SAP Community - SAP Identity Management

Undefined Error in Job Variables

2023-11-07T14:54:22+01:00

I am facing an issue in a job, which was running fine till now but all of sudden the job is not able to send the csv file in a mail although the job execution is happening. The Job Constant like Email and Userid are in undefined error.

This is happening with specific job other job are able to send csv file.

Question about abap businessuite workflow

2023-12-06T19:04:48+01:00

Hello SAP IDM Community,

I hope this message finds you well. I am currently working on a task related to the 'connector.abap.businessuite' workflow, specifically within the 'AssignUserMembership' operation. I've observed that there is a 'SetModifyContext' under the 'destination' tab, where the attribute 'CHANGE_MODE' is set to 'U' by default. I am curious to understand the significance of this setting. Could anyone kindly shed some light on its meaning and implications?

change-mode.jpg

Additionally, in my comparison between 'abap businessuite' and 'connector.abap', I noticed that under the same 'AssignUserMembership' operation, 'connector.abap' lacks the 'SetModifyContext'. I'm interested to know if anyone has insights into why these two connectors have different workflows for the same operation.

connector.jpg

Your expertise and guidance on this matter would be greatly appreciated.

Thank you in advance for your assistance.

Regards,Shunji

How to lock and unlock users in SAP BTP?

2023-12-18T09:19:36+01:00

Hi,

Is it possible to lock and unlock users in SAP BTP more specifically in IAS tenant? We are already using SAP BTP and phase1 of the project is already live. We are now going live with phase 2 and We would like to lock users in BTP during the cutover activity.

I've looked at the SAP business accelerator hub and did not find any APIs which could be used for the above requirement. Is there any other options I may have missed?

Regards, Vijay

Connection SAP IDM to IPS (BTP)

2024-01-11T09:27:31+01:00

Hello everyone,

We want to connect SAP IDM to SAC cloud systems in this case .

For this we think to go through a construction with IPS.

Someone will tell me that it is the best method to connect IDM to BTP and IPS and give me the procedure, please?

Sincerely,

Michael

SAP IDM custom Job trigger / Schedule question

2024-01-31T23:26:07.262000+01:00

Hi All experts!

Can we set up a job to trigger when an attribute is modified in IDM? While I know we can create a custom job with a scheduled frequency, such as every hour, I'm specifically interested in having the script run automatically just once when an IDM attribute is modified. I've experimented with 'On demand', but it seems the job requires manual triggering.

Can we establish a schedule that, once selected, will execute once an then cease? If yes, how to setup the MC_SCHE_RULE table and MC_SCHED_ITEM?

Any insights or suggestions on this matter would be appreciated.

Thank you.

How to read Security audit Logs (SM19/SM20) using FM RSAU_READ_LOG?

2024-02-01T13:27:19.641000+01:00

Hello Everyone,

I would like to read the security audit logs generated for the user during a specified time using the Function Module RASU_READ_LOG, but facing challenges in providing the required input.

Not understanding what input to be passed and which are required, tried a lot but the results returning are empty. I was able to fetch records using another FM RSAU_API_GET_LOG_DATA, but cannot use this as the FM is not remote/RFC enabled.

Can someone kindly let me know or share some documentation related to this FM RASU_READ_LOG about expected inputs.

IAS Custom password policy

2024-02-04T14:14:51.522000+01:00

When I try to create a custom policy to change the password length, maximum is not changeable. Does any one know if it's a bug or not possible?

Thanks,

Madhu

Role Request getting auto reconcile

2024-02-08T15:04:44.621000+01:00

Hi IDM Gurus,

There is an issue, a user had requested a role last year it got approved but Status was failed, Operation Text was "Not Assigned".
The role request got auto reconciled again same approval flow happened but still not assigned.
Even after approving, the role is not getting assigned and getting reconciled again and again.

Could you please provide assistance to find out the cause of this issue.
Your prompt guidance is highly appreciated.

Thanks & Regards,
Laxmi

Some employees are not being synced to IAS/IPS from SuccessFactors, not included on skip/error log

2024-02-15T23:56:39.051000+01:00

Hello,

Some employees are not being synced to IAS/IPS and do not appear on the error or skip logs. There are no filters set to exclude these users, their data in SuccessFactors is unique, and we do not have IAS for ONB enabled. Has anyone encountered this issue? If so, what was the fix? Any insight on what may be the cause is greatly appreciated!

Thank you,

Sydnie

loginmethod PWD and SSO in SCIM API version 2

2024-02-26T08:52:27.681000+01:00

Hi Eperts,

We had below code for loginmethod in SCIM APi version 1:

"targetPath": "$.userType",
"condition": "$.loginMethod == 'PWD'",
"constant": "partner"
},
{
"targetPath": "$.userType",
"condition": "$.loginMethod == 'SSO'",
"constant": "employee"
},
{
"targetPath": "$.userType",
"condition": "$.loginMethod == ''",
"constant": "employee"

How to add the loginmethod like this in SCIM API version 2? Please advise.

Thanks,

IAS as proxy

2024-03-03T17:43:16.434000+01:00

Hello experts,

I have configured SAP IAS as a proxy to Azure AD.

The groups from Azure AD (Groups Claim) are mapped to SAP BTP under "Role Collections" -> "User Groups"->Object ID from Azure Group.

However, how can I map or synchronize the groups that I have created in IAS to SAP BTP?

Is it to recommended to map the groups from Azure to IAS ?

Thank you very much.

User creation failed due to validation error

2024-03-12T12:15:32.524000+01:00

Hello All,

While creating user from IDM to Domino for 3-4 users we are getting "Failed due to validation error".
Domino Team said its issue from IDM end.

