SAP Identity Management 8.0 Release Highlights

We have just released SAP Identity Management 8.0 with the following main improvements:

• Innovative design-time IDM Developer Studio as Eclipse plug-in
• Extended integration capabilities with SAP products
• Improved security concept

SAP Identity Management Developer Studio is an Eclipse plug-in that provides the environment for developing the configuration for the identity management solution. It is a replacement for the Identity Center Management Console.

The Identity Management Developer Studio offers improved security model and usability as well as a multiuser environment so that users can work on different configuration packages at the same time without overwriting each-others’ changes.

Configuration packages are delivered as part of the Identity Management core components. They contain frameworks and connectors that can be imported to the Identity Management database to provide the basic functionality as provisioning and integration with SAP Access Control.

A package is the smallest part of the configuration that is maintained as a unit. Changes to packages are version controlled, logged and reversible. Scripts and constants are included in a package and distributed with the package during transport. Global Scripts and global constants are replaced by packages

Transport of configuration is done on a package level. Each package is transported separately as a single XML file and there is no need for complex transport mechanism.

Developer Studio now supports Visual Workflow Design which allows you visualize conveniently and to drag and drop processes in a workflow diagram. Of course the tree view is still available.

The Provisioning framework for SAP Identity Management 8.0 provides set of templates to use to connect SAP systems to SAP Identity Management and to set up the jobs and processes for provisioning the corresponding users and the corresponding assignments.

The Provisioning framework for SAP Identity Management 8.0 is also distributed in packages. Each package has a specific purpose, as its name implies. There are for example an engine package, a package for a specific connector, a package for notifications, a package for User Interface forms and a custom package.

SuccessFactors connector is used for a communication between SAP Identity Management and SuccessFactors systems. The connector allows SAP Identity Management to integrate SuccessFactors systems into centralized user management scenarios. It is delivered as a separate package in the Provisioning Framework for SAP Identity Management 8.0.

When determining your system landscape, you can use Success Factors as a leading Human Capital Management (HCM) system and as a target system for provisioning. You can read more about SuccessFactors connector in Ralitsa’s blog article.

Repository management – repository types are introduced so that common parameters can be defined and can be shared and management of repositories is now possible in the Identity Management Administration User Interface so that development and management can be separated. Also repositories can be Enabled and Disabled manually or automatically e.g. when a repository is not available.

There is a new utility for dispatcher management and there are new states for the dispatchers so that you can suspend and resume dispatchers remotely.

New filter mechanism is introduced – dynamic groups which can be used for automatic assignment of privileges.

Minor changes:

Jobs are stored and run within an identity store. Can select identity store “-Self-”

Roles, Privileges and Dynamic Groups are managed by regular forms in Identity Management User Interface (instead of MMC)

The following are removed

• The Windows Runtime Engine
• The Identity Center Management Console is replaced by SAP Identity Management Developer Studio which is an Eclipse plug-in that provides the environment for developing the configuration for the identity management solution.
• Configuration Copy Tool is obsolete as the configurations are managed and transported with new packaging concept.

There are some changes in the terminology:

There are forms which define the screen layout and access control instead of “UI Task”

Processes are introduced and replace former “Task”. Only processes can be used as event tasks and can be called from other processes

Process type is introduced for easier definition of the usage of the process E.g. Validate-Add-Process, Entry-Modify-Process

Repository job is defined as a job which requires a repository to run and has a defined repository type

Check also SAP Identity Management Overview presentation by Regine Schimmer.