test

Sun Identity Manager 8.1 Resources Reference

Chapter 34 SAP HR Active Sync

The SAP HR Active Sync adapter supportsIdentity Manager provides resource adapters for supporting the following versions of SAP HR:

Adapter Details

The following table summarizes the attributes of the SAP HR Active Sync adapter:

GUI Name  

Class Name  

SAP HR Active Sync 

com.waveset.adapter.SAPHRActiveSyncAdapter

Note –

As of Identity Manager 6.0, the SAP HR Active Sync account attributes have a new format. The resource user attributes in the schema map are now separated by : (colon) instead of _ (underscore). This allows an attribute from SAP HR to be a path to arbitrarily deep attributes instead of a simple attribute within the infotype. If you are upgrading either of these products from a previous version, the default attributes are renamed by default as part of the update script. The ResourceUpdater will print a message if it had a problem converting an attribute. However, you should review your account attributes to ensure the conversion was successful.

Resource Configuration Notes

This section provides configuration notes that are unique to the SAP resource adapter and to the SAP HR Active Sync adapter.

The SAP Application Link Enabling (ALE) technology enables communication between SAP and external systems, such as Identity Manager. The SAP HR Active Sync adapter uses an outbound ALE interface. In an outbound ALE interface, the base logical system becomes the sender for outbound messages and the receiver of inbound messages. A SAP user will likely be logged into the base logical system/client when making changes to the database (for example, hiring an employee, updating position data, terminating an employee, etc.) A logical system/client must also be defined for the receiving client. This logical system will act as the receiver of outbound messages. As for the message type between the two systems, the Active Sync adapter uses a HRMD_A message type. A message type characterizes data being sent across the systems and relates to the structure of the data, also known as an IDoc type (for example, HRMD_A05).

Note –

You must configure the SAP system parameters to enable Application Link Enabling (ALE) processing of HRMD_A IDocs. This allows for data distribution between two application systems, also referred to as messaging.

Creating a Logical System

Depending on your current SAP environment, you might not need to create a logical system. You might only need to modify an existing Distribution Model by adding the HRMD_ A message type to a previously configured Model View. It is important, however, that you follow SAP’s recommendations for logical systems and configuring your ALE network. The following instructions assume that you are creating new logical systems and a new model view.

ProcedureCreating a Logical System and New Model View

  1. Enter transaction code SPRO, then display the SAP Reference IMGproject (or the project applicable to your organization).

  2. Based on the SAP version you are using, perform one of the following:

    • For SAP HR 4.6, click Basic Components > Application Link Enabling (ALE) > Sending and Receiving Systems > Logical Systems > Define Logical System.

      • For SAP HR 4.7, click SAP Web Application Server, > Application Link Enabling (ALE) > Sending and Receiving Systems > Logical Systems > Define Logical System.

      • For SAP HR 5.0, click SAP Netweaver > SAP Web Application Server > IDOC Interface/Application Link Enabling (ALE) > Basic Settings > Logical Systems > Define Logical System.

      • For SAP HR 6.0, click SAP Netweaver > Web Application Server > IDOC Interface/Application Link Enabling (ALE) > Basic Settings > Logical Systems > Define Logical System.

  3. Click Edit > New Entries.

  4. Enter a name and a description for the logical system you want to create (IDMGR).

  5. Save your entry.

Assigning a Client to the Logical System

ProcedureHow to Assign a Client to the Logical System

  1. Enter transaction code SPRO, then display the SAP Reference IMGproject (or the project applicable to your organization).

  2. Based on the SAP version you are using, perform one of the following:

    • For SAP 4.6, click Basis Components > Application Link Enabling (ALE) > Sending and Receiving Systems > Logical Systems > Assign Client to Logical System.

      • For SAP 4.7, click SAP Web Application Server > Application Link Enabling (ALE) > Sending and Receiving Systems > Logical Systems > Assign Client to Logical System.

      • For SAP 5.0, click SAP Netweaver > SAP Web Application Server > IDOC Interface/Application Link Enabling (ALE) > Basic Settings > Logical Systems > Assign Client to Logical System.

      • For SAP HR 6.0, click SAP Netweaver > Web Application Server > IDOC Interface/Application Link Enabling (ALE) > Basic Settings > Logical Systems > Define Logical System.

