• State Verified Answer
  • Replies 4 replies
  • Subscribers 93 subscribers
  • Views 959 views
  • Users 0 members are here
Options
Related

SAP Connector Custom Project Templates

Enrico Baffa
over 1 year ago

Hi Community, 

I'm using One Identity manager 9.1 for a Customer and we have to connect multiple SAP Environments with different clients per Environment and CUA is not implemented, so every client is managed differently in the same SAP Environment. The scope of the connectors is both managing users (using SAP R/3 Synchronization (Base Administration) template) and synchronizing Authorization Objects (using SAP R/3 authorization objects template).

In order to use the SAP R/3 authorization objects template I need to install the SAP R/3 GRC Add on.

I have experience on One Identity Manager SAP R/3 connector and its templates but now I need to create a unique template containing different standard templates for the reasons I’m going to explain.

As far as I know, we must create a connector for each single client we have to Synchronize, cause admin user for SAP can be created for a specific client and has no visibility on objects of other clients. Please correct me if I’m wrong.

Considering this, we must create more than 30 connectors to sync and manage all customer’s clients and if we have to create distinct connectors for the two distinct templates the number of connectors to manage would be double.

So, I want to create a custom Template including mappings, workflows, etc. from both Base Administration and Authorization Objects templates. In short, I want to create a custom template merging these two to avoid creating manually the mappings and Workflows.

Do you know it it’s possible to create such template in One Identity manager and if you can give me any hints on how to create it?

Thank You,

Enrico.  

Parents Reply Children
  • 0 over 1 year ago in reply to Markus Weiss-Ehlers

    Thank you for your answer, Markus. 

    This solution looks great for my case but i have a few questions about this technique. I've never used a single connector for multiple targets. 

    To be clear, i can create only two connectors, one for user administration and one for Authorization Objects, and use them to mananage all the SAP Environments?

    A single sync project would share the same Mappings and Workflows? how would synch customizations for a single target be managed and how would Start up configurations and Schedules Work?. 

    For order reasons, I may consider the option to create different Connectors for the different environments but using different Variables sets for each different client of this SAP Environment. With this approach, I can create as many connectors as the environments and not as many as the clients to reduce the number of connectors (from more than 30 to only 12 or 13). The only problem that remains is that  i must create two different sets of connectors, a set for user administration and a set for authorization Objects to avoid the problems you described about merging the templates. 

    I'm going to check the link you shared too. 

     

  • +1 over 1 year ago in reply to Enrico Baffa

    A single sync project shares mappings and workflow. So for every SAP system that should handle the same, one sync project each (Base and authorization objects) is enough. The different SAP systems and credentials (connection settings) are configured in the variable sets and base objects. (more on base objects here https://support.oneidentity.com/technical-documents/identity-manager/9.1/target-system-synchronization-reference-guide/30#TOPIC-1868850). The base object creation wizard will create a startup configuration as well for the new system.


  • 0 over 1 year ago in reply to Markus Weiss-Ehlers

    Hi Markus, 

    thank you for your reply. I checked the documentation you linked and I'm going to test the configuration of a connector with different variables sets/base Objects.