Hi All,

Here is our new idea, how to manage a mass number of users in SAP IdM. As most of you may know, the standard IdM UI doesn’t allow a mass change of users.

Mass User Data Administration tool provides role based access for Administrators and Managers and is used for user master data & access maintenance – for a number of users. It enables the user to load the data directly from IdM or just to upload an Excel file and complete the action.


/wp-content/uploads/2016/03/111_919251.png


MUDA UI separates the 4 main functionalities into sections (Fig.1):

Master data update, Master access update, Mass user lock/unlock and File Import.

/wp-content/uploads/2016/03/1_916327.png

Fig.1

Note: In order to find the targeted user(s), each functionality has a Filter (Fig.2) which searches for the users by already selected criteria directly in IdM. The possible filters are dynamically loaded, as all of the attributes are pre-defined in IdM. By pressing the “GO” button, the search in the IdM is executed and returns a result (Fig.3) and in case such one is found it will be added to the table content.

/wp-content/uploads/2016/03/2_916403.png

Fig.2

/wp-content/uploads/2016/03/3_916404.png

Fig.3

     1. Master data update UI

     The Master data update functionality enables the mass change of multiple user attributes.

In order to do a master data update you can select from the “Choose table columns” dropdown (Fig.4) the attributes, you would like to update or to see in the table.

/wp-content/uploads/2016/03/4_916419.png

Fig.4

     When you select your filter criteria and then press the “Go” button. After a result has been generated we can change the values of the attribute you want, or use the Replace All functionality to replace multiple rows which have a certain value with a new one (Fig.5).

                       /wp-content/uploads/2016/03/5_916420.png

Fig.5

     On pressing submit, the table content will be submitted and if any validation error occurs, the wrong row will be highlighted in red and an error panel will appear, displaying all the errors messages. After successful submission a popup with the request ID opens (Fig.6)

/wp-content/uploads/2016/03/6_916427.png

Fig.6

and a status of the current request appears on right side in the table toolbar and the status will be auto refreshed (Fig.7).

/wp-content/uploads/2016/03/7_916428.png

Fig.7


     2. Master access update UI

     Master access update UI gives us the possibility to assign or un-assign multiple roles and privileges to multiple IdM users at the same time.

Again we have to filer for the users and access we want (Fig.8):

/wp-content/uploads/2016/03/8_916429.png

/wp-content/uploads/2016/03/9_916439.png

Fig.8

     In case the action is “Assign” – action validity should be selected (Fig.9).

/wp-content/uploads/2016/03/10_916441.png

Fig.9

     By pressing the “Assign/Unassign” button, all entries without values in the table will be filled with the values defined in the toolbar above the table (Fig.10). On pressing submit, the table content will be submitted and if any validation error occurs, the wrong row will be highlighted in red and an error panel will appear, displaying all the errors messages.

/wp-content/uploads/2016/03/11_916442.png

Fig.10

     3. Mass user lock/unlock UI

     The mass user lock/unlock functionality enables us to lock/unlock a number of selected users. By default – MX_LOCKED attribute is a mandatory filter and the value Locked is pre-selected (Fig.11).

/wp-content/uploads/2016/03/12_916444.png

Fig.11

Note: To be able to execute a mass (single is also an option) lock/unlock we have to select a filter criteria, choose a value for the MX-Locked radio button and press the “Go” button. In case the option Locked is selected, all users, which match the filter criteria and are locked will be displayed in the table.

     4. File Import

     This feature provides all functionalities of this Add-On in a single UI view, just by uploading an excel file. The user is able to assign/un-assign access, lock/unlock users and update user’s master data (Fig.12).

/wp-content/uploads/2016/03/13_916448.png


Fig.12


     5. Custom MUDA requests created for the submitted UI mass changes – used for auditing purposes. After the UI request finishes we can search the same request in the standard IdM UI by his Request ID (Fig.13).

/wp-content/uploads/2016/03/15_916449.png

/wp-content/uploads/2016/03/16_916451.png

Fig.13


6. IdM customizations:

  • custom Entry Types _MUDA
  • custom job – managing the submitted mass requests changes
  • custom IdM UI – on SAPUI5 for mass user data/access changes
  • custom javascript-s managing the logic
  • custom UI tasks for the MUDA request – used for auditing



Hope you like it 🙂

Simona Lincheva

To report this post you need to login first.

2 Comments

You must be Logged on to comment or reply to a post.

  1. Ambati Gangadhar

    Hi Simona,

    Thank you very much for sharing such important solution for Mass user administration.

    Currently i’ve installed SAP IDM 8.0 (NW 7.4 Java Only) on SQL server.  Iam able to add other sap systems and was able to pull the user data and administer them.

    Can you please help me with the add-on details which you have mentioned in this blog for mass user administration, as i don’t see a standard procedure from SAP yet.  Your inputs will help me a lot to automate the mass user administration.

    Appreciate your inputs !!!

    Thanks,
    Gangadhar Ambati

    (0) 
  2. Pushkar Sharma
    Unable to make mass changes during business hours.

    HCM made changes to 10k uses and no one else can work because IDM uses all the system resources, any pointers to what can be the solution?

     

     

     

    (0) 

Leave a Reply