Go to main content
1/14
Contents
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
What's New In Oracle Identity Manager Connector for SAP User Management?
Software Updates
Software Updates in Release 11.1.1.7.0
Software Updates in Release 11.1.1.6.0
Software Updates in Release 11.1.1.5.0
Support for SAP BusinessObjects Access Control Version 10
ICF Based Connector
Support for Connector Server
Support for Connection Pooling
Support for Transformation and Validation
Support for Resource Exclusion Lists
Documentation-Specific Updates
Documentation-Specific Updates in Release 11.1.1.7.0
Documentation-Specific Updates in Release 11.1.1.6.0
Documentation-Specific Updates in Release 11.1.1.5.0
1
About the Connector
1.1
Certified Components
1.2
Usage Recommendation
1.3
Certified Languages
1.4
Connector Architecture and Supported Deployment Configurations
1.4.1
Basic User Management
1.4.2
User Management with SoD
1.4.3
Audit Trail Details in Connector Logs
1.4.4
User Management with Access Request Management
1.4.5
User Management with Both SoD and Access Request Management
1.4.6
Guidelines on Using a Deployment Configuration
1.4.6.1
User Management with SoD and Access Request Management
1.4.6.2
User Management with Access Request Management
1.4.7
Considerations to Be Addressed When You Enable Access Request Management
1.4.8
Guidelines on Configuring Security
1.5
Features of the SAP UM Connector
1.5.1
Support for SAP Governance, Risk, and Compliance Version 10 or Later
1.5.2
Support for Connector Server
1.5.3
Mapping Standard and Custom Attributes for Reconciliation and Provisioning
1.5.4
SoD Validation of Entitlement Requests
1.5.5
Routing of Provisioning Requests Through SAP BusinessObjects AC Access Request Management
1.5.6
Full and Incremental Reconciliation
1.5.7
Limited (Filtered) Reconciliation
1.5.8
Batched Reconciliation
1.5.9
Enabling and Disabling Accounts
1.5.10
Linking of SAP HRMS and SAP R/3 or SAP CUA Accounts
1.5.11
SNC Communication Between the Target System and Oracle Identity Manager
1.5.12
Configuring Password Changes for Newly Created Accounts
1.5.13
Specifying a SAP JCo Trace Level
1.5.14
Connection Pooling
1.5.15
Specifying the Use of a Logon Group on the Target System for Connector Operations
1.5.16
Transformation and Validation of Account Data
1.5.17
Support for Resource Exclusion Lists
1.5.18
Support for Both Unicode and Non-Unicode Modes
1.6
Lookup Definitions Used During Connector Operations
1.6.1
Lookup Definitions Synchronized with the Target System
1.6.2
Preconfigured Lookup Definitions
1.6.2.1
Lookup.SAPABAP.Configuration
1.6.2.2
Lookup.SAPABAP.UM.Configuration
1.6.2.3
Lookup.SAPABAP.UM.ProvAttrMap
1.6.2.4
Lookup.SAPABAP.UM.ReconAttrMap
1.6.2.5
Lookup.SAPABAP.UM.ReconTransformation
1.6.2.6
Lookup Definitions for Validation of Data
1.6.2.7
Lookup Definitions for Exclusion Lists
1.6.2.8
Lookup.SAPABAP.UM.RoleChildformMappings
1.6.2.9
Lookup.SAPABAP.UM.ProfileChildformMappings
1.6.2.10
Preconfigured Lookup Definitions for Access Request Control
1.6.2.10.1
Lookup.SAPACABAP.Status.Configuration
1.6.2.10.2
Lookup.SAPACABAP.Status.ReconAttrMap
1.6.3
Preconfigured Lookup Definitions for SAP BusinessObjects AC 10
1.6.3.1
Lookup.SAPAC10ABAP.Configuration
1.6.3.2
Lookup.SAPAC10ABAP.Configuration
1.6.3.3