  3. Select the client.

  4. Click GOTO > Details to display the Client Details dialog box.

  5. In the Logical System field, enter the logical system you want to assign to this client.

  6. In the Changes and Transports for Clients section, click Automatic Recording of Changes.

  7. Save your entry.

Creating a Distribution Model

ProcedureTo Create a Distribution Model

  1. Verify that you are logged on to the sending system/client.

  2. Enter transaction code BD64. Ensure that you are in Change mode.

  3. Click Edit > Model View > Create.

  4. Enter the short and technical names for your view, as well as the start and end date, then click Continue.

  5. Select the view you created, then click Add Message Type.

  6. Define the sender/logical system name.

  7. Define the receiver/server name.

  8. In the Protection Client Copier and Comparison Tool section, click Protection Level: No Restriction.

  9. Define the Message Type you want to use (HRMD_A), then click Continue.

  10. Click Save.

Registering the RFC Server Module with the SAP Gateway

During initialization, the Active Sync adapter registers with the SAP Gateway. It uses “IDMRFC” for its ID. This value must match the value set in the SAP application. You must configure the SAP application so that the RFC Server Module can create a handle to it.

ProcedureRegistering the RFC Server Module as an RFC Destination

  1. In the SAP application, go to transaction SM59.

  2. Expand the TCP/IP connections directory.

  3. Click Create (F8).

  4. In the RFC destination field, enter the name of the RFC destination system. (IDMRFC).

  5. Set the connection type to T (Start an external program through TCP/IP).

  6. Enter a description for the new RFC destination, and then click Save.

  7. Click the Registration Server Program radio button in the Activation Type pane.

  8. Set the Program ID in the Start on Application Server pane. You should use the same value as the RFC destination (IDMRFC), and then click Enter.

  9. If the SAP system is a Unicode system, the port must be configured for Unicode. Click the Special Options tab (MDMP & Unicode tab on some systems), and look for the Character Width In Target System section. There is a setting for unicode and non-unicode.

  10. Using the buttons at the top - Test Connection and Unicode Test - test the connection to the Identity Manager resource. You must have the adapter started for the test to pass.

Creating a Port Definition

The port is the communication channel to which IDocs are sent. The port describes the technical link between the sending and receiving systems. You should configure an RFC port for this solution.

ProcedureCreating a Port Definition

  1. Enter transaction code WE21.

  2. Select Transactional RFC, then click the Create icon. Enter IDMRFC for the RFC Destination.

  3. Save your changes.

Generating Partner Profiles

The system automatically generates a partner profile or you can manually maintain the profile.

Note –

If you are using an existing distribution model and partner profile, you do not need to automatically generate a partner profile. Instead, you can modify it to include the HRMD_A message type.

ProcedureAutomatically Generating a Partner Profile

  1. Enter transaction code BD82.

  2. Select the Model View. This should be the Model View previously created.

  3. Ensure the Transfer IDoc immediately and Trigger Immediately radio buttons are selected.

  4. Click Execute.

Modifying the Port Definition

When you generated a partner profile, the port definition might have been entered incorrectly. For your system to work properly, you need to modify the port definition.

ProcedureTo Modify the Port Definition

  1. Enter transaction code WE20.

  2. Select Partner Type LS.

  3. Select your receiving partner profile.

  4. Select Outbound Parameters, then click Display. (On some systems, click the “+” icon beneath the Outbound Parameters box.)

  5. Select message type HRMD_A.

  6. Click Outbound Options, then modify the receiver port so it is the RFC port name you created (IDMGR).

  7. From the Output Mode, select Transfer IDoc Immediately to send IDocs immediately after they are created.

  8. From the IDoc Type section, select a basictype:

    • For SAP HR 4.6, select HRMD_A05

      • For SAP HR 4.7 or 5.0, select HRMD_A06

  9. Click Continue/Save.

Generating an IDoc

ProcedureTo Generate an IDoc

  1. Enter transaction code PFAL.

  2. Insert the Object Type P for person objects.

  3. Enter an Employee’s ID for the Object ID or select a range of employees.

  4. Click Execute.

  5. Ensure that the status is set to “passed to port okay.”

  6. The IDoc has been created. Check the Active Sync adapter log file to verify that an update was received.

Object Types in the iDoc

The “objecttypes to read from SAP HR” resource attribute allows processing of different iDoc types from SAP HR. Identity Manager determines the object type by checking the OTYPE of the iDoc. This multivalued attribute supports any combination of the following values: P, CP, S, C and O.