Please guide me what can be the possible reason for getting this error and how can I resolve it.

Thanks & Regards,
Laxmi

SAP IDM/SAC Support for SAC roles and TEAM liaison in IDM

2024-03-14T16:19:50.917000+01:00

Hello,

We just connected IDM to SAC via IPS.

We are able to create users in ISC from IDM and assign them TEAMS.

However, when assigning a user to a TEAM, this removes the connection between the TEAM and its SAC roles.

I read that it was necessary in the api to return the roles of the Team but we did not find a solution to recover this and how to send it back to SAC.

https://www.ibsolution.com/academy/blog_en/sap-cyber-security/seven-challenges-in-connecting-sac-to-sap-ips

Has anyone ever encountered this problem?

if yes what was your solution?

Regards

Michael

Authentication error while connecting to Domino from IDM

2024-03-19T12:09:33.292000+01:00

Hi All,

Needed your guidance for below two case.

--> I'm getting below error while connecting to Domino from IDM Test env.

(LDAP error: The supplied credential is invalid)
Explanation: [LDAP: error code 49 - Failed, invalid credentials for "UserID"] - javax.naming.AuthenticationException: [LDAP: error code 49 - Failed, invalid credentials for "UserID"]

The password is correct in IDM, in logs also its fetching correct, I can able to access it via Jxplorer and can able to login into Domino which is installed in IDM Test Env with same credentials but still getting error while connecting by IDM workflow.

--> Getting "Restricted Operation on server" error while performing delete operation from IDM to Domino. Creation, Modification is working but deletion is troughing error.

As per Domino Team they have provided manager access to IDM Technical userID that has required access to perform this action. Still Can't able to find where the actual issue is.

Could you please provide assistance what can be possible mistake there can be in IDM/ Domino configuration or resolution for the issue.

Thanks & Regards,
Laxmi

Extract Data from File fetched from UI

2024-04-10T18:28:40.870000+02:00

Hi All,

From UI I can able to fetch the file and store it into a folder but in next step I'm facing little issue to fetch file from folder.
Using From ASCII pass I can achieve it but I need to make it dynamic so that in next action task it takes the file from same place where it had store in first action task.
I tried storing the path in job variable in action task 1 but couldn't able to fetch this variable data in action task 2.

Please assist.

Thanks & Regards,
Laxmi

Shadow user in BTP

2024-04-18T11:36:17.711000+02:00

Hello,

What are the possible methods for automatic user provisioning from SAP IAS to SAP BTP while "Create Shadow Users During Logon" option in SAP BTP is deactivated ?

Or do users need to be created manually in SAP BTP in that case?

Many thanks for every tip ?

Best Regards

what is the standard page to display employee Username in SuccessFactors : IAS or Spotlight?

2024-04-22T11:31:01.611000+02:00

with the latest release of SuccessFactors H1 2024 (B2405) , we no longer able to display username in SuccessFactors new feature : Spotlight view & spotlight preview.

what is the expected "latest experience" page to display Employee username ?

is it SuccessFactors Public Profile view ?

is it IAS Employee Profile view XXX.ondemand.com/ui/protected/profilemanagement ?

For your information:

name format is enabled

Hide Username in the UI is Disabled

i’ve only found a sap note that described the enabled value :

If this feature is enabled, username won’t be displayed on the Global Header and the employee quickcard. You cannot run a username search or see username in the search results in the areas that have adopted People Search, which include the Global Header, Org Chart, People Profile, Change Audit Report, and others.

putNextEntry failed storing SPML.SAPUSER

2024-04-23T07:08:19.985000+02:00

Hi All,

I'm getting "putNextEntry failed storing SPML.SAPUSER" Error while reprocessing the user failed privilege.
User account attribute is correctly set in IDM and as mentioned in
https://community.sap.com/t5/technology-q-a/unable-to-reprocess-the-failed-role/qaq-p/11322380#feedback-error

the privilege is not orphan, could you please help where I'm missing to check.

Thanks & Regards,
Laxmi

How to enable activation email in IAS for manual import from S/4HANA Public Cloud?

2024-05-02T19:22:07.907000+02:00

Hello IAM/IAS Gurus,

How can I enable the activation email to be sent to each newly created user (via a manual import) in IAS Tenant?

I use the import job to create users in bulk in IAS. The import file is created from the backend S/4HANA public cloud tenant.

While the users are getting created in the IAS tenant, no activation email is sent to them.

As a workaround, I am manually initiating an activation email in IAS. This process is time-consuming and does not send the link for the backend S/4HANA public cloud tenant.

How can I ensure that when each time a mass user import is performed, the newly created users created will get an activation email, along with the url/link to the specific back-end S/4HANA public cloud tenant from which the import file was created? The underlined requirement is key, as the import file could be created from multiple S/4HANA public tenants (eg: Starter, DEV or TEST).

Thank you in advance and best regards,

Shaji

Problem in SAP IDM while running SFSF Delta load using last_modified_on filter

2024-05-07T16:05:58.397000+02:00

Hi Gurus,

We have IDM 8 SP4 version installed and want to integrate SuccessFactor(SF) Employee Central(EC) module where we are using CompoundEmployee SOAP API to retrieve user data. Good part is, while we do a full run(initial load), we are able to read users data from SF EC however we also have to setup delta read from SF EC.

While I was going thru many blogs and articles on CompoundEmployee, I found we should use last_modified_on filter/parameter from the last successful run that should give us information but unfortunately I'm unable to retrieve info. I have followed SAP Note - https://me.sap.com/notes/2784576/E

Here are the screenshot from IDM -

Table Entry of same user when ran full sync which shows that changes was made within 3 months to user's profile -

Regards,

Ravi Paul