Product Information
SAP NetWeaver ID Mgmt is strategic – CUA is out
Betting on implementing the ABAP-based Central User Administration (CUA) tool today, is going to lead you down a dead-end road. For all new functionality and all additional applications that are currently in development at SAP, the strategic investment of SAP goes to functionality related to the SAP Identity Management product and not to development projects around the CUA. SAP Identity Management is the tool that leverages modern technology; it is high performing, innovative and scalable.
Start new projects using SAP Identity Management (SAP IDM)
If you plan to implement a tool to centrally manage user data and access rights in your entire system landscape, do not even look at CUA anymore. If you are uncertain about the replacement of your existing SAP CUA with SAP IDM, when to do it, or whether and how you should start with the implementation of SAP IDM at all, contact SAP consulting services. If you are not sure about the migration path or the efforts for internal/external consulting or the timeline for an implementation, you should also talk to the SAP consulting services team.
By the way: this blog is not meant to invalidate the blog called “CUA Will Never Die“. Both stay true: CUA will be supported according to the normal release and support cycles AND there is not going to be any future investment in CUA functionality in the future. This will also mean that there is not going to be any CUA functionality available for all not-SAP NetWeaver related technology platforms that SAP may build, support or acquire in the future, including SAP Business By Design and any SAP Business Objects, Sybase or Cloud related products.
You may also want to read the other blogs about this subject:
I appreciate for the advice.
Are you giving new IDM 7.1 version free(no license fee) for using within SAP systems ?
Is it supporting SAML 2.0 ?
Hi there,
answers to your questions:
1) Make sure to consult with your SAP account executive about conditions for licenses for the SAP Identity Management product.
2) Please consult the SAP community pages about the details concerning functionality of the product SAP Identity Management: https://www.sap.com/community/topics/identity-management.html
Hi Kristian,
I read your post and the article on NetWeaver IDM product. I have two questions that I am seeking answer for. If you can answer them then it would help me.
1. Anybody wanting to learn and work on NetWeaver IDM should go for which training (the training and exam code info would help besides other info).
2. Is NetWeaver IDM developed mainly for SAP or it is equally good in comparison to other IDM products from different vendors.
Thanks & Regards,
Nagarajan Viswanathan
Hi,
the answer to all your questions can be found on the SAP.COM pages about SAP Identity Management:
SAP Identity Management
1) Training: the SAP IDM classroom training course is called ADM920 (status Mar. 2014) and is given around the globe in many locations.
2) In the “Product Overview” area you find a lot of information about the product:
SAP Identity Management Product Overview
Among others we really emphasize the fact that the SAP IDM product is definitely as good for NON-SAP software as for all SAP-software components. Have a look at the overview slides
Solution in Detail: Business-Driven, Compliant Identity Management
as well as at the connector information
SAP Identity Management – Connector Overview
Best regards
Kristian
Hi Nagarajan,
I can tell you that the SAP NW IDM solution works great for Enterprise and Landscape systems having provisioned to many of them over the years and should be under strong consideration for any organization that is a SAP shop. As Kristian mentioned, there's a lot of information to be found in the SAP IDM forums, blog and document sites.
Training is an excellent first step at understanding how SAP IDM should be positioned in your Landscape with regards to UME, Portal, ABAP and Java Systems, GRC, along with things like your Directory Service and other data sources.
Feel free to ping me if you have any specific questions.
BR,
Matt
1) Attending the training is the way to start with the product or hiring more experienced help. There's no IdM-only certfication as far as I know but passing certifications/exams doesn't mean that you can succesfully implement the product.
2) The product was originally developed by small software vendor before SAP acquired them, so it is not developed only for SAP and the flexibility of the product allows it to be connected to large variety of systems and platforms with some customization.
Hi Kristian,
Is it possible to implement SAP IDM in such a way that it acts as replacement of SAP CUA. So you can only manage users in SAP systems (keep in mind the implementation time/goal/costs)?
In my opinion you cannot compaire these tools with each other. CUA is a simple "free" tool to manage SAP users while IDM is a "bigger" project (HR related over all systems).
So the big difference in my opinion is the technical (administrator support) tool = SAP CUA and the full identity control in your business = IDM.
Kr,
Roy
HI Roy,
You sure can! No one says that you have to implement workflows and approvals! If you need to just do batch loads of users, IDM will do that just fine. However I think it was becoming clear to SAP (I don't work for them) that something more was needed, mostly to cover JAVA systems and also to have some parity with Identity Management applications out in the Enterprise. CUA as a Landscape only mechanism, just doesn't cut it.
Where IDM really shines, in my opinion, is it's excellent integration to the Landscape via the Provisioning Framework and HCM integration. Feel free to start a thread with your questions and concerns, the SCN community would be happy to help you out, or feel free to PM me.
Regards,
Matt