2.0 Managing User Accounts

The extension for SAP environments provides multiple solutions that allow you to automate the management of user accounts in your SAP environment. These solutions automate the provisioning of user objects throughout SAP clients, CUA, NetWeaver^*, ERP systems, and GRC systems. These provisioning solutions use one or more of the Identity Manager drivers to automate the managing of users accounts.

In an SAP landscape, a user has multiple accounts in multiple systems that are not connected. For example, when a new finance clerk is hired in a company, he or she needs access to the SAP finance system and to the SAP Portal. Without the provisioning solutions, an SAP administrator creates the user in the SAP HR system, in the SAP client that is running the SAP Finance application, and in the SAP Portal.

The manual process takes considerable time, because it is likely that a different people create each user account. The manual process is error-prone. It can also be expensive, because new employees can’t work and be productive until they have access to the systems they need to do the job.

This solution explains how to take advantage of features in Identity Manager to simplify provisioning of user accounts. This solution uses dynamic groups and entitlements, and is based on the Roles Based Provisioning Module as the entitlement agent, as displayed in Figure 2-1.

The solution explains how to set up your environment so that a new user who is created as an active employee automatically receives the required accounts and resources.

Figure 2-1 Provisioning Solution with Multiple SAP Systems

Complete the following sections to implement the managing users solutions.