Not all available object types are resource objects. The following mapping applies to the object types:

Identity Manager process the user-related iDoc's types P and CP if no object types are configures, and these object types will provide the basic user information.

The user-related iDocs not only process iDoc data, but trigger BAPI calls unless the resource is configured not to do so. You must configure the “Process rule” on the resource if the objects O and/or C are processed. Via the process rule, you must allow for two distinct object types to be processed. User-related objects (iDoc types P, CP, and S) will have the accountId mapped to the SAP HR PERNR as before. The O and C type do not have a relation to a person and consequently will not have an accountId mapped. The other attribute that allows for object type identification is the OTYPE from the iDoc when mapped.

Any attribute from the iDoc must be mapped in the resource configuration to be returned to the Identity Manager server. All object types support future processing.

Activating Change Pointers

To activate change pointers globally:

ProcedureActivating Change Pointers Globally

  1. Enter transaction code BD61.

  2. Enable the Change Pointers Active tab.

    To activate change pointers for a message type:

  3. Enter transaction code BD50.

  4. Scroll to the HRMD_A message type.

  5. Check the HRMD_A check box, then click Save.

Scheduling a Job for Change Pointer Processing

ProcedureTo Schedule a Job for Change Pointer Processing

  1. Enter transaction code SE38 to begin defining the variant.

  2. Select the RBDMIDOC program, then click the Create icon.

  3. Name the variant and give it a description (Make note of the variant name so you can use it when scheduling the job).

  4. Select the HRMD_A message type, then click Save. You will be prompted to select variant attributes. Select the background processing attribute.

  5. Click Save.

Scheduling a Job

ProcedureTo Schedule a Job

  1. Enter transaction code SM36.

  2. Name the job.

  3. Assign Job Class. Job Class is the priority in which jobs are processed. Class A is the highest priority and will be processed first. For a production environment, assign the class to B or C.

  4. Schedule a start time. Click the Start Condition tab, then click Date and Time. Enter a scheduled start time, which must be a future event.

    1. Mark the job as a periodic job. Click the Periodic Values tab, schedule how frequently you want the job to run, then press Enter. For testing purposes, setting this period to 5 minutes.

    2. Click Save.

  5. Define the job steps.

    1. Enter the ABAP program name: RBDMIDOC.

    2. Select the variant you created in the previous step.

  6. Click Save (Note: Click Save once; otherwise, the job will be scheduled to run multiple times).

Testing the Change Pointer Configuration

ProcedureTo Test the Change Pointer Configuration

  1. From the SAP client, hire an employee.

  2. Ensure that an IDoc was created. You can verify IDoc creation in two locations:

    • Enter transaction code WE02, enter search date parameters and generate a list of generated IDOCs

      • Check the SAP HR Active Sync adapter log

Creating a CPIC User

SAP Basis users are client-dependent. For each SAP HR Active Sync adapter that will be using the driver, a system user with CPIC access must be created.

ProcedureTo Create a CPIC User

  1. From User Maintenance in SAP, enter a username in the user dialog box, then click the Create icon.

  2. Click the Address tab, then enter data in the last name and format fields.

  3. Click the Logon Data tab, then define the initial password and set the user type to CPIC.

  4. Click the Profiles tab, then add the SAP_ALL, SAP_NEW and S_A.CPIC profiles.

  5. Click Save.

    Note –

    Initially, you can create a dialog user to test your SAP system configuration. If there are processing problems, you can analyze the dialog user in the debugger. You should also log into the SAP system once to set this user’s password. After the system is tested and works properly, you should switch to a CPIC user for security measures.

Identity Manager Installation Notes

The SAP resource adapters are custom adapters. You must perform the following steps to complete the installation process:

ProcedureInstalling the SAP Resource Adapter

  1. Download the JCo (Java Connector) toolkit from http://service.sap.com/connectors. (Access to the SAP JCO download pages require a login and password.) The toolkit will have a name similar to sapjco-ntintel-2.1.8.zip. This name will vary depending on the platform and version selected.

