As part of configuring the SAP system, you should complete the following steps in this order:
NOTE:The following instructions are for SAP version 4.6C. If you are using a previous version of SAP, the configuration process is the same; however, the SAP interface will be different.
The sending and receiving systems must be defined for messaging. In order to distribute data between systems you must first define both the sending and receiving systems as unique logical systems.
For this particular solution, we recommend defining two logical systems. One logical system represents the driver and acts as the receiver system. The other logical system represents the SAP system and acts as the sender system. Because only one of these clients is used as a data source (that is, the client/logical system where SAP User data is stored and “actions” occur), there is no need to assign a client to the receiving logical system.
NOTE:Depending on your current SAP environment, you might not need to create a logical system. You might only need to modify an existing Distribution Model by adding the USERCLONE message type to a previously configured Model View. For more information, see Creating a Distribution Model.
It is important, however, that you follow SAP’s recommendations for logical systems and configuring your ALE network. The following instructions assume that you are creating new logical systems and a new model view.
In SAP, type transaction code BD54.
Click .
Type an easily identifiable name to represent the SAP sender system. SAP recommends the following format for logical systems representing R/3 clients: systemIDCLNTclient number (such as ADMCLNT100).
Type a description for the logical system (such as Central System for SAP User Distribution).
Add a second logical system name to represent the Identity Manager external receiver system (such as DRVCLNT100).
Type a description for the logical system (such as IDM User Management Integration).
Save your entries.
In SAP, type transaction code SCC4.
Click > > Change to switch from display to change mode.
Select the client from which you want User information distributed (such as 100).
Click > > .
In the Logical System field, browse to the sender logical system you want to assign to this client (such as ADMCLNT100).
Save your entry.
The distribution model contains essential information about message flow. The model view defines the systems that will communicate with each other and the messages that will flow between them. The distribution model forms the basis of distribution and controls it directly.
To create a distribution model:
Verify that you are logged on to the sending system/client.
In SAP, type transaction code BD64. Ensure that you are in Change mode (click > > .)
Click > > .
Type the short text to describe the distribution model (such as Client 100 Distribution to IDM).
Type the technical name for the model (such as SAP2IDM).
Accept the default Start and End dates or specify valid values. Click the check mark icon to save your entry.
Select the view you created, then click .
In the Sender/Client field, type the name of the sender logical system (such as ADMCLNT100).
In the Receiver/Client field, add the name of the receiver logical system (such as DRVCLNT100).
In the field, add the USER object name.
NOTE:Ensure that you add the USER object name with all capital letters.
In the field, add Clone.
Click the check mark icon to save the BAPI.
Select the SAP2IDM model view.
Click .
Define the sender (logical system ADMCLNT100).
Define the receiver (logical system DRVCLNT100).
In the field, add the UserCompany object name.
In the field, add Clone.
Click the check mark icon to save your BAPI entries.
Save the Distribution Model entries.
The port is the communication channel to which IDocs are sent. The port describes the technical link between the sending and receiving systems.
The driver can be configured to support a connection via a TRFC port or to consume IDocs distributed via a File port. The default driver configuration assumes that you use the TRFC port configuration.
NOTE:If you are distributing data to multiple drivers, each driver must have a unique RFC destination and program ID.
In SAP, type transaction code SM59.
Click the icon.
Name the RFC destinations (use the driver’s logical system name, for example, DRVCLNT100.)
Select as the connection type (for a TCP/IP connection.)
Add a description for the destination (such as JCO Server in IDM User Driver.)
Save your entry.
Select the option for or . Type the program ID to be used for the driver. In the default driver configuration, this value is set to.
(Conditional) If the SAP server is configured to use a Unicode database, complete the following steps:
Select the tab.
Select .
Save your entry.
NOTE:If you are distributing data to multiple drivers, each driver must have a unique TRFC port.
In SAP, type transaction code .
Select , then click the icon.
Select .
Type a port name (such as IDMPORT).
