Re: Generating and sending random password by email
If you are interested in a quick'n'dirty solution, the standard system generates passwords using the function module SUSR_GENERATE_PASSWORD.
View ArticleRe: Generating and sending random password by email
Generating a password is pretty easy - a javascript will doit for you with parameters. You can load that into an attribute on the user for the repository ($rep.Name_Password) and have that in the...
View ArticleRe: Generating and sending random password by email
Samuli, Unfortunately we can not access that type of functionality within IDM. However as Peter mentioned, there is the ability to generate passwords via the Provisioning Framework. Matt
View ArticleClik here to view.
Re: Generating and sending random password by email
I think it might be best to recycle SAP's standard here, study the HCM integration case and how the passwords are generated in the event task that moves the identity from Staging Id Store to Productive...
View ArticleClik here to view.
Delete Role Assignments directly from an ABAP System
Hi folks! I'm working on a synchronization job and I have a particular challenge, delete Roles assigned to a user in the ABAP System. Our use case is this: IDM is regarded as the authoritative source...
View ArticleClik here to view.
Re: Delete Role Assignments directly from an ABAP System
Hello Matt, did I understand correctly: you have a user in IdM, who has an account in the ABAP backend. And you have assigned ABAP roles to this user via IdM. Now - for some reason - the user has more...
View ArticleRe: Delete Role Assignments directly from an ABAP System
How do you find the mismatches in first place? In a job that you execute per each repository? Then you should have a list of valid privileges per the repository per user available readily from IdM and...
View ArticleRe: Delete Role Assignments directly from an ABAP System
Hi Matt , As part of the Sync Job if we find mismatches for the user , we can call an ADMIN type Job for synchronization . We can call the function uIS_PrivReconcile() or any reconcile internal...
View ArticleRe: Delete Role Assignments directly from an ABAP System
Tero, I looked at this and was concerned by the fact that the script was concerned with pending privileges. Matt
View ArticleClik here to view.
Re: Delete Role Assignments directly from an ABAP System
Steffi, that's exactly the use case. We have some very dirty data that we need to clean up. Ongoing reconciliation allows us to make sure that only authorized changes (those done from IDM) are kept...
View ArticleRe: Delete Role Assignments directly from an ABAP System
Jerry, That makes the most sense. I'll be looking into this in more detail, but I think it's the way to go. Matt
View ArticleRe: Delete Role Assignments directly from an ABAP System
Hello Matt, so you want to remove local administrated role? If the object really is to undo the local administration, I would do this:Create a batch job, the passes would be a FromSAP, a ToGeneric and...
View ArticleRe: Issue on initial load write to Identity Store pass
Hi Laurent , Can you please check whether below mentioned parameters are set for "Create Account Privilege or Create System Privilege Pass" 1 . Tab "Repository " - Is it linked to Repository MD1100 -...
View ArticleRe: Reg: IDM MMC Access on Administrator's desktops/laptops
Can your guys get remote desktop access to the server? How large is the team? With admins do you mean strictly admins or also developers? It's possible to do development with MMC installed to your own...
View ArticleRe: AD User Management with IDM
Thanks Peter,The plan is to take over all AD user management with IDM. However, I don't know java script but I am proficient with PowerShell - and have many a script running in the environment today.I...
View ArticleRe: AD User Management with IDM
Matt,You are correct. My security folks are looking for IDM to provide the auditing they lack today.I didn't know about the generic connector. If I can put PowerShell behind IDM then I would continue...
View ArticleClik here to view.
Re: AD User Management with IDM
Paul, Not my first Rodeo It's a pretty common implementation model, fortunately there are many ways to work with it. If this addresses your question, please mark the correct answer so others can...
View ArticleClik here to view.
Re: AD User Management with IDM
Well I am small and green I find it scary how may people (usually management!) think that they can implement this like Windows - install it and it just works. IDM without a good plan will fail. Get...
View ArticleRe: AD User Management with IDM
No problems Paul. Javascript is pretty straight forward, and usually you don't have to be a wiz to get it moving. Be aware though that 'all AD management' is a bit crazy. User/Group management? Sure,...
View Article