    Note –

    Make sure that the JCo toolkit you download matches the bit version of Java your application server runs on. For example, JCo is available in only in the 64-bit version on the Solaris x86 platform. Therefore, your application server must be running the 64-bit version on the Solaris x86 platform.

  2. Unzip the toolkit and follow the installation instructions. Be sure to place library files in the correct location and to set the environment variables as directed.

  3. Copy the sapjco.jar file to the InstallDir\WEB-INF\lib directory.

  4. Download the SAP Java Base IDoc Class Library. The library will be in a zip file with a name similar to sapidoc-1.0.1.zip.

  5. Unzip the library and follow the installation instructions.

  6. Copy the sapidoc.jar file to the InstallDir\WEB-INF\lib directory.

  7. Download the SAP Java Connector IDoc Class Library. The library will be in a zip file with a name similar to sapidocjco-1.0.1.zip.

  8. Unzip the library and follow the installation instructions.

  9. Copy the sapidocjco.jar file to the InstallDir\WEB-INF\lib directory.

Usage Notes

This section provides information related to using the SAP HR Active Sync resource adapter, which is organized into the following sections:

General Notes

The following general notes are provided for the resource:

Enabling Secure Network Communications (SNC) Connections

By default, the SAP adapter uses the SAP Java Connector (JCo) to communicate with the SAP adapters. For information about implementing SNC connections, see Chapter 54, Enabling Secure Network Communications (SNC) Connections.

SAP JCO and RFC Tracing

The SAPHRActiveSyncAdapter provides resource attributes for SAP JCO and RFC tracing. They can be used to trace Identity Manager’s communication with the SAP system. The attributes are JCO Trace Level and JCO Trace Directory.

The following environment variables can be set in the environment to enable SAP RFC tracing. These variables must be set in the environment before starting the application server. They control the shared library that JCO uses to communicate with the SAP system.

Note –

If no JCO tracing is desired, set RFC_TRACE to 0 to ensure that no trace files are created.

Security Notes

This section provides information about supported connections and privilege requirements.

Supported Connections

Identity Manager uses BAPI over SAP Java Connector (JCo) to communicate with the SAP adapters.

Required Administrative Privileges

The user name that connects to SAP HR must be assigned to a role that can access the SAP HR users.

Provisioning Notes

The default SAP HR Active Sync adapter is read-only. You cannot use this adapter to create or modify accounts.

Feature  

Supported?  

Enable/disable account 

No 

Rename account 

No 

Pass-through authentication 

No 

Before/after actions 

No 

Data loading methods 

  • Import directly from resource

  • Active Sync (SAP HR Active Sync adapter only)

  • Reconciliation

Account Attributes

The account attributes in the schema map are now separated by a : (colon) instead of an _ (underscore). This allows an attribute from SAP HR to be a path to arbitrarily deep attributes instead of a simple attribute within the infotype.

The basic format of an attribute path is as follows:

infoType:subType:iDocDef:attrName
Note –

The iDocDef (IDoc definition) and attrName segments of an attribute path can be expanded.

An example valid attribute path is 0105:MAIL:E2P0105001:ID. The infoType is 0105, the subType is MAIL, the iDocDef is E2P0105001 and the attrName is ID.

If the desired attribute is deeper than the first IDoc definition, an arbitrary number of IDoc definitions can be specified before the attrName, as long as each one is separated by the delimiter : (colon). For example, 0002::E2P0002001:E2Q0002002:PERNR has the following elements:

infoType. 0002

subType. None. If an attribute does not have a subtype, use a null field or blank.

iDocDef1. E2P0002001

iDocDef2. E2Q0002002

attrName. PERNR

The IDoc Definition object can also be returned as a GenericObject. Using the above example, to get the IDoc Definition of E2Q0002002 as a GenericObject, the resource user attribute would be specified as 0002::E2P0002001:E2Q0002002 in the schema map.

In addition, [] (left and right brackets) can be appended to the pathname to indicate the attribute is a list. For example, if it is possible for a particular attribute to have multiple values, that attribute’s values will be returned as a list by appending [] to the attribute name. This example would be similar to the following:

1001:B008:E2P1001001:VARYF[]

If the attribute has multiple values but [] is not appended to the attribute name, the last value will be used as the value of the attribute.

