SAP IdM Custom Add-on for Mass User Data Administration (MUDA) – on SAPUI5
Here is our new idea, how to manage a mass number of users in SAP IdM. As most of you may know, the standard IdM UI doesn’t allow a mass change of users.
Mass User Data Administration tool provides role based access for Administrators and Managers and is used for user master data & access maintenance – for a number of users. It enables the user to load the data directly from IdM or just to upload an Excel file and complete the action.
MUDA UI separates the 4 main functionalities into sections (Fig.1):
Master data update, Master access update, Mass user lock/unlock and File Import.
Note: In order to find the targeted user(s), each functionality has a Filter (Fig.2) which searches for the users by already selected criteria directly in IdM. The possible filters are dynamically loaded, as all of the attributes are pre-defined in IdM. By pressing the “GO” button, the search in the IdM is executed and returns a result (Fig.3) and in case such one is found it will be added to the table content.
1. Master data update UI
The Master data update functionality enables the mass change of multiple user attributes.
In order to do a master data update you can select from the “Choose table columns” dropdown (Fig.4) the attributes, you would like to update or to see in the table.
When you select your filter criteria and then press the “Go” button. After a result has been generated we can change the values of the attribute you want, or use the Replace All functionality to replace multiple rows which have a certain value with a new one (Fig.5).
On pressing submit, the table content will be submitted and if any validation error occurs, the wrong row will be highlighted in red and an error panel will appear, displaying all the errors messages. After successful submission a popup with the request ID opens (Fig.6)
and a status of the current request appears on right side in the table toolbar and the status will be auto refreshed (Fig.7).
2. Master access update UI
Master access update UI gives us the possibility to assign or un-assign multiple roles and privileges to multiple IdM users at the same time.
Again we have to filer for the users and access we want (Fig.8):
In case the action is “Assign” – action validity should be selected (Fig.9).
By pressing the “Assign/Unassign” button, all entries without values in the table will be filled with the values defined in the toolbar above the table (Fig.10). On pressing submit, the table content will be submitted and if any validation error occurs, the wrong row will be highlighted in red and an error panel will appear, displaying all the errors messages.
3. Mass user lock/unlock UI
The mass user lock/unlock functionality enables us to lock/unlock a number of selected users. By default – MX_LOCKED attribute is a mandatory filter and the value Locked is pre-selected (Fig.11).
Note: To be able to execute a mass (single is also an option) lock/unlock we have to select a filter criteria, choose a value for the MX-Locked radio button and press the “Go” button. In case the option Locked is selected, all users, which match the filter criteria and are locked will be displayed in the table.
4. File Import
This feature provides all functionalities of this Add-On in a single UI view, just by uploading an excel file. The user is able to assign/un-assign access, lock/unlock users and update user’s master data (Fig.12).
5. Custom MUDA requests created for the submitted UI mass changes – used for auditing purposes. After the UI request finishes we can search the same request in the standard IdM UI by his Request ID (Fig.13).
6. IdM customizations:
- custom Entry Types _MUDA
- custom job – managing the submitted mass requests changes
- custom IdM UI – on SAPUI5 for mass user data/access changes
- custom UI tasks for the MUDA request – used for auditing
Hope you like it 🙂
Thank you very much for sharing such important solution for Mass user administration.
Currently i've installed SAP IDM 8.0 (NW 7.4 Java Only) on SQL server. Iam able to add other sap systems and was able to pull the user data and administer them.
Can you please help me with the add-on details which you have mentioned in this blog for mass user administration, as i don't see a standard procedure from SAP yet. Your inputs will help me a lot to automate the mass user administration.
Appreciate your inputs !!!
Yes, there is no standard process provided from SAP.
In this solution you have 3-custom Entry Types (processing and storing the data in IdM). When you submit a request from the UI, the data is stored into a custom tables, from where IdM is triggered and then and entries from those custom entry types are created. After we have the data in IdM, based on the request type we have access changes/master data changes or lock/unlock.
HCM made changes to 10k uses and no one else can work because IDM uses all the system resources, any pointers to what can be the solution?
We had such issues with some of our clients in our case we had problem with the user's access pending in the queue.
If your HCM changes are triggering access changes, you may overload the quese and it can stuck. The problem with this scenario is related with the internal IdM workflow responsible for provisioning the access (the view - MXPV_LINKS is restricted to maintain only 1001 pending links for one user).
The best approach here is to open a ticket to SAP and ask them to provide you with a solution (the solution will be - to increase the number mentioned in this view).
Sorry, I have a new user @simona.lincheva4 (I didn't receive your questions), in case you have additional questions, you can directly send them to me. I will try to follow the blogs created with my old user and answer to your questions.
Hi,I'm new with IDM.
I would like to know what information I need to pass to the WD developer to install this Custom Add-on for Mass User Data Administration (MUDA)
Can you give me more information?