Resource Configuration Notes

This section provides configuration notes that are unique to the SAP resource adapter and to the SAP HR Active Sync adapter.

• Creating a Logical System

• Assigning a Client to the Logical System

• Creating a Distribution Model

• Registering the RFC Server Module with the SAP Gateway

• Creating a Port Definition

• Generating Partner Profiles

• Modifying the Port Definition

• Generating an IDoc

• Activating Change Pointers

• Scheduling a Job for Change Pointer Processing

• Scheduling a Job

• Testing the Change Pointer Configuration

• Creating a CPIC User

The SAP Application Link Enabling (ALE) technology enables communication between SAP and external systems, such as Identity Manager. The SAP HR Active Sync adapter uses an outbound ALE interface. In an outbound ALE interface, the base logical system becomes the sender for outbound messages and the receiver of inbound messages. A SAP user will likely be logged into the base logical system/client when making changes to the database (for example, hiring an employee, updating position data, terminating an employee, etc.) A logical system/client must also be defined for the receiving client. This logical system will act as the receiver of outbound messages. As for the message type between the two systems, the Active Sync adapter uses a HRMD_A message type. A message type characterizes data being sent across the systems and relates to the structure of the data, also known as an IDoc type (for example, HRMD_A05).

---

Note –

You must configure the SAP system parameters to enable Application Link Enabling (ALE) processing of HRMD_A IDocs. This allows for data distribution between two application systems, also referred to as messaging.

---

Creating a Logical System

Depending on your current SAP environment, you might not need to create a logical system. You might only need to modify an existing Distribution Model by adding the HRMD_ A message type to a previously configured Model View. It is important, however, that you follow SAP’s recommendations for logical systems and configuring your ALE network. The following instructions assume that you are creating new logical systems and a new model view.

Creating a Logical System and New Model View

1. Enter transaction code SPRO, then display the SAP Reference IMGproject (or the project applicable to your organization).

2. Based on the SAP version you are using, perform one of the following:

   • For SAP HR 4.6, click Basic Components > Application Link Enabling (ALE) > Sending and Receiving Systems > Logical Systems > Define Logical System.

     • For SAP HR 4.7, click SAP Web Application Server, > Application Link Enabling (ALE) > Sending and Receiving Systems > Logical Systems > Define Logical System.

     • For SAP HR 5.0, click SAP Netweaver > SAP Web Application Server > IDOC Interface/Application Link Enabling (ALE) > Basic Settings > Logical Systems > Define Logical System.

     • For SAP HR 6.0, click SAP Netweaver > Web Application Server > IDOC Interface/Application Link Enabling (ALE) > Basic Settings > Logical Systems > Define Logical System.

3. Click Edit > New Entries.

4. Enter a name and a description for the logical system you want to create (IDMGR).

5. Save your entry.

Assigning a Client to the Logical System

How to Assign a Client to the Logical System

1. Enter transaction code SPRO, then display the SAP Reference IMGproject (or the project applicable to your organization).

2. Based on the SAP version you are using, perform one of the following:

   • For SAP 4.6, click Basis Components > Application Link Enabling (ALE) > Sending and Receiving Systems > Logical Systems > Assign Client to Logical System.

     • For SAP 4.7, click SAP Web Application Server > Application Link Enabling (ALE) > Sending and Receiving Systems > Logical Systems > Assign Client to Logical System.

     • For SAP 5.0, click SAP Netweaver > SAP Web Application Server > IDOC Interface/Application Link Enabling (ALE) > Basic Settings > Logical Systems > Assign Client to Logical System.

     • For SAP HR 6.0, click SAP Netweaver > Web Application Server > IDOC Interface/Application Link Enabling (ALE) > Basic Settings > Logical Systems > Define Logical System.