By default, the following infotypes are supported:

Infotype

Name

Supported Subtypes

0000 

Actions 

Not applicable 

0001 

Organizational Assignment 

Not applicable 

0002 

Personal Data 

Not applicable 

0006 

Addresses 

01 (permanent residence), 03 (home residence) 

0105 

Communication 

MAIL (email address), 0010 (internet address) 

The following tables provide information about SAP HR Active Sync account attributes.

Actions Attributes

User Attribute

Resource Attribute Name

Description

actions_end_date

0000::E2P0000001:ENDDA 

End date 

actions_start_date

0000::E2P0000001:BEGDA 

Start date 

actions_sequence_number

0000::E2P0000001:SEQNR 

Number of Infotype record with same key 

actions_last_changed_by

0000::E2P0000001:UNAME 

Name of person who changed object 

actions_last_changed

0000::E2P0000001:AEDTM 

Last changed on 

actions_change_reason

0000::E2P0000001:PREAS 

Reason for changing master data 

actions_flag1

0000::E2P0000001:FLAG1 

Reserved Field/Unused Field 

actions_flag2

0000::E2P0000001:FLAG2 

Reserved Field/Unused Field 

actions_flag3

0000::E2P0000001:FLAG3 

Reserved Field/Unused Field 

actions_flag4

0000::E2P0000001:FLAG4 

Reserved Field/Unused Field 

actions_reserved1

0000::E2P0000001:RESE1 

Reserved Field/Unused Field of Length 2 

actions_reserved2

0000::E2P0000001:RESE2 

Reserved Field/Unused Field of Length 2 

actions_type

0000::E2P0000001:MASSN 

Action type 

actions_reason

0000::E2P0000001:MASSG 

Reason for action 

actions_customer_status

0000::E2P0000001:STAT1 

Customer-Specific Status 

actions_employment_status

0000::E2P0000001:STAT2 

Employment status 

actions_special_payment_status

0000::E2P0000001:STAT3 

Special payment status 

Organizational Assignment Attributes

User Attribute

Resource Attribute Name

Description

org_admingroup

0001::E2P0001001:ADMINGROUP 

Administrator Group 

org_bus_area

0001::E2P0001001:BUS_AREA 

Business Area 

org_ch_on

0001::E2P0001001:CH_ON 

Last changed on 

org_changed_by

0001::E2P0001001:CHANGED_BY 

Name of person who changed object 

org_cnfrm_flag

0001::E2P0001001:CNFRM_FLAG 

Confirmation Fields Exist 

org_co_area

0001::E2P0001001:CO_AREA 

Controlling Area 

org_comp_code

0001::E2P0001001:COMP_CODE 

Company Code 

org_contract

0001::E2P0001001:CONTRACT 

Work Contract 

org_costcenter

0001::E2P0001001:COSTCENTER 

Cost Center 

org_egroup

0001::E2P0001001:EGROUP 

Employee Group 

org_esubgroup

0001::E2P0001001:ESUBGROUP 

Employee Subgroup 

org_flag1

0001::E2P0001001:FLAG1 

Reserved Field/Unused Field 

org_flag2

0001::E2P0001001:FLAG2 

Reserved Field/Unused Field 

org_flag3

0001::E2P0001001:FLAG3 

Reserved Field/Unused Field 

org_flag4

0001::E2P0001001:FLAG4 

Reserved Field/Unused Field 

org_from_date

0001::E2P0001001:FROM_DATE 

Start Date 

org_fund

0001::E2P0001001:FUND 

Fund 

org_funds_ctr

0001::E2P0001001:FUNDS_CTR 

Funds Center 

org_hist_flag

0001::E2P0001001:HIST_FLAG 

Historical Record Flag 

org_infotype

0001::E2P0001001:INFOTYPE 

Infotype 

org_job

0001::E2P0001001:JOB 

Job 

org_jobtxt

0001::E2P0001001:JOBTXT 

 