Lookup.SAPAC10ABAP.UM.ProvAttrMap
1.6.3.4
Lookup.SAPAC10ABAP.UM.ReconAttrMap
1.6.3.5
Lookup.SAPAC10ABAP.UM.ProvValidation
1.6.3.6
Lookup.SAPAC10ABAP.ItemProvAction
1.6.3.7
Lookup.SAPAC10ABAP.RequestType
1.6.3.8
Lookup.SAPAC10ABAP.UM.ReconTransformation
1.6.3.9
Lookup.SAPAC10ABAP.UM.ReconValidation
1.6.4
Lookup Definitions Synchronized with the Target System for SAP AC
1.7
Connector Objects Used During Target Resource Reconciliation
1.7.1
User Attributes for Reconciliation
1.7.2
Reconciliation Rules
1.7.2.1
Reconciliation Rule
1.7.2.2
Viewing Reconciliation Rules in the Design Console
1.7.3
Reconciliation Action Rules
1.7.3.1
Reconciliation Action Rules for Reconciliation
1.7.3.2
Viewing Reconciliation Action Rules in the Design Console
1.8
Connector Objects Used During Provisioning
1.8.1
User Provisioning Functions
1.8.2
User Attributes for Provisioning
1.9
Roadmap for Deploying and Using the Connector
2
Deploying the Connector
2.1
Preinstallation
2.1.1
Downloading and Installing the SAP JCo
2.1.2
Creating a Target System User Account for Connector Operations
2.1.2.1
Creating a Target System User Account for the SAP UM (SAP ERP or SAP CUA) Target
2.1.2.2
Creating a Target System User Account for the SAP HR Target
2.1.3
Assigning Roles to a User Account in a SAP Business Objects Access Control System for Connector Operations
2.2
Installation
2.2.1
Installing the Connector in Oracle Identity Manager
2.2.2
Deploying the Connector Bundle in a Connector Server
2.2.2.1
Installing and Configuring the Connector Server
2.2.2.2
Installing the Connector in the Connector Server
2.2.2.3
Running the Connector Server
2.3
Postinstallation
2.3.1
Configuring Ports on the Target System
2.3.2
Configuring the Target System to Enable Propagation of User Password Changes
2.3.2.1
Gathering Required Information
2.3.2.2
Creating an Entry in the BAPIF4T Table
2.3.2.3
Importing the Request
2.3.3
Configuring Oracle Identity Manager 11.1.2 or Later
2.3.3.1
Creating and Activating a Sandbox
2.3.3.2
Creating a New UI Form
2.3.3.3
Creating an Application Instance
2.3.3.4
Publishing a Sandbox
2.3.3.5
Harvesting Entitlements and Sync Catalog
2.3.3.6
Updating an Existing Application Instance with a New Form
2.3.4
Enabling the Reset Password Option in Oracle Identity Manager 11.1.2.1.0 or Later
2.3.5
Setting Up the Configuration Lookup Definition in Oracle Identity Manager
2.3.5.1
Linking of SAP HRMS and SAP R/3 or SAP CUA Accounts
2.3.5.1.1
About the Linking Process
2.3.5.1.2
Enabling Linking of SAP HRMS and SAP R/3 or SAP CUA Accounts
2.3.5.2
Configuring Password Changes for Newly Created Accounts
2.3.5.3
Setting up the Lookup Definition for Connection Pooling
2.3.6
Enabling Request-Based Provisioning
2.3.6.1
Approver's Role in Request-Based Provisioning
2.3.6.2
Importing Request Datasets Using Deployment Manager
2.3.6.3
End User's Role in Request-Based Provisioning
2.3.6.4
Enabling the Auto Save Form Feature
2.3.6.5
Running the PurgeCache Utility
2.3.7
Changing to the Required Input Locale
2.3.8
Clearing Content Related to Connector Resource Bundles from the Server Cache
2.3.9
Managing Logging
2.3.9.1
Understanding Log Levels
2.3.9.2
Enabling Logging
2.3.10
Configuring the Access Request Management Feature of the Connector
2.3.10.1