3. Select the client.

4. Click GOTO > Details to display the Client Details dialog box.

5. In the Logical System field, enter the logical system you want to assign to this client.

6. In the Changes and Transports for Clients section, click Automatic Recording of Changes.

7. Save your entry.

Creating a Distribution Model

To Create a Distribution Model

1. Verify that you are logged on to the sending system/client.

2. Enter transaction code BD64. Ensure that you are in Change mode.

3. Click Edit > Model View > Create.

4. Enter the short and technical names for your view, as well as the start and end date, then click Continue.

5. Select the view you created, then click Add Message Type.

6. Define the sender/logical system name.

7. Define the receiver/server name.

8. In the Protection Client Copier and Comparison Tool section, click Protection Level: No Restriction.

9. Define the Message Type you want to use (HRMD_A), then click Continue.

10. Click Save.

Registering the RFC Server Module with the SAP Gateway

During initialization, the Active Sync adapter registers with the SAP Gateway. It uses “IDMRFC” for its ID. This value must match the value set in the SAP application. You must configure the SAP application so that the RFC Server Module can create a handle to it.

Registering the RFC Server Module as an RFC Destination

1. In the SAP application, go to transaction SM59.

2. Expand the TCP/IP connections directory.

3. Click Create (F8).

4. In the RFC destination field, enter the name of the RFC destination system. (IDMRFC).

5. Set the connection type to T (Start an external program through TCP/IP).

6. Enter a description for the new RFC destination, and then click Save.

7. Click the Registration Server Program radio button in the Activation Type pane.

8. Set the Program ID in the Start on Application Server pane. You should use the same value as the RFC destination (IDMRFC), and then click Enter.

9. If the SAP system is a Unicode system, the port must be configured for Unicode. Click the Special Options tab (MDMP & Unicode tab on some systems), and look for the Character Width In Target System section. There is a setting for unicode and non-unicode.

10. Using the buttons at the top - Test Connection and Unicode Test - test the connection to the Identity Manager resource. You must have the adapter started for the test to pass.

Creating a Port Definition

The port is the communication channel to which IDocs are sent. The port describes the technical link between the sending and receiving systems. You should configure an RFC port for this solution.

Creating a Port Definition

1. Enter transaction code WE21.

2. Select Transactional RFC, then click the Create icon. Enter IDMRFC for the RFC Destination.

3. Save your changes.

Generating Partner Profiles

The system automatically generates a partner profile or you can manually maintain the profile.

---

Note –

If you are using an existing distribution model and partner profile, you do not need to automatically generate a partner profile. Instead, you can modify it to include the HRMD_A message type.

---

Automatically Generating a Partner Profile

1. Enter transaction code BD82.

2. Select the Model View. This should be the Model View previously created.

3. Ensure the Transfer IDoc immediately and Trigger Immediately radio buttons are selected.

4. Click Execute.

Modifying the Port Definition

When you generated a partner profile, the port definition might have been entered incorrectly. For your system to work properly, you need to modify the port definition.

To Modify the Port Definition

1. Enter transaction code WE20.

2. Select Partner Type LS.

3. Select your receiving partner profile.

4. Select Outbound Parameters, then click Display. (On some systems, click the “+” icon beneath the Outbound Parameters box.)

5. Select message type HRMD_A.

6. Click Outbound Options, then modify the receiver port so it is the RFC port name you created (IDMGR).

7. From the Output Mode, select Transfer IDoc Immediately to send IDocs immediately after they are created.

8. From the IDoc Type section, select a basictype:

   • For SAP HR 4.6, select HRMD_A05

     • For SAP HR 4.7 or 5.0, select HRMD_A06

9. Click Continue/Save.

Generating an IDoc

To Generate an IDoc

1. Enter transaction code PFAL.

2. Insert the Object Type P for person objects.

3. Enter an Employee’s ID for the Object ID or select a range of employees.

4. Click Execute.

5. Ensure that the status is set to “passed to port okay.”

6. The IDoc has been created. Check the Active Sync adapter log file to verify that an update was received.

Object Types in the iDoc

The “objecttypes to read from SAP HR” resource attribute allows processing of different iDoc types from SAP HR. Identity Manager determines the object type by checking the OTYPE of the iDoc. This multivalued attribute supports any combination of the following values: P, CP, S, C and O.

