7.2 Using iManager to Create and Configure the Driver

The following sections provide steps for using iManager to create and configure a new SAP User Management driver. For information about using Designer to accomplish these tasks, see Section 7.1, Using Designer to Create and Configure the Driver.

7.2.1 Using iManager to Import the Driver Configuration File

Importing the SAP User Management driver configuration file creates the driver in the Identity Vault and adds the policies needed to make the driver work properly.

  1. In iManager, click Driver icon to display the Identity Manager Administration page.

  2. In the Administration list, click Utilities > Import Configuration to launch the Import Configuration Wizard.

  3. Use the following information to complete the wizard and create the driver.

    Prompt

    Description

    Where do you want to place the imported configuration?

    You can add the driver to an existing driver set, or you can create a new driver set and add the driver to the new set. If you choose to create a new driver set, you are prompted to specify the name, context, and server for the driver set.

    Import a configuration into this driver set

    Use the default option, Import a configuration from the server (.XML file).

    In the Show field, select Identity Manager 3.6 configurations.

    In the Configurations field, select the SAPUser-JCo3-CMP-IDM3_6_0-V2.xml file.

    Driver name

    Specify a name that is unique within the driver set.

    System ID

    Specify the SAP system ID of the SAP Application Server.

    SAP System Number

    Specify the SAP system number on the SAP Application Server. This is the System Number in the SAP logon properties.

    SAP User Client Number

    Specify the client number that is used on the SAP Application Server. This is the Client field in the SAP logon screen.

    Publisher IDoc Directory

    Specify the file system location where the SAP User IDoc files are placed by the SAP ALE system (for a file port) or by the driver (for a TRFC port).

    Use User Account Entitlement

    Select True if you have entitlements enabled in your environment. Select False if entitlements are not enabled. The SAP User Management driver contains preconfigured entitlements. For more information, see Section 8.0, Implementing the Preconfigured Entitlements.

    Enable Account Tracking

    Select True to enable Account Tracking, which is a feature of the Novell Compliance Management Platform. For more information, see the Identity Manager 3.6.1 Driver for Sentinel 6.1 and the Identity Vault Collector Implementation Guide.

    Enable Role Mapping

    Select Yes to enable the driver to work with the Role Mapping Administrator. For more information, see the Identity Manager Role Mapping Administrator 1.0 Installation and Configuration Guide.

    User Container

    Specify the container where the users are stored. Use the slash format. The driver wizard automatically converts a DN in the dot format to the slash format.

    If you are using a flat placement rule, this is the container where the users are placed. If you are using a mirrored placement rule, this is the root container.

    Driver is Local/Remote

    Select whether the driver is running locally or is using the Remote Loader. For more information, see the Identity Manager 3.6.1 Remote Loader Guide.

    SAP User ID

    Specify the ID of the user the driver uses for SAP Logon. This is the User field in the SAP logon screen.

    SAP User Password

    Specify the password the driver users for SAP Logon. This is the Password field in the SAP logon screen.

    SAP Application Server

    Specify the hostname or IP address of the appropriate SAP Application Server. In the SAP logon properties it is referred to as the Application Server.

    Define Security Equivalences

    The driver requires rights to objects within the Identity Vault. The Admin user object is most often used to supply these rights. However, you might want to create a DriversUser (for example) and assign security equivalence to that user. Whatever rights that the driver needs to have on the server, the DriversUser object must have the same security rights.

    Exclude Administrative Roles

    You should exclude any administrative User objects (for example, Admin and DriversUser) from synchronization.

    When you finish providing the information required by the wizard, a Summary page similar to the following is displayed.

    Summary page

    At this point, the driver is created from the basic configuration file. To ensure that the driver works the way you want it to for your environment, you must review and modify (if necessary) the driver’s default configuration settings.

  4. To modify the default configuration settings, click the linked driver name, then continue with the next section, Using iManager to Configure the Driver Settings.

    or

    To skip the configuration settings at this time, click Finish. When you are ready to configure the settings, continue with the next section, Using iManager to Configure the Driver Settings.

    WARNING:Do not click Cancel on the Summary page. This removes the driver from the Identity Vault and results in the loss of your work.

7.2.2 Using iManager to Configure the Driver Settings

The information specified during the creation of the driver is the minimum information required to import the driver. However, the base configuration might not meet your needs.

  • You might need to change whether the driver is running locally or remotely.

  • You might need to change whether the driver is using entitlements.

To configure the settings:

  1. Make sure the Modify Object page for the SAP User Management driver is displayed in iManager. If it is not:

    1. In iManager, click Summary page to display the Identity Manager Administration page.

    2. Click Identity Manager Overview.

    3. Browse to and select the driver set object that contains the new SAP User Management driver.

    4. Click the driver set name to access the Driver Set Overview page.

    5. Click the upper right corner of the driver, then click Edit properties.

      This displays the properties page of the driver.

  2. Review the settings for the driver parameters, global configuration values, or engine control values. The configuration settings are explained in Section A.0, Driver Properties.

  3. After modifying the settings, click OK to save the settings and close the Modify Object page.

You do not need to deploy the driver because iManager is live tool. It works directly with the Identity Vault.

7.2.3 Using iManager to Start the Driver

When a driver is created, you must start the driver. Identity Manager is an event-driven system, so after the driver is started, it processes events as they occur.

To start the driver after the additional configuration is completed:

  1. In iManager, click Summary page to display the Identity Manager Administration page.

  2. Click Identity Manager Overview.

  3. Browse to and select the driver object that contains the SAP User Management driver you want to start.

  4. Click the driver set name to access the Driver Set Overview page.

  5. Click the upper right corner of the driver, then click Start driver.

For information about management tasks with the driver, see Section 9.0, Managing the Driver.