Skip to Content

Configure easy to use web-user interfaces for SAP NetWeaver Identity Management

Since release 7.1 of the SAP NetWeaver Identity Management the web user interface (in the following referred as IdM UI) is based upon Web Dynpro for Java. Thenceforth the look and feel has been upgraded which bring a seamless integration in +SAP Enterprise Portal. +A user who is familiar with SAP products find one’s way with the UI controls and the navigation.

The following systems / applications have been used in this blog:

    1. SAP NetWeaver Identity Management 7.1 SP04
    2. ORACLE 10.2 Database


Knowledge / experience in the following areas are necessary / helpful:

    • IdM UI basic knowledge
    • IdM Console in general

Scenario description

The designing of the Identity Management UI is a project step during the design phase and should not be neglected. The usability is an essential factor for the acceptance of end-users and operators. The designing of the UI is a basic driver for a successful Identity Management project. That is because the manual processes like self-services, management-services, requests and approvals are based on the web based UI. 

Also this denotes that usability should be an important aspect during the roll-out and after the deployment of enhancements of an Identity Management solution. The configuration of the controls of the UI is done in the design component called the IdM Console. The self-services, management-services and requests are represented in the task-structure of the IdM Console by web-enabled tasks, the approvals by approval tasks.


Both task types contain the tab “Attributes” where the presentation of the UI controls is defined. In this tab you can define which attributes shall be presented and how they are ordered. The following screenshot shows the tab “Attributes” of a web-enabled task which represents a request-UI of an external employee who is not managed by the human resource system.


The tab “Attributes” provides elements to configure the UI. The basic configuration is the order of the attributes which should be shown in the UI. This can be done by moving up and down in the tab “Attributes”. The attribute will be visible in the UI when the checkbox in the column “List” is active. The checkbox in the column “Mandatory” enforces that a value has to be entered in the UI before the request is saved.  These attributes are marked with an asterisk (*) so the end-user notices that this is a mandatory field. If you want to set up an attribute as mandatory by default adjust the attribute’s property in the Identity Store schema. Check the column “Read only” if you do not want the user to enter anything in a specific field. The column “Default values / Caption” enables you to set default values for each control. If you use this column for structural elements, which will be described in the following paragraph, the column is used to define the caption of the element.

h3. Structural elements/ Attribute presentation

Beside the attribute elements, the tab “Attributes” provide structural UI elements to improve the usability by separating, describing and accentuating the attribute elements. The following table shows the structural UI elements provided by the tab “Attributes”:

Structural UI element



Show text which is language dependent. This can be used to provide some additional information in the UI in form of a text. (Column “Default values / Caption”).

Horizontal Line

Separates attributes from each other.


Cut the attribute list in separate sections. The text in this element is also fat.


Built up columns to show attributes side by side


Built a separate tab in the UI. This element also provides a label for the tab which can be defined language dependent. (Column “Default values / Caption”)


The structural UI elements can be defined with the context-sensitive menu in the tab “Attributes”. The order can be defined by moving up and down the elements in the tab “Attributes”.

Every attribute UI element in the tab “Attributes” is represented by a UI control which can be defined by the tab “Presentation” in the properties definition of each attribute in the Identity Store schema. The following screenshot shows the tab “Presentation” of the attribute MX_SALUTATION.


The “Web presentation options” define the control for each attribute. The following table shows the different “Web presentation”.



Display name

Enter the name that is used when displaying the attribute in the IdM UI.

Tooltip text

Enter a text that will appear as a tooltip for the field in the Identity Management UI.


The presentation defines the type of control which should be used for the specific attribute.



Single Line

A normal input field (one line).

Multi Line

An input field with several lines.

Single Selects *

Drop-down list where the user can select a single value.


A check box.


Creates a reference to another entry in the identity store. A search interface is displayed, where the user can find the correct entry to create the reference.


Displays a “Browse…” button that allows the user to find a file to attach.

Lookup *

Displays the description corresponding to a given ID.

Radio Button *

Displays a radio Button.


Displays a date control with date input assistance.


The text is shown as email link.

Object Value Help *

A list box where the user can select a single value language dependent.

