyone! Autism advocacy, local stories, and indigenous pride in one...

July 20, 2025, 5:06 am
Paintings of English Downs 2

Paintings of English Downs 2

July 20, 2025, 4:30 am
How Kerala Women Rescued a Dying Forest and Turned It Into a Safe Haven for...

How Kerala Women Rescued a Dying Forest and Turned It Into a Safe Haven for...

July 20, 2025, 3:30 am
Met Eireann warns of heavy rain & spot flooding for DAYS before big...

Met Eireann warns of heavy rain & spot flooding for DAYS before big...

July 20, 2025, 1:14 am
Who is Kevin Lerena’s wife Geraldine?

Who is Kevin Lerena’s wife Geraldine?

July 20, 2025, 12:57 am
Man stabs woman, baby to death inside Queens home, police say

Man stabs woman, baby to death inside Queens home, police say

July 19, 2025, 11:00 pm
Ang papel ni whistleblower Julie Patidongan sa kaso ng mga nawawalang sabungero

Ang papel ni whistleblower Julie Patidongan sa kaso ng mga nawawalang sabungero

July 19, 2025, 9:45 pm
Telangana Human Rights Commission (TGHRC) seeks report from revenue dept on...

Telangana Human Rights Commission (TGHRC) seeks report from revenue dept on...

July 19, 2025, 7:29 pm
Crisis-hit NHS fat cats raking in MASSIVE salaries as frontline services cry...

Crisis-hit NHS fat cats raking in MASSIVE salaries as frontline services cry...

July 19, 2025, 2:11 pm
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>