Type a description for the port definition (such as Port to IDM User Driver).
Select a version (such as IDoc record types SAP release 4.X)
Specify the RFC destination. This is the name of the RFC destination representing the driver (such as DRVCLNT100.)
Save your entries.
NOTE:If you are distributing data to multiple drivers, each driver must have a unique file port.
In SAP, type transaction code WE21.
Select , then click the icon.
Type a port name (such as IDMFILE).
Type a port description (such as File Port to IDM User Driver).
Select a version (such as SAP release 4.X).
Define the outbound file:
Select the physical directory. This is the directory where you want IDocs placed. You might need to create this directory.
Type the directory where the outbound files are written, for example: \\sapdev\nov\sys\global\sapndsconnector.
Type the function module. This names the IDoc file in a specific format. Use the following: EDI_PATH_CREATE_CLIENT_DOCNUM.
Save your changes.
NOTE:You do not need to configure the other three tabs for the port properties (outbound:trigger, inbound file, and status file).
The system automatically generates a partner profile or you can manually maintain the profile.
NOTE:If you are using an existing distribution model and partner profile, you do not need to automatically generate a partner profile. Instead, you can modify it to include the USERCLONE BAPI.
In SAP, type transaction code BD82.
Select the . This should be the Model View previously created in Creating a Distribution Model.
Ensure that the and option buttons are selected.
Click the icon.
NOTE:When the status screen appears, ignore any red error or warning messages related to the driver’s logical system.
The port definition might have been generated incorrectly. For your system to work properly, you might need to modify the port definition.
In SAP, type transaction code WE20.
Select .
Select your receiver logical system (such as DRVCLNT100).
Click the icon, then select message type .
Modify the receiver port so it is the or you created earlier (such as IDMPORT or IDMFILE).
Under , select to send IDocs immediately after they are created.
In the IDoc Type section, select the and the appropriate :
For SAP 4.5, select USERCLONE01
For SAP 4.6a, select USERCLONE02
For SAP 4.6c, select USERCLONE03
For SAP 6.10, select USERCLONE04
For SAP 6.20 or greater, select USERCLONE05
Save your entries.
NOTE:The following procedures are only necessary if you want to distribute company address data.
Click the icon, then select message type .
Modify the receiver port so it is the or you created earlier (such as IDMPORT or IDMFILE.)
(Conditional) If you are using a TRFC port, modify the packet size. Select Packet Size = 1.
Under , select to send IDocs immediately after they are created.
In the section, select and the appropriate . (For all SAP versions, select .)
Save your entries.
Central User Administration (CUA) is the process that activates the distribution model.
In SAP, type transaction code SCUA.
In the dialog box, select the distribution previously created (such as SAP2IDM).
Save your entry.
You might see a message stating “Unable to distribute the system landscape to system IDMDRV.” This is an informative message and is not an error or issue of concern.
On some versions of SAP, all systems in the distribution, including the IDM driver, must be accessible during this step. If a TRFC port is being used for the driver Publisher channel, the driver should be running to ensure connectivity and completion of the CUA configuration.
Users are client-independent. For each client that will be using the driver, a system user with CPIC access must be created.
In SAP, type transaction code SU01.
From , enter a username in the dialog box (such as IDM_CPIC), then click the icon.
Click the , then type data in the last name fields (Last_IDM).
Click the , then define the and set the user type to (Communication).
Click the tab, then add the. The driver must also have sufficient rights to perform required operations, which might include and depending on your company’s system security policy.
NOTE:We recommend using the most restrictive rights possible.
Click the tab. Add the of the sender system (such as ADMCLNT100). This enables the CPIC user to authenticate to the client system.
Click .
NOTE:Initially, you can create a dialog user to test your SAP system configuration. If there are processing problems, you can analyze the dialog user in the debugger. You should also log into the SAP system once to set this user’s password. After the system is tested and works properly, you should switch to a CPIC user for security measures.