Skip Headers
Oracle® Identity Manager Connector Guide for SAP Employee Reconciliation
Release 9.0.3
Part Number B32369-02
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Feedback page
Contact Us
Go to previous page
Previous		 Go to next page
Next
View PDF

B Linking of User Accounts in SAP Employee Reconciliation and SAP User Management

SAP provides a feature that enables you to link employee records in SAP Employee Reconciliation with user records in SAP User Management. This appendix discusses the use cases arising out of the interaction of Oracle Identity Manager with the SAP system in the context of this link between SAP Employee Reconciliation and SAP User Management.

Note:

The information provided in this appendix is based on the scenario in which SAP Employee Reconciliation is configured as the trusted source for reconciliation and SAP User Management is configured as a target resource.

For the sake of simplicity, the following acronyms have been used in this appendix:

The link between SAP HR and SAP UM is implemented by the Infotype 105 field, which is one of the fields of the SAP HR record. This infotype stores the user ID assigned to the user in SAP UM. The following example illustrates how this infotype implements the link between SAP HR and SAP UM records:

Suppose you create an account for user John Doe in SAP HR and assign the employee ID jdoe. You also create an account for this user in SAP UM and assign the user ID jdoe2. When you create a link between SAP HR and SAP UM for John Doe, the Infotype 105 field of the SAP HR record stores the SAP UM user ID, jdoe2, of the user. The value of the Infotype 105 field enables the SAP system to link employee account jdoe with user account jdoe2.

Oracle Identity Manager uses the USR_UDF_LINKED_USER_ID field to track the relationship between an employee account on SAP HR and a user account on SAP UM. In other words, the function of the USR_UDF_LINKED_USER_ID field in Oracle Identity Manager is the same as the function of the Infotype 105 field in SAP.

The events that occur during a provisioning or reconciliation operation depend on whether or not the Infotype 105 field is used to link records in SAP HR and SAP UM and on the order in which reconciliation and provisioning are carried out. The following sections discuss use cases arising from these conditions:

Use Case 1: SAP HR and SAP UM Records Are Linked

This use case discusses the events that occur when SAP HR and SAP UM records are linked. The following example describes these events.

The following are the initial conditions:

  1. You have created an employee account for user John Doe in SAP HR. The employee ID is jdoe.

  2. You have also created a user account for user John Doe in SAP UM. The user ID is jdoe2.

  3. You have linked the employee record to the user record in the SAP system. This means that the Infotype 105 field of the SAP HR record stores the user ID, jdoe2.

  4. There is no account for user John Doe in Oracle Identity Manager.

The following events are the outcome of these initial conditions:

  1. During trusted source reconciliation with SAP HR, the SAP HR record for user John Doe is created in Oracle Identity Manager. The USR_UDF_LINKED_USER_ID field of Oracle Identity Manager is used to store the contents of the Infotype 105 field. In this case, the value stored is jdoe2, which is the user ID of the SAP UM record for user John Doe.

  2. The next event that occurs depends on whether you perform provisioning or reconciliation with SAP UM, after trusted source reconciliation with SAP HR:

    • You use Oracle Identity Manager to perform a provisioning operation for John Doe on SAP UM.

      Oracle Identity Manager uses the value (jdoe2) of the USR_UDF_LINKED_USER_ID field to establish a match with the corresponding SAP UM record. The resource object for user ID jdoe2 is created in Oracle Identity Manager and updated in SAP UM.

    • You use Oracle Identity Manager to perform a reconciliation operation for John Doe on SAP UM.

      The SAP UM user ID is jdoe2. The same value is stored in the USR_UDF_LINKED_USER_ID field. By comparing the SAP UM user ID with the USR_UDF_LINKED_USER_ID field value, the reconciliation engine establishes a match between the user record in Oracle Identity Manager and the SAP UM record.

      Note:

      If there is a link between SAP HR and SAP UM records, then the reconciliation rule that compares the USR_UDF_LINKED_USER_ID field value with the SAP UM user ID takes precedence over the reconciliation rule that compares the Oracle Identity Manager user ID with the SAP UM user ID.

Use Case 2: No Link Exists Between SAP HR and SAP UM Records

This use case discusses the events that occur when there is no link between SAP HR and SAP UM records. The following example describes these events.

The following are the initial conditions:

  1. You have created an employee account for user John Doe in SAP HR. The employee ID is jdoe.

  2. You have also created a user account for user John Doe in SAP UM. The user ID is jdoe2.

  3. You have not linked the employee record to the user record in the SAP system. This means that the Infotype 105 field of the SAP HR record in empty.

  4. There is no account for user John Doe in Oracle Identity Manager.

The following events are the outcome of these initial conditions:

  1. During trusted source reconciliation with SAP HR, the SAP HR record for user John Doe is created in Oracle Identity Manager. The USR_UDF_LINKED_USER_ID field of Oracle Identity Manager is used to store the contents of the Infotype 105 field. In this case, nothing is stored in the USR_UDF_LINKED_USER_ID field because the Infotype 105 field is empty.

  2. The next event that occurs depends on whether you perform provisioning or reconciliation with SAP UM, after trusted source reconciliation with SAP HR:

    • You use Oracle Identity Manager to perform a provisioning operation for John Doe on SAP UM.

      Oracle Identity Manager cannot determine that the jdoe2 account in SAP UM and the jdoe account in Oracle Identity Manager represent the same user. Therefore, a new account is created in SAP UM with the user ID jdoe.

      If you had assigned the same user ID (for example, jdoe) to the employee account in SAP HR and the user account in SAP UM, then the provisioning operation would fail because the User Already Exists error is encountered.

    • You use Oracle Identity Manager to perform a reconciliation operation for John Doe on SAP UM.

      There is no link between the SAP HR and SAP UM accounts, and the SAP UM record has not been created on Oracle Identity Manager. Therefore, target resource reconciliation with SAP UM cannot take place.

Note:

As mentioned in the preceding section, the reconciliation rule that compares the USR_UDF_LINKED_USER_ID field value with the SAP UM user ID takes precedence over the reconciliation rule that compares the Oracle Identity Manager user ID with the SAP UM user ID.

In a scenario in which there is no link between SAP HR and SAP UM, you can create a custom reconciliation rule that would override all other reconciliation rules. For example, you can create a reconciliation rule that maps e-mail addresses in OIM User accounts to SAP UM user IDs.

Refer to Oracle Identity Manager Design Console Guide for information about creating reconciliation rule

Go to previous page
Previous		 Go to next page
Next
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Feedback page
Contact Us