Specifying Values for the GRC-ITRes IT Resource
2.3.10.2
Configuring Request Types and Workflows on SAP BusinessObjects AC Access Request Management
2.3.11
Configuring SoD (Segregation of Duties)
2.3.11.1
Configuring SAP BusinessObjects AC to Act As the SoD Engine
2.3.11.2
Specifying Values for the GRC-ITRes IT Resource
2.3.11.3
Verifying Entries Created in the Lookup.SAPABAP.System Lookup Definition
2.3.11.4
Specifying a Value for the TopologyName IT Resource Parameter
2.3.11.5
Disabling and Enabling SoD
2.3.11.5.1
Disabling SoD on Oracle Identity Manager
2.3.11.5.2
Enabling SoD on Oracle Identity Manager
2.3.12
Configuring SNC to Secure Communication Between Oracle Identity Manager and the Target System
2.3.12.1
Prerequisites for Configuring the Connector to Use SNC
2.3.12.2
Installing the Security Package
2.3.12.3
Configuring SNC
2.3.13
Configuring the IT Resource
2.3.13.1
Parameters for Enabling the Use of a Logon Group
2.3.13.1.1
Enabling SAP JCo Connectivity
2.3.13.2
Parameters for Enabling SNC-Based Communication
2.3.13.3
Parameters for Enabling Multiple Attempts to Update Multivalued Attributes
2.3.13.4
Specifying Values for the IT Resource Parameters
2.3.14
Configuring the IT Resource for the Connector Server
2.3.15
Downloading WSDL files from SAP BusinessObjects AC
2.3.16
Localizing Field Labels in UI Forms
2.3.17
Synchronizing the SAPUM Process Form Field Length Needs with the Target Field Length
2.4
Upgrading the Connector
2.4.1
Preupgrade Steps for the SAP UM Connector
2.4.2
Upgrade Steps for the SAP UM Connector
2.4.3
Performing the Postupgrade Steps
2.4.3.1
Postupgrade Steps for Releases 9.
x
to 11.1.1.5.0, 9.
x
to 11.1.1.6.0, and 11.1.1.5.0 to 11.1.1.6.0 of the Connector
2.4.3.2
Postupgrade Steps for Release 11.1.1.6.0 of the Connector
2.4.3.2.1
Postupgrade Steps While Upgrading the Basic User Management configuration from Release 11.1.1.6.0 to Release 11.1.1.7.0
2.4.3.2.2
Postupgrade Steps While Upgrading the SoD validation of SAP BusinessObjects AC Access Risk Analysis from Release 11.1.1.6.0 to Release 11.1.1.7.0
2.4.3.2.3
Postupgrade Steps While Upgrading the SAP BusinessObjects AC Access Request Management from Release 11.1.1.6.0 to Release 11.1.1.7.0
2.5
Postcloning Steps
3
Using the Connector
3.1
Scheduled Jobs for Lookup Field Synchronization
3.2
Scheduled Jobs for SAP BusinessObjects AC Lookup Field Synchronization
3.3
Guidelines on Performing Reconciliation
3.4
Configuring Reconciliation
3.4.1
Full Reconciliation and Incremental Reconciliation
3.4.2
Batched Reconciliation
3.4.3
Limited Reconciliation
3.4.4
Reconciliation Scheduled Jobs for the SAP UM Connector
3.4.4.1
SAP UM User Recon
3.4.4.2
SAP UM User Delete Recon
3.4.4.3
SAP AC UM User Recon
3.4.4.4
SAP AC UM User Delete Recon
3.4.4.5
SAP AC UM Request Status
3.5
Configuring Scheduled Jobs
3.6
Guidelines on Performing Provisioning
3.6.1
Guidelines on Performing Provisioning in Supported Deployment Configuration
3.6.2
Guidelines on Performing Provisioning After Configuring Access Request Management
3.7
Performing Provisioning Operations in Oracle Identity Manager Release 11.1.2
3.8
Performing Provisioning Operations in an SoD-Enabled Environment
3.8.1
Overview of the Provisioning Process in an SoD-Enabled Environment
3.8.2
Guidelines on Performing Provisioning Operations in an SoD-Enabled Environment