org_leg_person

0001::E2P0001001:LEG_PERSON 

Legal Person 

org_lock_ind

0001::E2P0001001:LOCK_IND 

Lock Indicator for HR Master Data Record 

org_name

0001::E2P0001001:NAME 

Formatted Name of Employee or Applicant 

org_object_id

0001::E2P0001001:OBJECT_ID 

Object Identification 

org_objecttype

0001::E2P0001001:OBJECTTYPE 

Object Type 

org_org_key

0001::E2P0001001:ORG_KEY 

Organizational Key 

org_org_unit

0001::E2P0001001:ORG_UNIT 

Organizational Unit 

org_orgtxt

0001::E2P0001001:ORGTXT 

 

org_p_subarea

0001::E2P0001001:P_SUBAREA 

Personnel Subarea 

org_payarea

0001::E2P0001001:PAYAREA 

Payroll Area 

org_payr_admin

0001::E2P0001001:PAYR_ADMIN 

Payroll Administrator 

org_perno

0001::E2P0001001:PERNO 

Personnel Number 

org_pers_admin

0001::E2P0001001:PERS_ADMIN 

Administrator for HR Master Data 

org_pers_area

0001::E2P0001001:PERS_AREA 

Personnel Area 

org_position

0001::E2P0001001:POSITION 

Position 

org_postxt

0001::E2P0001001:POSTXT 

 

org_reason

0001::E2P0001001:REASON 

Reason for Changing Master Data 

org_ref_flag

0001::E2P0001001:REF_FLAG 

Reference Fields Exist (Primary/Secondary Costs) 

org_reserved1

0001::E2P0001001:RESERVED1 

Reserved Field/Unused Field of Length 2 

org_reserved2

0001::E2P0001001:RESERVED2 

Reserved Field/Unused Field of Length 2 

org_screenctrl

0001::E2P0001001:SCREENCTRL 

Infotype Screen Control 

org_seqno

0001::E2P0001001:SEQNO 

Number of Infotype Record With Same Key 

org_sort_name

0001::E2P0001001:SORT_NAME 

Employee’s Name (Sortable by LAST NAME FIRST NAME) 

org_subtype

0001::E2P0001001:SUBTYPE 

Subtype 

org_supervisor

0001::E2P0001001:SUPERVISOR 

Supervisor Area 

org_textflag

0001::E2P0001001:TEXTFLAG 

Text Exists for Infotype 

org_time_admin

0001::E2P0001001:TIME_ADMIN 

Administrator for Time Recording 

org_to_date

0001::E2P0001001:TO_DATE 

End Date 

Personal Data Resources

User Attribute

Resource Attribute Name

Description

academicgrade

0002::E2P0002001:ACADEMICGRADE 

Academic title 

aristrocratictitle

0002::E2P0002001:ARISTROCRATICTITLE 

Name supplement, for example noble title, such as Lord or Lady 

birthplace

0002::E2P0002001:BIRTHPLACE 

Employee’s place of birth 

countryofbirth

0002::E2P0002001:COUNTRYOFBIRTH 

Country where the employee was born 

dateofbirth

0002::E2P0002001:DATEOFBIRTH 

Employee’s date of birth 

employeeno

0002::E2P0002001:EMPLOYEENO 

Required. A personnel number 

firstname

0002::E2P0002001:FIRSTNAME 

Employee’s first name. Required. 

formofaddress

0002::E2P0002001:FORMOFADDRESS 

Form-of-address key 

fullname

0002::E2P0002001:FULLNAME 

Full employee name 

gender

0002::E2P0002001:GENDER 

Indicates the gender of the employee 

idnumber

0002::E2P0002001:IDNUMBER 

Personnel ID number, such as Social Security Number 

initials

0002::E2P0002001:INITIALS 

Employee’s initials 

knownas

0002::E2P0002001:KNOWNAS 

Name which the employee prefers to be called. 

