Hi everyone, I am new to using the Extension Framework, and am currently working with IDM 7.2 SP8. I'll start by explaining the issue and what I'm trying to do. Managers are not allowed to request roles for their direct reports, but IDM lets this occur. I have customized the workflow upon submission so that the request is rejected and an email gets sent to the manager indicating the issue. However, I would like to display a custom UI message precisely when a manager presses the save button after requesting a role for one of their direct reports. From what I understand, the Extension Framework utilizes two functions; onLoad and onSubmit. Using the onSubmit function, I can easily check the array of changed values to see if a role was requested. Next, I need to check to see if the requestor of the role is the manager of the person for whom the role was requested (This is the part this is a little tricky for me). 1.) Does anyone know how to capture the person who requested the role? 2.) The OnSubmit function gives you access to IdmSubmit data which holds the attributes/values that changed. Is there a way to access all of the attributes/values for an entry within the OnSubmit function, and not just the attribute/value pairs that changed prior to saving?
↧
Attribute Validation with Extension Framework
↧
Web Services in IDM-GRC Intergration
Hi,
We are trying to connect IDM 7.2 with GRC AC 10.0. I found various services provided by SAP and found they were pre-activated.
Also found a SAP Note which talks about registering services in SOA Manager to be able to call the web services. My doubt is if I need to register these services in SOAMANAGER for integrating with another SAP system(which is SAP IDM in this case) or it is only needed for non-SAP systems
Will just activating the services in SICF would be sufficient?
Regards,
Silver
↧
↧
MX_ASSIGNMENT Status Filter
Hi Experts,
I have some trouble with the MX_Assignment Status Filter.
According to the help the filter "Not assigned" should only display the pending assignments (like approvals). Rejected or failed assignemnts are not displayed.
However with this setup (Not assigned) the rejected assignments are displayed.
Is this a bug? I dont want that the failed or rejected assignments are displayed. I only want to see the pending approvals.
How can I solve this?
Thanks and regards
Florian
↧
Question about Scope of Initial Load
Hi experts,
I am trying to test basic provisioning to SAP ERP.
As a step for provisioning, I ran initial road.
Some loaded successfully and some failed and I have some questions.
My environment is as follows:
IDM 8.0
OS: Windows Server 2008 R2 Enterprise
DBMS: Sql server 2012
Both IDM and ERP runs on same PC.
The hosts file is configured to use hostname 'vmehp7'.
(The installation was done without problem.
Basic synchronization was done. **thanks to Valentina)
I created Repository as follows:
and ran Initial load.
after several correction, it looks did something like:
and the detail screen is
and the Job Log is as attached. (DSE.log, DES_log.xml)
If I check Identity Store,
Company address, Person, Privileges are loaded from the repository even though the status is red.
(see PRIV:ROLE:R4_ERP:****)
(ACCOUNTING, BLACKMA ,, is added person)
Here comes my questions:
1. Can I control the passes in Initial Load?
I thought Initial load would read in technical roles from repository because it is must thing for IDM.
But this Initial Load do much more than I thought.
It read in Person even though the repository(ERP) is not a source system.
Read-in person and create in Identity Store is needed function by situation.
But not always recommendable.
So I think there must be a way to select passes for run.
2. what these errors mean?
If you see the error log, there are some errors starting from 'Pass: WrintABAPUsers'.
putNextEntry failed storingNORDSPEED
Exception from Add operation:com.sap.idm.ic.ToPassException: ToIDStore.addEntry failed storing entry 'NORDSPEED'. IDStore returned error message: " Value not legal for this attribute:Attribute: MX_TIMEZONE" when storing attribute 'MX_TIMEZONE=UTC+1'
Exception from Modify operation:com.sap.idm.ic.ToPassException: ToIDStore.modEntry failed updating entry 'NORDSPEED'. IDStore returned error message: "Entry does not exist" when fetching entry
any advice on this error and others will be highly appreciated.
regards,
dongsu
↧
SAP IDM 8.0 SP1: Issue with Developer studio login
Hi All -
I am trying to login to IDM developer studio in Eclipse for the first time it was giving below error.
