Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Identity Management - Business Extensions Service (formerly known as IDM RDS)

normann
Advisor
Advisor
‎03-24-2021 1:27 PM
We are happy to announce - the publication of the content of the former IDM RDS, now released as IDM Business Extensions Service published and maintained by SAP Services in the GitHub SAP Samples Repository.

The aim of the service is a collection of SAP Best Practices from the SAP Services projects, bundled into one package which is easy to be consumed by our customers and partners.

SAP IDM Business Extensions Service is also offered as a Professional Service by SAP Services, whereby you will not only gain from the content of the service, but also get professional guidance throughout your implementation phase and a direct support channel into the development and maintenance group of the service. More information about the full serviced can be found in Gunnars Blog Who can help me with Cybersecurity & Compliance?.

The content of the service consists of essential enhancements and business functionality for SAP Identity Management such as:

  • Mass Administration Functionality: Upload and download functionalities for identities, Business Roles and assignments, value helps and more, with enhanced auditing capabilities.

  • Enhanced Forms: Copy User, Password Reset per Repository, Mass Assignment Form and suchlike.

  • System specific attributes: Increasing usability by enabling IdM to support features like locking a user on a single repository, password reset per repository and much more.

  • Enhanced SCIM connector package with an enhanced Java-SCIM connector, allowing you to connect any SCIM repository directly, without the need for SAP Cloud Identity Services IPS in between.

  • Reporting: Predefined reports, which can be used as templates for custom reports.

  • Predefined Approval Workflows, which can be used as templates for your workflow implementation.

  • Rule Engine: Allowing mass maintenance of dynamic groups.

  • HCM Concurrent Employment support.

  • Lots of features for connectors like ABAP, Java, AD, SFSF, HANA and SCIM like Reconciliation Reports, Full Provisioning Jobs and suchlike.

  • Scripts, that help you minimizing efforts and providing templates for your enhancements and modifications, like scripts to calculate dates, zip files and suchlike.

  • And additional entries like Configuration Items, which allows storage of multivalue configuration in a constant like manner and Requests, which hold information like who has uploaded which mass administration file.


Further information and the service content itself can be found on GitHub SAP Samples Repository.

The content of the service is released under the Apache 2.0 license.

Additional Support for  implementation or modification of the service content can be requested via mail to security.consulting@sap.com.

Please do not open an incident to support component BC-IAM-IDM for issues encountered within the content of the service.
9 Comments
former_member684824
Explorer
‎03-24-2021 3:05 PM
0 Kudos
Thanks Norman for sharing this!

 

 
christoph_reckers3
Explorer
‎05-10-2021 6:10 AM
0 Kudos
Good Job, SAP Services.

The "ABAP Connection Test" of the NEW IDM Business Extensions Service is now expressive (working) also for DIRECT CONNECTIONS. The OLD RDS Version was based on JavaScript/Java based JCo Code there the R3Name was not evaluated correctly. The result was, that the als connection tests failed for DIRECT CONNECTIONS also when the "Standard Connection Pass" (Source/Destination based) was working.

The standard handling with the R3Name (AS HOST / MS HOST) is descibed in the following note:

https://launchpad.support.sap.com/#/notes/2889789

See also the following links for details.
https://help.sap.com/viewer/b865ed651e414196b39f8922db2122c7/Cloud/en-US/f8fac995b0144a0b8ec0801b8f7...
normann
Advisor
Advisor
‎05-10-2021 10:50 AM
0 Kudos
Hi Christoph,

thanks for the complement. We are constantly trying to improve. Feel free to open Issues on Git Hub if you have ideas or find other issues like this one.

Regards

Norman
Sankar_Aravind
Participant
‎09-18-2022 5:48 PM
0 Kudos
Hi Norman,

Good day.

I am checking the blog and really nice of the details and looking to explore.

Just a question, will this mass Functionalities mentioned  contains  one user to multiple privilege assignment functionality ?

Because i have seen some requirements where clients looks for privileges assignments in some conditions but not roles. So adding privileges to users one by one is a tedious process.

For now, we have done customization. However just wanted to check this package includes such functionality ?

 

 

Thank you,

Aravind.

 
normann
Advisor
Advisor
‎09-19-2022 10:51 AM
0 Kudos
Hi Aravind,

yes, that is possible. We have

  • A form for multiple user to privilege or role assignments (you can select multiple users and assign multiple privileges or roles) and

  • Mass upload job for user to privilege or role assignment


Regards

Norman
andreasoester
Explorer
‎04-07-2023 8:43 AM
0 Kudos
Hi Norman!

Great toolset and thanks a lot for this! It really helps to setup the IdM with a lot of useful features!

We have system specific printer settings. When I configure the system specific attributes in the change form the changed values are not provisioned. I tried to set the event handler SAPC_Handle_System_Specific_Attributes_Mod to the system specific attributes, but this process is to designed only for putting them on the global value.

Do you have an idea on how to achieve a provisioning when changing a system specific value?

Thanks and regards

Andreas

 
normann
Advisor
Advisor
‎04-08-2023 11:31 AM
0 Kudos
Hi Andreas,

is this specific attribute (the one you modify in the form) part of the MX_MODIFYTASK_ATTR on the system privilege (PRIV:SYSTEM:<repname>)?

 

Cheers

Norman
andreasoester
Explorer
‎04-11-2023 2:33 PM
0 Kudos
Hi Norman,

you are right, the attribute is missing in the MX_MODIFYTASK_ATTR on the system privilege. I was not aware of this function. When I check the attribute values a lot of the system specific attributes are already in the list but not all the system specific attributes are in the list. When I try to add my attribute that is missing, it says the attribute does not exist. I tried to add it in the syntax <attributeID>/<attributeName> and <attributeName> without success. Do you have an idea on this error as well?

Can you tell why some system specific attributes are incldued by default and some not? Are those less relevant?

Thanks and regards!
Andreas
normann
Advisor
Advisor
‎04-11-2023 6:10 PM
Hi Andreas,

what is added by default you can find in the initial load job, there is a pass to set those attributes (Update System Privilege trigger attributes).

In order to add the attribute you can just use the form to modify privileges of the BE package. There is a tab "Tasks" where you can add the attribute.

Thanks

Norman
Labels in this area
Popular Blog Posts