Skip to Content

Connecting Non SAP Applications to SAP IDM (Database oriented)

Lily Sloane: I envy you… the world you’re going to.

Captain Jean-Luc Picard: I envy YOU… taking these first steps into a new frontier.

–Star Trek: First Contact

Previous entries here in the SCN IDM Space have discussed connecting various applications to SAP IDM. Active Directory (and other LDAP related systems) SAP Systems, Flat Files, even database tables. But what we have not really discussed is how to connect a database related system to SAP IDM. As with all things IDM, there are a number of ways to do this using IDM and VDS, and I am going to discuss how to do this over the next couple of blog postings.

In this first entry, I will discuss how to set up the Repository and Initial load for the system, which I am simply calling NonSAPApp. It is based on a simple database structure that was submitted in a Forum thread.

So the first challenge was creating the Repository.  To do this, I simply used the New Repository Wizard to create a Database Repository

Repository Wizard.jpg

Didn’t need to do too much here, just name the repository, choose the driver and then add the JDBC and OLE DB connection strings. If you’ve installed IDM before or created a new Identity Store, this should not prove to be too much of an issue. When you’re all done, you’ll get something like this:

Repository Constants.jpg

Now we can go ahead and create an Initial Load job. To do this, first I went through the job wizard to create a job to use as a template.

Initial Load selection.jpg

Make sure when you are running through the wizard that you select the correct repository.  Don’t worry though, it can all be modified later 🙂 After you’ve run through the wizard, expand the node and remove the unnecessary passes so the job looks like this:

NONSAPAPP Initial Load.jpg

Now let’s talk about some of the changes that were made to these passes so it will work for NONSAPAPP.

  1. In the root node of the job, double check and make sure it’s enabled, has a dispatcher assigned (and running!) This is also your chance to make sure that the correct repository is selected.
  2. In the Create System Privilege Pass, change the description to something that describes the application.  If need be this can be done manually later.
    Create System Privilege.jpg
  3. In ReadNonSAPAppUsers, make sure that you are re-configuring the source tab to read from your Users table.  It will look something like this:
    Read Users Source.jpg
    You’ll then be able to do an Insert Data Source Template
  4. For ReadNonSapAppRoles, do the same thing, except that you will need to pull from your Roles Table
  5. In the WriteUsers pass, map the fields accordingly. Blank out any fields that don’t apply or won’t be populated either by disabling the attribute via the # prefix or by clearing the attribute value.
    Write Users destination.jpg
  6. In the WriteRolePrivilege there is a value of %uniquename% used in the MSKEYVALUE and DISPLAYNAME attributes, if you are not using this value, replace it with a relevant unique value in your database as I have done here:
    write roles destination.jpg

That’s it, run the job, fix your errors and then check the database to make sure that the roles and users have been created.  In this case, my sample data had one user, Luke Skywalker (guess what I was watching?) and some roles that you can see from the following queries.

First a query that shows the user has been created:

NONSAPPAPP Loaded users.jpg

Next a query that shows the roles have been created and any users assigned to roles.

NONSAPAPP Roles and assignments.jpg

So there you have it. You’ll notice I did not handle role assignments here, but I think we call get the general idea of how to do this. In the next week or so, I will wrap this up by extending the provisioning framework to cover adding a user via the IDM UI to the system.


Added 19November2015

Thinking back to my TechEd Sessions with Plamen Pavlov and Kristian Lehment, you might want to try importing the attached file to a Version 8 environment.(Or to a version 7 environment for that matter) Just remember to drop the “.xml” from the filename. Note that there are absolutely no warranties or guarantees included with this configuration and neither myself or SAP can be held responsible for anything that happens as a result of using this import.  – MP

If you’d like to know how to connect the application to the Provisioning Framework, take a look at the follow up to this blog: Connecting Non SAP Applications to the SAP IDM Provisioning Framework

To report this post you need to login first.


You must be Logged on to comment or reply to a post.

      1. Former Member

        Dear Matt,

        Would you recommend MMC tutorials, please?

        As I do understand, there must be snap-ins available to be added to MMC.

        But in whole system there are no snap-ins for IDM.

        Only one from SAP AG is SAP system manager as attached.

        Are there any additional steps to make those wizards as snap-ins?


          1. Former Member


            Currently I am on IDM 8.0.

            There is no mention about job wizard in all IDM 8.0 install and configuration docs.

            Do IDM 8.0 also have job wizard?

            Help me some more, please.


            1. Former Member

              Hi Dongsu,

              in 8.0 you can select from the jobs context menu – mouse rightclick  menu gives you the option create a Job, Ropository Job or a Job Folder. If you choose Repository Job you are “wizzard-like” prompted to select a repository and then you can edit the Passes, Scrips and Constant is a new panel. If you choose normal Job then you are directly given the panel where you can modify Passes, Scrips, Constants and Variables.


              So it not exacly step-by-step wizzard or job templates, but is quite simple and straightforward.


              Best Wishes,


              1. Former Member


                It may simple and straightforward to experienced NW IDM technician.

                But I am new to SAP NW IDM and it is not easy to catch up.

                After I look in adap connector and this NonSAPApp connector by Matt, I can guess few of them about what they do.(not knowing how to make)

                – ReadNonSAPAppRoles

                – ReadNonSAPAppUsers

                – ReadNonSAPAppAssignments

                but for others, it is hard even to know what they do.

                Can you tell me which documents explain about this, meaning and how to make.

                Before post this question, I tried to find them in IDM 8.0 documents, but could not find it.

                Please understand that I am new to NWIDM.



        1. C Kumar

          Hi Dongsu,

          Check the blog How To Start Writing A Simple IDM 8.0 Connector by Fedya.

          I hope it will help you to connect your SAP IDM 8.0 to your non-SAP system. As your non-SAP system is Database so please choose Repository Type as Database instead of Virtual Directory Server (as discussed in blog)  while creating the repository type in SAP IDM developer studio plugins.


          C Kumar

    1. Matt Pollicove Post author


      I will also attach my job to the blog post later today (By our posting schedules, I’m guessing you are not in North America) If you need it sooner, let me know (I need to get over to a different computer from where I am now 🙂 )

      1. Former Member

        Dear Matt,

        do you found any equivalent tool with job wizard in IDM 7.2?


        do you have plan to do this same configuration in IDM 8.x version?


        I imported your NONSAP mcc file,  which you attached, and I look in the repository types, repository constants with category, jobs and passes.

        there are 15 passes in Initial_Load job for NONSAP repository.

        and each passed have quite complex mapping in destination tab.

        Fedya says this is straight forward but I don’ think it is…..

        best regards,


  1. Former Member

    Hi Matt,

    Lovely sharing.. thank you.

    In this scenario, the users/roles being created in IDM .. right??

    NonSAPapp as a user data source.

    May be dumb Q.


    1. Matt Pollicove Post author

      Hi Rika,

      Yes, in this case we are reading from the NONSAPAPP, via IDM to create the identities. The next installment will show how to create users directly from IDM.



Leave a Reply