IBM Tivoli Identity Manager, New Release 4.5.9 of the ITIM Agent for SAP R/3
In recent times, I have been asked from several sides if IBM supports SAP 6.40. For those who would need an official statement about that, it now can be answered in a positive way:
The GA release of version 4.5.9 of the ITIM Agent for SAP R/3 is now available (as of GA Announcement of May 31, 2005 ) and, in addition to previous releases, the ITIM Agent for SAP R/3 Release 4.5.9 now supports
– SAP ECC5
– SAP 6.40 CUA unicode
– SAP 6.40 Basis
– SAP 6.40 and 6.20 unicode and non-unicode
The Agent now uses ITIM ADK4.38 (Agent Development Kit).
The Agent image is available and can be obtained from IBM Support pages on www.ibm.com like all other Integration Solutions published by the IBM Tivoli Security Integration Factory.
Also, some modifications made include:
– Account Valid to date can not have year set to 9999.
Profile has been changed to allow year values up to 2999 by default. Allowing 9999 has performance issues when loading the form. If access to the year 9999 is required, this can be achieved by a simple modification of the profile SAP account form (erSAPAccount.xml), and reconfiguring the SAP Profile on the ITIM server host. Refer to section 7.9 for detailed steps.
– German translation for attribute values/descriptions.
German translation for values and/or descriptions has been allowed for the Title attribute, and also for the Country, Language (both default and communication), Time Zone, SAP User Type, Parameters, Contractual User Type, and Special Version attributes.
To enable this you must select German for the ITIM Service language attribute.
– Company attribute supported by default.
Support data is now available for this attribute. The core address components are visible in the display values for the Company names.
– Output Device attribute support data now available.
Some specific advice for configuration and handling:
SAP 4.6C allows 10 characters for the value of the cost center attribute. SAP 6.20 and 6.40 only allow
8 characters. Do not enter more than 8 characters for a SAP 6.20 or SAP 6.40 account because the SAP system will truncate the value by default. If you do not have SAP 4.6C you may lower the maximum length of this attribute back to 8 using the ITIM Server Console Account form Customization functionality.
For your information, here are some facts about the ITIM product:
IBM Tivoli Identity Manager (ITIM)
ITIM provides a secure, automated and policy- based user management and provisioning solution. It supports central user administration (CUA) and automation of user data. ITIM can integrate and automate business processes through workflow, central management , self-service interfaces and password management.
ITIM supports more than 70 target systems and applications to integrate with its identity management functions. To connect with these systems ITIM supports both the “agent approach” as well as the “agentless approach”.
The agent approach typically uses an XML-based protocol, Directory Services Markup Language (DSML), as a communications mechanism. Also there is IBM Tivoli Directory Integrator (ITDI) solution that can be used as the data bus that transports information and data to/from the services.
IBM Tivoli Identity Manager can also integrate mySAP applications in a corporate user administration environment. In order to integrate with SAP, there are two agents available: the ITIM Agent for SAP R/3 and the ITIM Agent for SAP Enterprise Portal.
IBM Tivoli Identity Manager is SAP-certified.
ITIM Agent for SAP R/3
The SAP R/3 Agent is designed to perform user management from an ITIM server to a SAP R/3 system. The Agent supports SAP Central User Administration (CUA) and non-CUA systems.
Using traditional ITIM agent architecture, based on ADK (Agent Development Kit), the Agent is deployed as a service on Windows systems or as a daemon on Unix systems.
The Agent uses the C implementation of SAP’s RFC API to access SAP R/3 systems. For actions where standard RFC is not available custom RFC are implemented and packaged up in an SAP transport file format. Those transport files must be installed on the SAP system as part of installation process. The communication between the ITIM server and SAP R/3 Agent are DAML over SSL, with the x509-based client authentication.
More on IBM Tivoli Identity Manager can be found at