Skip to Content

Connecting Non SAP Applications to SAP IDM (Database oriented)

Connecting Non SAP Applications to SAP IDM (Database oriented)

Lily Sloane: I envy you… the world you’re going to.

Captain Jean-Luc Picard: I envy YOU… taking these first steps into a new frontier.

–Star Trek: First Contact

Previous entries here in the SCN IDM Space have discussed connecting various applications to SAP IDM. Active Directory (and other LDAP related systems) SAP Systems, Flat Files, even database tables. But what we have not really discussed is how to connect a database related system to SAP IDM. As with all things IDM, there are a number of ways to do this using IDM and VDS, and I am going to discuss how to do this over the next couple of blog postings.

In this first entry, I will discuss how to set up the Repository and Initial load for the system, which I am simply calling NonSAPApp. It is based on a simple database structure that was submitted in a Forum thread.

So the first challenge was creating the Repository.  To do this, I simply used the New Repository Wizard to create a Database Repository

Repository Wizard.jpg

Didn’t need to do too much here, just name the repository, choose the driver and then add the JDBC and OLE DB connection strings. If you’ve installed IDM before or created a new Identity Store, this should not prove to be too much of an issue. When you’re all done, you’ll get something like this:

Repository Constants.jpg

Now we can go ahead and create an Initial Load job. To do this, first I went through the job wizard to create a job to use as a template.

Initial Load selection.jpg

Make sure when you are running through the wizard that you select the correct repository.  Don’t worry though, it can all be modified later 🙂 After you’ve run through the wizard, expand the node and remove the unnecessary passes so the job looks like this:

NONSAPAPP Initial Load.jpg

Now let’s talk about some of the changes that were made to these passes so it will work for NONSAPAPP.

  1. In the root node of the job, double check and make sure it’s enabled, has a dispatcher assigned (and running!) This is also your chance to make sure that the correct repository is selected.
  2. In the Create System Privilege Pass, change the description to something that describes the application.  If need be this can be done manually later.
    Create System Privilege.jpg
  3. In ReadNonSAPAppUsers, make sure that you are re-configuring the source tab to read from your Users table.  It will look something like this:
    Read Users Source.jpg
    You’ll then be able to do an Insert Data Source Template
  4. For ReadNonSapAppRoles, do the same thing, except that you will need to pull from your Roles Table
  5. In the WriteUsers pass, map the fields accordingly. Blank out any fields that don’t apply or won’t be populated either by disabling the attribute via the # prefix or by clearing the attribute value.
    Write Users destination.jpg
  6. In the WriteRolePrivilege there is a value of %uniquename% used in the MSKEYVALUE and DISPLAYNAME attributes, if you are not using this value, replace it with a relevant unique value in your database as I have done here:
    write roles destination.jpg

That’s it, run the job, fix your errors and then check the database to make sure that the roles and users have been created.  In this case, my sample data had one user, Luke Skywalker (guess what I was watching?) and some roles that you can see from the following queries.

First a query that shows the user has been created:

NONSAPPAPP Loaded users.jpg

Next a query that shows the roles have been created and any users assigned to roles.

NONSAPAPP Roles and assignments.jpg

So there you have it. You’ll notice I did not handle role assignments here, but I think we call get the general idea of how to do this. In the next week or so, I will wrap this up by extending the provisioning framework to cover adding a user via the IDM UI to the system.


Added 19November2015

Thinking back to my TechEd Sessions with Plamen Pavlov and Kristian Lehment, you might want to try importing the attached file to a Version 8 environment.(Or to a version 7 environment for that matter) Just remember to drop the “.xml” from the filename. Note that there are absolutely no warranties or guarantees included with this configuration and neither myself or SAP can be held responsible for anything that happens as a result of using this import.  – MP

If you’d like to know how to connect the application to the Provisioning Framework, take a look at the follow up to this blog: Connecting Non SAP Applications to the SAP IDM Provisioning Framework

You must be Logged on to comment or reply to a post.