One Identity Manager SAP Experience #5 Human Capital Management #1

When setting up an identity and access management system, we need authoritative data for employee and organizational data or structures, like cost centers. This information can be synchronized via the Identity Manager connector for SAP, from SAP HR, where we can synchronize employee information, managers of departments, as well as all information, or SuccessFactors, which is the cloud-based HR solution from SAP. This information can be synchronized into One Identity Manager: setting up the department tree, setting up information about managers of departments, setting up structures for cost centers, for profit centers, for responsible persons, and the employees that are members of these departments, giving us the information for approval later on to be used in the identity management solution. [MUSIC PLAYING] In case the authoritative source for your employee and organizational data is SAP HR, we can synchronize the information from SAP with our One Identity Manager SAP connector. So I'm logged into the SAP grid, and using the organization and staff display transaction to show you the organizational structure in SAP that has been synchronized into my Identity Manager instance. In this example, you can see that there is a number of organizational units created in the SAP HR module. And these organizational units have positions assigned to them. Positions are openings or jobs that are available for employees to fill out. So in this case, you can see that there is a position called director of sales and sales manager, which is empty. And there is a position called manager pre-sales. And this position has been filled by the employee Patrick Hunter. This information, which is available in SAP, will be synchronized, through our One Identity connector, into the Identity Manager database. And this information can be seen in the organizational tree of One Identity Manager. The [? Demolet ?] corporation has been synchronized in all the departments. And when we look into the pre-sales department, how the information is being stored, as you can see, the manager, Patrick Hunter, has been retrieved from SAP and has been set for this department, as well as the employees that are assigned to this department. When we look into the details of the department, we can see that the import source has been set to SAP R/3. This is because the data has been imported from the SAP or management data. So how is the data being synchronized from SAP through our SAP connector? And the SAP connector, which is the same connector that synchronizes ERP data, HR data, or any additional authorization information from SAP, knows so-called projects. These projects define which schema objects are being synchronized from SAP into One Identity Manager. So when we set up the connection to SAP, we will have to choose which project type we want to synchronize. In this case, this is the SAP R/3 HCM organization. And I've set up that synchronization prior to this recording so we can see what schema objects are available and what the mappings are. So when we look into the mappings, we can see that we synchronize employees, that we synchronize managers, and that we synchronize organizational information, as well as additional information like communication data or updates. So we look into the employee information, as you can see, everything that is known about an employee in SAP can be synchronized into One Identity Manager. As an identity management system, we are not interested in most of the employee information that are salary-related or tax-related, so we are only interested in data that are relevant for an identity and access management solution. And these attributes are being mapped into the Identity Manager database directly to the relevant objects, like person, or in case of organizational units, to the department object in the One Identity Manager database. So for retrieving the managing information, this is being done by evaluating the position information and which employee is being assigned to that position. In SAP, an employee is not directly assigned to a department, but an employee is assigned to the position, and that position is being assigned to a department or organizational unit, and can be marked as head of the department. This is how the connector retrieves the information from SAP, resolves the employee information, and sets the employee in the One Identity Manager database. [MUSIC PLAYING] In case you're using a cloud-based HR solution like SAP SuccessFactors, the One Identity Manager connect for cloud is needed to synchronize data from your cloud-based HR solution into One Identity Manager. For this, we will need to set up a connection in our connect for cloud instance for SuccessFactors. In my case, I have a connection to SuccessFactors HR and the connection to SuccessFactors directly to create users and accounts in a SAP SuccessFactors and assign permissions. In this case, SuccessFactors will be synchronized for HR data. And to set up the connection, we will need a username and password to log into SAP SuccessFactors and retrieve that information from SAP SuccessFactors. And a SuccessFactors connection URL is needed so that the correct instance of SuccessFactors will be addressed. Once we have this information in the One Identity synchronization editor, we can set up the SuccessFactors connection. And to do this, we will need to set up the configuration parameters, the connection parameters. These information are being provided from connect for cloud, and this data needs to be added into these fields so the connection can be built. Once the connection is available, the data from SuccessFactors will be synchronized into One Identity Manager. For this, we also have the mappings. And for SuccessFactors, we have four different mappings. We have employee mapping, location mapping, department mapping, and cost [? center. ?] So what does the employee mapping, in case of SuccessFactors, look like? We have the employee data on the SuccessFactors site, and our person data in the One Identity Manager site. And the information is being retrieved from SuccessFactors via connect for cloud into the One Identity Manager database. Contrary to the standard setup of connect for cloud, we are going to directly synchronize into the relevant tables, like person, department, cost center, or location. As you can see, information can be synchronized into One Identity Manager database, as well as synchronized back. When the synchronization is being executed, the data will also contain the reference that this has been synchronized from a cloud HR system. [MUSIC PLAYING]