language

0002::E2P0002001:LANGUAGE 

A language key 

language_iso

0002::E2P0002001:LANGUAGE_ISO 

ISO 639 language code 

lastname

0002::E2P0002001:LASTNAME 

Employee’s last name 

maritalstatus

0002::E2P0002001:MARITALSTATUS 

Marital status key 

maritalstatussince

0002::E2P0002001:MARITALSTATUSSINCE 

Validity start date for current marital status 

middlename

0002::E2P0002001:MIDDLENAME 

Employee’s middle name 

name_format_indicator

0002::E2P0002001:NAME_FORMAT_INDICATOR 

Name Format ID for employee in a list 

nameatbirth

0002::E2P0002001:NAMEATBIRTH 

Name at birth or second name 

nameofcountryofbirth

0002::E2P0002001:NAMEOFCOUNTRYOFBIRTH 

Country of birth 

nameofformofaddress

0002::E2P0002001:NAMEOFFORMOFADDRESS 

Name of form-of-address 

nameofgender

0002::E2P0002001:NAMEOFGENDER 

Name of gender 

nameoflanguage

0002::E2P0002001:NAMEOFLANGUAGE 

Name of language 

nameofmaritalstatus

0002::E2P0002001:NAMEOFMARITALSTATUS 

Name of marital status 

nameofnationality

0002::E2P0002001:NAMEOFNATIONALITY 

Name of nationality 

nameofreligion

0002::E2P0002001:NAMEOFRELIGION 

Name of religion 

nameofsecondnationality

0002::E2P0002001:NAMEOFSECONDNATIONALITY 

Name of second nationality 

nameofstateofbirth

0002::E2P0002001:NAMEOFSTATEOFBIRTH 

Name of state of birth 

nameofthirdnationality

0002::E2P0002001:NAMEOFTHIRDNATIONALITY 

Name of third nationality 

nationality

0002::E2P0002001:NATIONALITY 

The employee’s primary nationality 

numberofchildren

0002::E2P0002001:NUMBEROFCHILDREN 

The number of children the employee has. 

recordnr

0002::E2P0002001:RECORDNR 

Number of Infotype Record With Same Key 

religion

0002::E2P0002001:RELIGION 

A two-character code used to identify a religious denomination. 

secondacadgrade

0002::E2P0002001:SECONDACADGRADE 

Second academic title 

secondname

0002::E2P0002001:SECONDNAME 

Second name 

secondnameprefix

0002::E2P0002001:SECONDNAMEPREFIX 

Second name prefix 

secondnationality

0002::E2P0002001:SECONDNATIONALITY 

The employee’s second nationality 

stateofbirth

0002::E2P0002001:STATEOFBIRTH 

State or province the employee was born 

surnameprefix

0002::E2P0002001:SURNAMEPREFIX 

A prefix to a last name, such as von, van der, or de la 

thirdnationality

0002::E2P0002001:THIRDNATIONALITY 

Third nationality 

validbegin

0002::E2P0002001:VALIDBEGIN 

Date employee data becomes valid 

validend

0002::E2P0002001:VALIDEND 

Date employee data is no longer valid 

Addresses Resources

User Attribute

Resource Attribute Name

Description

addresstype_permanent_address

0006:1:E2P0006001:ADDRESSTYPE 

Address type of the permanent address 

addresstype_home_address

0006:3:E2P0006003:ADDRESSTYPE 

Address type of the home address 

city_permanent_address

0006:1:E2P0006001:CITY 

City of permanent address 

city_home_address

0006:3:E2P0006003:CITY 

City of home address 

coname_permanent_address

0006:1:E2P0006001:CONAME 

Care of (c/o) information for the employee’s permanent address. 

coname_home_address

0006:3:E2P0006003:CONAME 

Care of (c/o) information for the employee’s home address. 

country_permanent_address

0006:1:E2P0006001:COUNTRY 

Country code of permanent address 

country_home_address

0006:3:E2P0006003:COUNTRY 

Country code of home address 

district_permanent_address

0006:1:E2P0006001:DISTRICT 

District of permanent address 

district_home_address

0006:3:E2P0006003:DISTRICT 

District of home address 

nameofaddresstype_permanent_address

0006:1:E2P0006001:NAMEOFADDRESSTYPE 

Address type assigned to permanent address. 