Not all available object types are resource objects. The following mapping applies to the object types:

• P, CP – the person's iDocs

• S – the organizational roles iDoc (related the user)

• O – organization iDoc

• C – job iDoc

Identity Manager process the user-related iDoc's types P and CP if no object types are configures, and these object types will provide the basic user information.

The user-related iDocs not only process iDoc data, but trigger BAPI calls unless the resource is configured not to do so. You must configure the “Process rule” on the resource if the objects O and/or C are processed. Via the process rule, you must allow for two distinct object types to be processed. User-related objects (iDoc types P, CP, and S) will have the accountId mapped to the SAP HR PERNR as before. The O and C type do not have a relation to a person and consequently will not have an accountId mapped. The other attribute that allows for object type identification is the OTYPE from the iDoc when mapped.

Any attribute from the iDoc must be mapped in the resource configuration to be returned to the Identity Manager server. All object types support future processing.

Activating Change Pointers

To activate change pointers globally:

Activating Change Pointers Globally

1. Enter transaction code BD61.

2. Enable the Change Pointers Active tab.

   To activate change pointers for a message type:

3. Enter transaction code BD50.

4. Scroll to the HRMD_A message type.

5. Check the HRMD_A check box, then click Save.

Scheduling a Job for Change Pointer Processing

To Schedule a Job for Change Pointer Processing

1. Enter transaction code SE38 to begin defining the variant.

2. Select the RBDMIDOC program, then click the Create icon.

3. Name the variant and give it a description (Make note of the variant name so you can use it when scheduling the job).

4. Select the HRMD_A message type, then click Save. You will be prompted to select variant attributes. Select the background processing attribute.

5. Click Save.

Scheduling a Job

To Schedule a Job

1. Enter transaction code SM36.

2. Name the job.

3. Assign Job Class. Job Class is the priority in which jobs are processed. Class A is the highest priority and will be processed first. For a production environment, assign the class to B or C.

4. Schedule a start time. Click the Start Condition tab, then click Date and Time. Enter a scheduled start time, which must be a future event.

   1. Mark the job as a periodic job. Click the Periodic Values tab, schedule how frequently you want the job to run, then press Enter. For testing purposes, setting this period to 5 minutes.

   2. Click Save.

5. Define the job steps.

   1. Enter the ABAP program name: RBDMIDOC.

   2. Select the variant you created in the previous step.

6. Click Save (Note: Click Save once; otherwise, the job will be scheduled to run multiple times).

Testing the Change Pointer Configuration

To Test the Change Pointer Configuration

1. From the SAP client, hire an employee.

2. Ensure that an IDoc was created. You can verify IDoc creation in two locations:

   • Enter transaction code WE02, enter search date parameters and generate a list of generated IDOCs

     • Check the SAP HR Active Sync adapter log

Creating a CPIC User

SAP Basis users are client-dependent. For each SAP HR Active Sync adapter that will be using the driver, a system user with CPIC access must be created.

To Create a CPIC User

1. From User Maintenance in SAP, enter a username in the user dialog box, then click the Create icon.

2. Click the Address tab, then enter data in the last name and format fields.

3. Click the Logon Data tab, then define the initial password and set the user type to CPIC.

4. Click the Profiles tab, then add the SAP_ALL, SAP_NEW and S_A.CPIC profiles.

5. Click Save.

   ---

   Note –

   Initially, you can create a dialog user to test your SAP system configuration. If there are processing problems, you can analyze the dialog user in the debugger. You should also log into the SAP system once to set this user’s password. After the system is tested and works properly, you should switch to a CPIC user for security measures.

   ---