3.8.3
Direct Provisioning in an SoD-Enabled Environment
3.8.3.1
Enabling the Use of the Process Form During Direct Provisioning in an SoD-Enable Environment
3.8.3.2
Performing Direct Provisioning
3.8.4
Request-Based Provisioning in an SoD-Enabled Environment
3.8.4.1
Creation of Request-Based Provisioning by End-Users
3.8.4.2
Approving Request-Based Provisioning
3.9
Switching Between SAP ERP and SAP CUA Target Systems
3.9.1
Switching Between the SAP R/3 and SAP CUA Target Systems for Reconciliation
3.9.2
Switching Between the SAP R/3 and SAP CUA Target Systems for Provisioning
3.10
Switching From an SAP R/3 or SAP CUA Target Systems to an SAP BusinessObjects AC Target System and Vice Versa
3.11
Switching Between Request-Based Provisioning and Direct Provisioning
3.11.1
Switching from Request-Based Provisioning to Direct Provisioning
3.11.2
Switching from Direct Provisioning to Request-Based Provisioning
4
Extending the Functionality of the Connector
4.1
Determining the Names of Target System Attributes
4.2
Adding New Attributes for Reconciliation
4.2.1
Creating a New Version of the Process Form
4.2.2
Adding the New Attribute to the Resource Object
4.2.3
Creating a Reconciliation Field Mapping for the New Attribute in the Process Definition
4.2.4
Creating an Entry for the Field in the Lookup Definition for Reconciliation
4.2.5
Creating an Entry for the Attribute in the Lookup Definition
4.2.6
Creating a New UI Form to Make the New Attribute Visible
4.3
Adding New Standard Attributes for Provisioning
4.3.1
Creating a New Version of the Process Form
4.3.2
Creating an Entry for the Attribute in the Lookup Definition for Provisioning
4.3.3
Creating a Task to Update the Attribute During Provisioning Operations
4.3.4
Updating the Request Dataset
4.3.5
Running the PurgeCache Utility
4.3.6
Importing the Request Dataset Definitions
4.3.7
Creating a New UI Form to make the New Attribute Visible
4.4
Adding New Standard SAP BusinessObjects AC Access Request Management Attributes for Provisioning
4.4.1
Creating a New Version of the Process Form
4.4.2
Creating an Entry for the Attribute in the Lookup Definition
4.4.3
Creating a Task to Update the Attribute During Provisioning Operations
4.4.4
Updating the Request Dataset
4.4.5
Running the PurgeCache Utility
4.4.6
Importing the Request Datasets into MDS
4.4.7
Creating a New UI Form to make the New Attribute Visible
4.5
Removing SAP BusinessObjects AC Access Request Management Attributes from Process Form
4.5.1
SAP BusinessObjects AC Access Request Management Attributes
4.6
Configuring Validation of Data During Reconciliation and Provisioning
4.7
Configuring Transformation of Data During User Reconciliation
4.8
Configuring Resource Exclusion Lists
4.9
Modifying Field Lengths on the Process Form
4.10
About Configuring the Connector for Multiple Installations of the Target System
5
Known Issues and FAQs
5.1
Known Issues
5.2
Frequently Asked Questions (FAQs)
6
Troubleshooting the Connector
A
Files and Directories in the SAP UM Connector Package
B
Standard BAPIs Used During Connector Operations
B.1
Standard BAPIs Used on SAP CUA
B.2
Custom BAPIs Used on SAP CUA
Scripting on this page enhances content navigation, but does not change the content in any way.