Skip to Content

How To Start Writing A Simple IDM 8.0 Connector

In IDM 8.0 it is slightly different how do you create a connector and in this blog I’ll show the first initial steps only.

You have to create a configuration package similar to e.g. Since it is your own package it will be named like com.mycompany.connector.<type>

If you look inside SFSF package it contains a SFSF repository type defined. It also contains all the configuration information, such as constants, scripts, repository types, processes and jobs.

Once you create such package in  developer studio, then it will appear as repository type in the web UI admin interface which you access https://<host>:<port>/idm/admin

1. newpackage.png

Then you select a package name


Then you create a new repository type in the newly created package.


And choose the repository type template that best suits your needs


Then you can define the repository constants


And for each constant you have to define whether it is repo, repo type or repo type with override constant

6. repoconstants.png

The differences are explained in the help here.

Do not forget to mark password repository constants as encrypted


Then you have to select the datatype if it is not string like in the case with Job references.


Once selected you are given the options to select possible values with the “…” button


At the beginning you will have no jobs to select from. So you need to create e.g. Initial Load job  to make the initial synchronization with your target repository:


and here you can choose your newly created repository type.


and after you have created your job you will be able to reference it.


Then going to the admin web user interface https://<host>:<port>/idm/admin you can navigate to System Configuration/Repositories and Create/Create New Repository you will be able to select your newly created repository type.


and the constants you defined will be visible bellow to be filled in by the user.

Of course you have to define the Provisioning, Modify and Deprovisioning processes and assign them in the event processes tab


This the frame. Open to suggestions what else could be added to improve this blog or the process.

You must be Logged on to comment or reply to a post.
  • Thanks Fedya for this blog. It will help a lot to build SAP IDM Connector.

    I have one questions -

    How to define provisioning, deprovisioning and modify processes? Do I need to create new one under the processes -> Triggers or we can just copy-paste the available provisioning,
    deprovisioning and modify from other packege and use.

    If we need to create new provisioning then it would be great if you could share the steps.


    C Kumar

    • Hi,

      I'd suggest to choose the cleaner approach to create new ones - as you say under triggers.

      Or if you cave matching process you can copy and check it.

      You can use the graphical workflow designer in Eclipse. First you can create your workflow from business point of view - e.g. create groups (if necessary), create user, create company, address etc (if needed), then assign user membership. You do this with clicking on the action task type on the side palette and then click on the flow line where you want to put it (notice it is click-and-click not drag-and-drop). Once you have the business workflow in place you can then fill in the passes of the action tasks.

      Best wishes,


  • Fedya,

    How many constants did you add?

    Is INITIAL_LOAD mandatory or optional?

    If mandatory, how did you get that?

    And can you show me how did you make Initial load job?

    There must be many passes.



    • Hi Dongsu,

      the number of constants depends on your repository type. Normally what is needed are hostname, port, protocol, username, password, same if you need proxy, connect and read timeout, system privilege and INITIAL_LOAD conastant.

      Initial load is necessary, because it does the initial synchronization between the Identity Store and the repository.

      Under Jobs - create a new Repository Job and name it initial load. You can name it otherwise also. It is important that you define INITIAL_LOAD constant which is of type job reference and points to your job.

      You are right there needs to be the appropriate passes - at least create account attribute , system privilege and account privilege, then read users and write them to your Identity Store.

      Thanks for asking - reminds me that this blog need to be continued...

      Best wishes,


      • Dear Fedya,

        Is there any document describing this kind of knowledge?

        Connector architecture, scripts and stored procedures which scripts call, Job and passes,

        When we assign system privilege, how IDM do provision to target system automatically, etc.

        I am expecting actual IDM implementation project next year and connecting to non-sap system is major requirements of it because there are many custom built target systems in most customer IT environment.



        • Hi Dongsu,

          there is some documentation on the Connector Development Kit which suggests using Virtual Directory Server. There are other simpler ways to build a connector and this would be the subject of the customer engagement initiative.

          For your project you could check if the non-SAP systems support some of the common standard protocols which are also supported by SAP Identity Management like LDAP, SPML, ODBC, JDBC, REST etc.

          Best wishes,


  • Hi Fedya and Kumar,

    Is there an update on the Connector Development Kit for IDM 8.0? I'm having trouble locating documented standard pirating procedures that cover the creation of repository jobs and the components of jobs in Eclipse IDE.