Login Failed: Unrecognized SSL Message
If I check the Eclipse Error log it was showing below error in the screenshot.
If you see the versions of the DevStudio Service on java server and DevStudio PlugIn in Eclipse:
As per my understanding version mismatch of 8.1.13 and 8.1.11 the error was showing up.
Now my question was how to match the either of the version to other version? Since we don't have choice to select the version to download.
So how do we match these two versions in order to login successfully.
Your help highly appreciated.
Thanks in advance,
↧
↧
HR sync to LDAP - specify destination OU?
Hi all,
<b>Note</b>: We are not using NetWeaver IdM on my project, so the following refers only to tools available in NetWeaver ABAP+Java 7.0. The HR - LDAP sync I talk about has been around since R/3 4.7.
I am configuring a scenario to synchronise employees from HR to LDAP (Active Directory in this case). The company's AD instance has several top-level OUs containing users, and I want new users to be created in another top-level OU (e.g. OU=NewUsers,dc=company,dc=com).
As standard in transaction LDAP, I can specify the LDAP server to use OU=NewUsers, but then existing users only get synchronised if they are underneath OU=NewUsers (i.e. users in other top-level OUs fdo not get synced).
I need existing users to be synchronised if they exist anywhere in the directory, and currently the only way to do this is to specify the LDAP server as dc=company,dc=com, which means that all new users get put in the top of the directory tree instead of in OU=NewUsers.
Can anyone tell me how to set up HR-LDAP sync so that new users get put in OU=NewUsers but all users in other OUs still get synced?
Best regards,
Darren
↧
Alias field update in ABAP system
Hello Everyone,
Need your input in updating Alias field under SU01 (User master record) when we create new user in IdM.
For example if we are creating new user "ABCD1234" from IdM, when this id created in ABAP, alias field should also populate with ABCD1234@XYZ.NET"
Please share your input or guidance on achieving this requirement, we are using IdM 7.2 (SP9).
Regards,
Manish
↧
SAP IDM 7.2 - Suspending provisioning to a specific repository for a short period
Hi Experts
I have a requirement from my client to suspend provisioning to a specific SAP repository for a few hours while they take that SAP system down for some upgrade activities. They want provisioning to the other SAP systems to continue as normal so I cannot stop the dispatchers.
How can I accomplish this?
Please advise
Thanks
Ranjit
↧
IDM 8 Transport document
Hi,
Does anyone know if there is a separate Transport Guide for IDM 8?
The IDM 8 Config Guide refers a link that leads to Version 7.2 Revision 7 of the Implementation Guide - Transport. And no date is referenced.
Thanks much for your help.
Best regards,
Ashok Azhagiri
↧
↧
Unable to Login into SAP IDM Developer Studio
Hi Experts,
I am installing IDM 8.0. According to the Installation Guide in SAP Identity Management Installation Guide - SAP Library . I have reached to the Adding the Initial Identity store phase. I have created the user as Idmadmin in the NWA/Identity portal. The issue is, I find the Identity store option disabled in the IDM developer studio and when I try to Login into the Identity management Developer studio with the same user Idmadmin and the required password. Even though the username and password entries are correct I'm unable to login, instead I'm getting a error message stating "Login Failed" . I cannot proceed further with the addition of the identity store without logging in. Could anyone please let me know whether there are any changes need to be done or if there is any different procedure to accomplish this task.
Thanks
Madhav J
↧
How to connect non sap custom system?
Hi experts,
How can I connect custom built system to IDM?
The system was built by customer and uses dbms tables to manage it's login information.
The table structure is simple that USER table for user information and ROLE table for role information and USER_ROLE table for user role assignment information. IDM can connect the system through jdbc.
In IDM configuration guide, there is section for nonSAP system but it handles only MS AD and IBM NOTES system.
Any comment welcome.
regards,
dongsu
↧
SAP NW IDM Integration with Oracle Identity Manager
Hello SCN-IDM,
We are considering to replace CUA with NWIDM.
But company has oracle identity manager 11.1 for identity management. So I just want to integrate NWIDM with OIM. In this case I want to use OIM as the primary user data management system.
I checked the use cases and could not find suitable for our requirement.