nameofaddresstype_home_address

0006:3:E2P0006003:NAMEOFADDRESSTYPE 

Address type assigned to home address 

nameofcountry_permanent_address

0006:1:E2P0006001:NAMEOFCOUNTRY 

Country of permanent address 

nameofcountry_home_address

0006:3:E2P0006003:NAMEOFCOUNTRY 

Country of home address 

nameofstate_permanent_address

0006:1:E2P0006001:NAMEOFSTATE 

Name of the state or province of permanent address 

nameofstate_home_address

0006:3:E2P0006003:NAMEOFSTATE 

Name of the state or province of home address 

postalcodecity_permanent_address

0006:1:E2P0006001:POSTALCODECITY 

Postal code city of permanent address 

postalcodecity_home_address

0006:3:E2P0006003:POSTALCODECITY 

Postal code city of home address 

recordnr_permanent_address

0006:1:E2P0006001:RECORDNR 

 

recordnr_home_address

0006:3:E2P0006003:RECORDNR 

 

scndaddressline_permanent_address

0006:1:E2P0006001:SCNDADDRESSLINE 

Second address line of the permanent address. 

scndaddressline_home_address

0006:3:E2P0006003:SCNDADDRESSLINE 

Second address line of the home address. 

state_permanent_address

0006:1:E2P0006001:STATE 

State or province of permanent address 

state_home_address

0006:3:E2P0006003:STATE 

State or province of home address 

streetandhouseno_permanent_address

0006:1:E2P0006001:STREETANDHOUSENO 

Street name and number of permanent address 

streetandhouseno_home_address

0006:3:E2P0006003:STREETANDHOUSENO 

Street name and number of home address 

telephonenumber_permanent_address

0006:1:E2P0006001:TELEPHONENUMBER 

Primary phone number for permanent address 

telephonenumber_home_address

0006:3:E2P0006003:TELEPHONENUMBER 

Primary phone number for home address 

validbegin_permanent_address

0006:1:E2P0006001:VALIDBEGIN 

Date a permanent address becomes valid 

validbegin_home_address

0006:3:E2P0006003:VALIDBEGIN 

Date a home address becomes valid 

validend_permanent_address

0006:1:E2P0006001:VALIDEND 

Date a permanent address is no longer valid 

validend_home_address

0006:3:E2P0006003:VALIDEND 

Date a home address is not longer valid 

Communication Resources

User Attribute

Resource Attribute Name

Description

commtype_communication_EMail

0105:0010:E2P0105001:COMMTYPE 

Key for communication type (Internet) 

commtype_communication_EMail2

0105:MAIL:E2P0105001:COMMTYPE 

Key for communication type (E-mail) 

delimit_date_communication_EMail

0105:0010:E2P0105001:DELIMIT_DATE 

Key date for delimiting an internet address 

delimit_date_communication_EMail2

0105:MAIL:E2P0105001:DELIMIT_DATE 

Key date for delimiting an Email address 

email_communication_EMail

0105:0010:E2P0105001:ID 

Internet address 

email

0105:MAIL:E2P0105001:ID 

Email address 

nameofcommtype_communication_EMail

0105:0010:E2P0105001:NAMEOFCOMMTYPE 

Name of communication type (internet) 

nameofcommtype_communication_EMail2

0105:MAIL:E2P0105001:NAMEOFCOMMTYPE 

Name of communication type (e-mail) 

recordnr_communication_EMail

0105:0010:E2P0105001:RECORDNR 

 

recordnr_communication_EMail2

0105:MAIL:E2P0105001:RECORDNR 

 

validbegin_communication_EMail

0105:0010:E2P0105001:VALIDBEGIN 

Date internet address becomes effective 

validbegin_communication_EMail2

0105:MAIL:E2P0105001:VALIDBEGIN 

Date e-mail address becomes effective 

validend_communication_EMail

0105:0010:E2P0105001:VALIDEND 

Date internet address expires 

validend_communication_EMail2

0105:MAIL:E2P0105001:VALIDEND 

Date e-mail address expires 

Resource Object Management

Not applicable

Identity Template

$accountId$

Sample Forms

SAPForm.xml
SAPUserForm_with_RoleEffectiveDates_Timezone.xml
SAPHRActiveSyncForm.xml

Troubleshooting

Use the Identity Manager debug pages to set trace options on the following class:

To determine which version of the SAP Java Connector (JCO) is installed, and to determine whether it is installed correctly, run the following command:

java -jar sapjco.jar

The command returns the JCO version as well as the JNI platform-dependent and the RFC libraries that communicate with the SAP system.

If the platform-dependent libraries are not found, refer to the SAP documentation to find out how to correctly install the SAP Java Connector.