• State Verified Answer
  • Replies 4 replies
  • Subscribers 93 subscribers
  • Views 956 views
  • Users 0 members are here
Options
Related

SAP Connector Custom Project Templates

Enrico Baffa
over 1 year ago

Hi Community, 

I'm using One Identity manager 9.1 for a Customer and we have to connect multiple SAP Environments with different clients per Environment and CUA is not implemented, so every client is managed differently in the same SAP Environment. The scope of the connectors is both managing users (using SAP R/3 Synchronization (Base Administration) template) and synchronizing Authorization Objects (using SAP R/3 authorization objects template).

In order to use the SAP R/3 authorization objects template I need to install the SAP R/3 GRC Add on.

I have experience on One Identity Manager SAP R/3 connector and its templates but now I need to create a unique template containing different standard templates for the reasons I’m going to explain.

As far as I know, we must create a connector for each single client we have to Synchronize, cause admin user for SAP can be created for a specific client and has no visibility on objects of other clients. Please correct me if I’m wrong.

Considering this, we must create more than 30 connectors to sync and manage all customer’s clients and if we have to create distinct connectors for the two distinct templates the number of connectors to manage would be double.

So, I want to create a custom Template including mappings, workflows, etc. from both Base Administration and Authorization Objects templates. In short, I want to create a custom template merging these two to avoid creating manually the mappings and Workflows.

Do you know it it’s possible to create such template in One Identity manager and if you can give me any hints on how to create it?

Thank You,

Enrico.  

Parents
  • +1 over 1 year ago

    I suggest creating different variable sets for the different SAP Systems. In that case, you just have two synchronization projects and each contains the 30 variable sets. I advise against your approach of merging the synchronization projects for several reasons. First, you would lose the ability to synchronize both types of data on a different schedule. Second, you are not able to benefit from the synchronization project patches for fixes and features.

    Another option to consider is the automatic creation of synchronization projects using the command-line interface. This is described here https://support.oneidentity.com/technical-documents/identity-manager/9.1/target-system-synchronization-reference-guide/45#TOPIC-1868919

  • 0 over 1 year ago in reply to Markus Weiss-Ehlers

    Thank you for your answer, Markus. 

    This solution looks great for my case but i have a few questions about this technique. I've never used a single connector for multiple targets. 

    To be clear, i can create only two connectors, one for user administration and one for Authorization Objects, and use them to mananage all the SAP Environments?

    A single sync project would share the same Mappings and Workflows? how would synch customizations for a single target be managed and how would Start up configurations and Schedules Work?. 

    For order reasons, I may consider the option to create different Connectors for the different environments but using different Variables sets for each different client of this SAP Environment. With this approach, I can create as many connectors as the environments and not as many as the clients to reduce the number of connectors (from more than 30 to only 12 or 13). The only problem that remains is that  i must create two different sets of connectors, a set for user administration and a set for authorization Objects to avoid the problems you described about merging the templates. 

    I'm going to check the link you shared too. 

     

  • +1 over 1 year ago in reply to Enrico Baffa

    A single sync project shares mappings and workflow. So for every SAP system that should handle the same, one sync project each (Base and authorization objects) is enough. The different SAP systems and credentials (connection settings) are configured in the variable sets and base objects. (more on base objects here https://support.oneidentity.com/technical-documents/identity-manager/9.1/target-system-synchronization-reference-guide/30#TOPIC-1868850). The base object creation wizard will create a startup configuration as well for the new system.


Reply Children