Use Case 2 ( SAP Portal environment) may be possible.
Does IDM OIM connector exist ?
Thank You.
↧
Approval task for user creation
Hello Experts,
SAP IDM 7.2 SP9
Requirement: When user creates an Identity in UI, it should go thru approval process, If approved, then user should be written into IDM of entry type MX_PERSON.
What I have implemented: I created a entry type Z_TEMP_USER and corresponding attributes. Then created a approval task and linked to add event for temp entry type. So when user submit requests, user will be written in IDM as temp entry. It triggers the approval task which when approved executes the task to copy the data from temp attributes to MX_PERSON attributes.
Problem: I guess PVO will not be created for add events for entry types. So I'm not sure how to set approvers for the task. Please advise.
If anyone have implemented different approval process for user creation, please advice the strategy.
Kind regards,
Jai
↧
↧
Unable to find IDMCLMRESTAPIXX_X-XXXXXXXX.SCA file which is required for deploying Identity Management Developer Studio service
Hi,
I am Installing SAP IDM 8.0 following the SAP docs.
As per SAP docs, I need to install SAP IdM Developer studio after the Installation of IdM Core and Runtime.
Installation of SAP IdM Developer studio includes deploying the SAP Identity Management Developer Studio service (IDMCLMRESTAPIXX_X-XXXXXXXX.SCA) but I am unable to find this file in my download folder.
SAP Netweaver 7.4 AS JAVA is already installed on my server. I have downloaded SAP IDM 8.0 (51048991) from SMP which is of around 390 MB. Do I need to download SAP Identity Management Developer Studio service from SMP? If yes please share the URL.
Looking foward for your help.
Regards,
C Kumar
↧
When will IdM 8.0 Classroom Training be available?
Hello everyone,
Clients implementing SAP NetWeaver IdM 8.0 are already asking when official SAP 8.0 training will be available - This is a result of client resources who haven't seen 7.2 before, struggling to ramp up as we implement (and they will need to maintain the system going forward.)
Any information on when the classroom training is planned to be released would be helpful, thanks!
Brendan
↧
turn off attribute event triggers using a script
Hi,
We are looking at turning off attribute event triggers using a script.
The idea is to turn off the event trigger/s, add/modify/remove the attribute on users and then turn this trigger back on without having to use the Identiy Center.
Is this possible to do this using a script or a similar method?
Thanks,
Sean
↧
Update "Required approvals"
Hello Experts,
I am setting up approvals for user creation. I calculate approvers and set in PVO
The approvers list depends on user for whom the request is created.
Requirement: If I set 2 approver, then request should be approved if both approver approves. If I set 3 approver, then all 3 approver should approve.
But right now, the request goes to all approvers but its getting approved if either approves. I can see there is an option "Required approvals" but that is configured in task level. How can I change the required approval on the fly as per the approvers I set?
If this is not the way, then advice what options I have as per my requirement.
Kind regards,
Jai
↧
↧
IDM 8.0 Error when login into web IDM
Hi Friends,
I am facing new issue now, my idm working fine but suddenly I am getting this error on login /idm or /idm/admin web page.
Regards,
Mohinder Singh
↧
how to check who ran the job/task in sap idm 7.2
Hello experts,
Kindly provide your comments for the below queries.
How to check who ran the job?
How to find who have retried the failed assignments?
In the job log sometimes i see too many message truncated, cant display. Is there any way we can see the complete warnings or errors list in the job log?
Does the job logs would be stored in any path? how to check the old job logs info?
Thanks in advance
Regards,
Deva
↧
SAP IDM 8.0 SP1: Issue with Developer studio login
Hi All -
I am trying to login to IDM developer studio in Eclipse for the first time it was giving below error.
Login Failed: Unrecognized SSL Message
If I check the Eclipse Error log it was showing below error in the screenshot.
If you see the versions of the DevStudio Service on java server and DevStudio PlugIn in Eclipse:
As per my understanding version mismatch of 8.1.13 and 8.1.11 the error was showing up.
Now my question was how to match the either of the version to other version? Since we don't have choice to select the version to download.
So how do we match these two versions in order to login successfully.
Your help highly appreciated.
Thanks in advance,
↧