Additional Blogs by Members
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Identity Management - HCM Integration

Former Member
‎09-11-2011 5:21 AM

The virtual Directory Server is the LDAP interface between the SAP Identity Management and the SAP HCM in the standard scenario. In this blog I will shortly show how to integrate the SAP HCM to the SAP IdM and explain the three possibilities to do that.


 1. Scenario

With the access to HR master records, SAP IdM can automatically distribute these information to the target systems, e.g. when creating SAP users after an approval of the supervisor. In addition, users can automatically be linked to roles based on organizational structures. Triggers based on HR actions can be implemented, e.g. deactivating users on the leave-date.

 

 

 

 

 

 

 

 

 

This scenario is also described in the following guide (Appendix E):

https://websmp110.sap-ag.de/~sapidb/011000358700001449662008E

In this chapter I want to highlight the most important steps:

First step is to configure the HCM export. To export data from SAP HCM it’s necessary to create a query (Transaction SQ01). You can use the query “LDAPEXTRACT46C“ as template. So you only have to customize the attribute mapping for your needs.

Next activity should be the creation of the RFC connection. Therefor use transaction “LDAP”. SAP recommended to start the connection name with “LDAP”.You also have to configure the “LDAP Connector” and the “LDAP Server”.  The attribute mapping can be imported with the provided *.xml file in the “LDAP Server” configuration (HCM Ldap Mapping.xml).

On the other side we have to configure the staging area in the SAP Identity Management. Therfor import the provided staging area *.mmc file from “D:sapidmidentity centerTemplatesIdentity CenterSAP Provisioning framework”. This staging area is an own identity store where the users from HCM will be imported.

Finally the provided HCM configuration for the VDS should also be created and configured.

Now you can execute the HCM export and the user data will be written into the staging area over the virtual directory server as LDAP interface for the HCM.


 2. Scenario

The other variant is to read data directly from the SAP tables.

 

 

 

 

 

 

 

 

 

The alternative to the shown „standard“HCM integration is to read the information from SAP tables with the standard IdM connector and write them directly into the identity store.

The advantages for this kind of HCM integration is that there will be less interfaces to configure and no VDS will be needed. Also the performance will be much better than in the standard scenario.

But most of the HR Departments are not amused of pulling data from SAP tables. They prefer to push the data via report.


3. Scenario

The third variant is with PI as interface between SAP IdM and HCM.

 

 

 

 

 

 

 

 

For detailed information about this scenario please read these blogs:

How To synchronize data from SAP HCM to SAP NetWeaver Identity Center using SAP PI (Part I)

How To synchronize data from SAP HCM to SAP NetWeaver Identity Center using SAP PI (Part II)

How To synchronize data from SAP HCM to SAP NetWeaver Identity Center using SAP PI (Part III)

Popular Blog Posts
Top kudoed authors
View all