SAP NetWeaver Identity Management Identity Center Tutorial ...· SAP NetWeaver Identity Management

  • View
    222

  • Download
    1

Embed Size (px)

Text of SAP NetWeaver Identity Management Identity Center Tutorial ...· SAP NetWeaver Identity Management

  • SAP NetWeaver Identity Management

    Identity Center

    Tutorial - Provisioning

    Version 7.1 Rev 4

  • Copyright 2010 SAP AG. All rights reserved.

    No part of this publication may be reproduced or transmitted in any form or for any purpose without the expresspermission of SAP AG. The information contained herein may be changed without prior notice.

    Some software products marketed by SAP AG and its distributors contain proprietary software components of othersoftware vendors.

    Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.

    IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10,System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400,S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5,POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect,RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli andInformix are trademarks or registered trademarks of IBM Corporation.

    Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.

    Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of AdobeSystems Incorporated in the United States and/or other countries.

    Oracle is a registered trademark of Oracle Corporation.

    UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.

    Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registeredtrademarks of Citrix Systems, Inc.

    HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C, World Wide Web Consortium,Massachusetts Institute of Technology.

    Java is a registered trademark of Sun Microsystems, Inc.

    JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented andimplemented by Netscape.

    SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP Business ByDesign, and other SAP products andservices mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG inGermany and other countries.

    Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, WebIntelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respectivelogos are trademarks or registered trademarks of Business Objects S.A. in the United States and in other countries.Business Objects is an SAP company.

    All other product and service names mentioned are the trademarks of their respective companies. Data contained in thisdocument serves informational purposes only. National product specifications may vary.

    These materials are subject to change without notice. These materials are provided by SAP AG and its affiliatedcompanies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAPGroup shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Groupproducts and services are those that are set forth in the express warranty statements accompanying such products andservices, if any. Nothing herein should be construed as constituting an additional warranty.

  • i

    Copyright 2010 SAP AG. All rights reserved.

    Preface

    The productSAP NetWeaver Identity Management Identity Center is the primary component for identitymanagement. The Identity Center includes functions for identity provisioning, workflow,password management, logging and reporting. It uses a centralized repository, called theidentity store, to provide a uniformed view of the data, regardless of the data's original source.

    The readerThis manual is written for people who need an introduction to the provisioning in the IdentityCenter.

    PrerequisitesTo get the most benefit from this manual, you should have the following knowledge:

    Knowledge of LDAP.

    Knowledge of Microsoft SQL Server or Oracle.

    General knowledge about the Identity Center and job definitions, for instance as describedin the SAP NetWeaver Identity Management Identity Center Tutorial: Basic synchronizationand SAP NetWeaver Identity Management Identity Center Initial configuration.

    The following software is required:

    SAP NetWeaver Identity Management Identity Center 7.1 SP2, or newer, correctly installedand licensed.

    SAP NetWeaver Identity Management User Interface must be installed and configured forthis Identity Center and identity store (according to SAP NetWeaver Identity ManagementIdentity Center: Installing the Identity Management User Interface).

    A directory server with the external object classes top, person and inetOrgPerson (asdefined in RFC 2798). The credentials necessary to add, modify and delete entries in thedirectory server are also required.

    An Identity Center where at least one dispatcher has been configured and is running (seeSAP NetWeaver Identity Management Identity Center Initial configuration).

    An LDAP client to view the contents of the directory.

    The manualThis tutorial consists of eleven (11) sections containing information about how you build a taskstructure and run a provisioning system.

    This tutorial is not a substitution for training.

    Person names used in this tutorial are fictional.

  • ii

    Copyright 2010 SAP AG. All rights reserved.

    Related documentsYou can find useful information in the following documents:

    SAP NetWeaver Identity Management Identity Center: Installation overview

    SAP NetWeaver Identity Management Identity Center: Installing the Identity ManagementUser Interface

    SAP NetWeaver Identity Management Identity Center Initial configuration

    SAP NetWeaver Identity Management Identity Center Tutorial: Basic synchronization

    For information on SAP NetWeaver see http://help.sap.com.

    http://help.sap.com/
  • iii

    Copyright 2010 SAP AG. All rights reserved.

    Table of contentsIntroduction .................................................................................................................................. 1

    The repositories .................................................................................................................................... 1The data flow and task structure ............................................................................................................ 2Preparations .......................................................................................................................................... 3Section overview ................................................................................................................................ 10

    Section 1: Building the identity store ......................................................................................... 11Defining a repository definition for the hr.csv file ............................................................................... 11Disabling automatic attribute creation ................................................................................................. 14Reading the HR data into the identity store.......................................................................................... 15Verifying the contents of the identity store .......................................................................................... 20Enabling the delta ............................................................................................................................... 22

    Section 2: Preparing the repositories ......................................................................................... 24Adding a repository definition for the LDAP server ............................................................................ 24Defining additional repository constants.............................................................................................. 27Creating the organization .................................................................................................................... 28Adding a repository definition for the file system folder ...................................................................... 31

    Section 3: Adding the create and update LDAP user tasks ....................................................... 33Creating a folder for the LDAP tasks................................................................................................... 33Adding task: #LDAP_AddEntry.......................................................................................................... 34Adding link to existing task: Change entry reference and attribute value on PVO ................................ 36Adding task: Create LDAP entry ......................................................................................................... 37Adding task: #LDAP_UpdateEntry ..................................................................................................... 41

    Section 4: Adding the PRIV:LDAP privilege ............................................................................. 44Creating the PRIV:LDAP privilege ..................................................................................................... 44Updating the repository definition Tutorial-LDAP .............................................................................. 45Hiding the "Provisioning folder" ......................................................................................................... 46Creating a folder for User Interface tasks ..................................