Multi Select ²</p></td><td width=”344″ valign=”top” style=”border-right: black 1pt solid; padding-right: 5.4pt; border-top: medium none; padding-left: 5.4pt; padding-bottom: 0cm; border-left: medium none; width: 257.9pt; padding-top: 0cm; border-bottom: black 1pt solid”><p style=”margin-bottom: 0pt; line-height: normal” class=”MsoNormal”>A list box where the user can select several values.</p></td></tr></tbody></table><p style=”margin-bottom: 0pt; line-height: normal” class=”MsoNormal”>only for single-value attributes           *²only for multi-value attributes

Confirm input

Select this check box to specify that the user has to confirm the value entered in this field by re-entering it in a separate field.

Hide input

Select this check box to specify that the input should be hidden (replaced by dots). This is typically used for passwords or other sensitive information.

Show search field

Select this check box to specify that the presentation of this attribute will include a possibility to search for values in the list. This is particularly useful if there may be many values assigned to a multivalue attribute. If this is selected, no values will be shown in the user interface, until a search is done.

Number of rows in table

Enter the number of rows you want to list for a multivalue attribute. The default value is 5.


The “Task defaults” define the default setting of the attribute in the tab “Attributes” of the web-enabled task or the approval task. This can be done for the options “Read only” and “Mandatory” which have been described before.

h3. Attribute values

Easy to use UIs should only show attribute values which are relevant for the process. The tab “Attribute values” provides options to define the legal values of an attribute. The following screenshot shows the task specific attribute properties of a web-enabled or approval task.


The following table describes the options provided by the tab “Attribute values” to define the legal values which are available for the attribute.




Fixed values can be written in the tab “Attribute value”.

SQL query

An SQL-query can be written to the tab “Attribute value” which selects the values which should be available in the UI.

Value help

The values can be defined by a table and a unique key in this table. It is also possible to use an additional language key to show only country specific values of the loggedin person.


A filter-task defines the attribute values. In the filter task an SQL-query is defined. This option has the advantage to the option “SQL query” that SQL-query is not defined directly in the Identity Store schema or the web enabled task, it is defined in a separate and central filter task.


The option “Value Help” sets the attribute value based on the values of the table MXI_ATTRVALUEHELP. Therefore the option “Value help” of the tab “Attribute values” has to be set like shown in the following screenshot.


This option provides a language dependent selection like shown in the following screenshot.


In opposition to “Values” and “Value help”, the options for “SQL query” and “Task” are based upon SQL queries which are more flexible. In these SQL-statements the following runtime variables can be used to read out the MSKEY of the logged-in identity (requester) and the identity the request is done for (assignee).

Runtime variable

DescriptionThe blog Extended use cases for input validations with SAP Identity Management of my college Julian Harfmann describes both ways to define field validations in detail.

A simple example should give an idea why field validations improve the usability of IdM UI’s. The request for a user account for an external contains the “single-line” with the display name “Costcenter” which defines a costcenter the external is assigned to. The length of the attribute MX_COSTCENTER can be defined in very simple way in the tab “Validation” in the attribute property in the identity store definition like shown in the following screenshot.


If a requester enters a value with a different length an errors message is pointing on the wrong filled attribute. This improves the usability because the error messages of the field validations ensure that the web-enabled tasks are filled with legal values. Meaningful error-messages are presented to the requester. The error-messages of the tab “Validation” only point on the wrong attribute and cannot be customized. The error-messages based upon the Java Extension Framework can be customized and will be described soon in another blog named Extended use cases for input validations with SAP Identity Management.

h3. Summary

The blog shows how you can configure easy to use UIs in SAP IdM. The first part of the blog showed how to create UI controls and form a well-structured user-interface. The second part showed how attribute values can be defined with the requirement “as much as necessary, as little as possible”. Field validations ensure legal inputs and show useful error messages in case of a faulty insertion. This topic is described in the third part of this blog and described in detail in the blog Extended use cases for input validations with SAP Identity Management of my college Julian Harfmann .

This is the first release of this blog, which should give an overview of important aspects when you create user interfaces for SAP IdM. Additional important aspects and new features will be blogged here.

Release 1.0 (Created on 27.06.2010)
Release 1.1 (Changed on 07.07.2010)

To report this post you need to login first.

1 Comment

You must be Logged on to comment or reply to a post.

  1. Former Member
    Hi Chrsitoph,
    First of all you did a great job with this article
    I have a question, how can we get error messages to the UI from identity center using UERRmsg or any internal functions
    Thanks a lot

Leave a Reply