When considering an identity management solution for your business, it can be difficult to figure out what your options are. This book teaches you everything you need to know to understand what SAP NetWeaver IdM is, what it can do for your business, and whether it is the right fit for you. You’ll learn everything from functionality and integration to project management issues and scenarios.

Business Scenarios
Learn how IdM can help your business, including complying with legal regulations, minimizing risk, and reducing cost through automation.

Overview of SAP NetWeaver
Master SAP NetWeaver’s technical platform by understanding the components needed for installing and operating SAP NetWeaver IdM.

SAP NetWeaver IdM Architecture
Explore the underlying architecture of SAP NetWeaver IdM to help you manage identities and their authorizations in SAP and non-SAP system landscapes.

Successful Implementation in Your Business
Discover how to successfully implement a project, and avoid organizational pitfalls and overly complex processes.

Project Procedures and Case Studies
Find expert advice and two extensive real-life case studies that illustrate real-world challenges, best practices, and success strategies.

Highlights

· Identity Center and SAP Virtual Directory Server
· Data Modeling
· Data Synchronization
· Provisioning
· Business Suite Integration
· Monitoring
· Reporting
· Challenges in IdM Projects
· Organizational Pitfalls
· Complexity Risks
· Technical Difficulties

The Authors

Dr. Peter Gergen is Presales Specialist for SAP NetWeaver IdM at SAP. Loren Heilig is CEO and founder of IBSolution GmbH and is responsible for consulting with regard to SAP NetWeaver IdM, among other things. Andreas Müller works at BT (Germany) GmbH and consults customers in their identity management projects.

Table of Contents

1 ... Introduction ... 13
1.1 ... Overview and Classification ... 14
1.2 ... Project Procedure Methods and Case Scenarios ... 16

2 ... IdM in Enterprises ... 19
2.1 ... Reasons for Implementing IdM ... 21
2.1.1 ... Compliance with the Law and External Audits ... 21
2.1.2 ... Reducing Security Risks ... 22
2.1.3 ... Reducing Costs through Automation and Process Optimization ... 25
2.2 ... Lifecycle of an Identity in the Enterprise ... 27
2.3 ... Collective Accounts and Prioritized Accounts ... 31
2.4 ... Assigning System Authorizations ... 32
2.5 ... IdM Solutions ... 37
2.5.1 ... IdM Requirements ... 38
2.5.2 ... Services of an IdM Solution ... 39
2.5.3 ... Distinguishing IdM from System Administration ... 50
2.5.4 ... Organizational Integration of IdM ... 51
2.6 ... Aspects of Project Planning ... 52
2.6.1 ... Approach Models ... 53
2.6.2 ... Target Architecture Aspects ... 55
2.6.3 ... Operating Concept ... 56
2.7 ... Summary ... 59

3 ... SAP NetWeaver IdM in the Context of SAP NetWeaver ... 61
3.1 ... From SAP Basis to SAP NetWeaver ... 62
3.2 ... Managing Identities in SAP NetWeaver ... 65
3.3 ... SAP NetWeaver AS Java ... 65
3.4 ... UME ... 66
3.5 ... SAP NetWeaver Administrator ... 67
3.6 ... SAP NetWeaver Portal ... 69
3.7 ... CUA ... 70
3.8 ... SAP NetWeaver PI ... 71
3.8.1 ... SLD ... 72
3.8.2 ... Enterprise Services Repository ... 72
3.8.3 ... Enterprise Services Directory ... 72
3.9 ... SAP ERP HCM ... 73
3.9.1 ... Personnel Management ... 73
3.9.2 ... Organizational Management ... 74
3.10 ... Summary ... 74

4 ... Overview of SAP NetWeaver IdM ... 75
4.1 ... History ... 75
4.2 ... Architecture ... 78
4.2.1 ... IC ... 78
4.2.2 ... SAP VDS ... 85
4.2.3 ... Overall Architecture — IC and SAP VDS ... 86
4.3 ... Data and Role Model ... 87
4.3.1 ... Data and Role Model in the Identity Store ... 89
4.3.2 ... Data Modeling and Workflows ... 93
4.3.3 ... Data Modeling and Reporting ... 93
4.4 ... Data Synchronization and Provisioning ... 94
4.4.1 ... Principles of Data Synchronization ... 94
4.4.2 ... Source and Target Systems ... 96
4.4.3 ... Technical Adapters ... 97
4.4.4 ... Provisioning Logic and Workflows ... 99
4.4.5 ... Provisioning Content ... 101
4.4.6 ... Password Management ... 101
4.5 ... Additional Integration Topics ... 103
4.5.1 ... Business Suite Integration ... 103
4.5.2 ... Integration with SAP BusinessObjects Access Control ... 105
4.5.3 ... Middleware for Exchanging Data ... 107
4.5.4 ... UI Integration ... 108
4.6 ... Monitoring ... 109
4.7 ... Reporting ... 111

5 ... Tips and Tricks in IdM Projects ... 113
5.1 ... Organizational Pitfalls ... 115
5.1.1 ... Multitude of Participants and People Concerned ... 115
5.1.2 ... Goal Conflicts ... 120
5.1.3 ... Personal Resistances ... 122
5.1.4 ... Organizationally Justified Resistances ... 125
5.1.5 ... Lacking Organizational Maturity ... 128
5.2 ... Complexity Risks ... 129
5.2.1 ... Poor Definition of Concepts ... 129
5.2.2 ... Dynamic Environment ... 130
5.2.3 ... Unclear Definition of the Project Scope ... 133
5.2.4 ... Many Interfaces ... 134
5.2.5 ... Complex Processes ... 136
5.3 ... Summary ... 138

6 ... IdM at Industry Inc ... 139
6.1 ... Initial Situation ... 140
6.2 ... System Landscape ... 144
6.2.1 ... SAP Environment ... 145
6.2.2 ... Windows Environment ... 147
6.3 ... Requirements ... 148
6.3.1 ... Master Data ... 149
6.3.2 ... Processes and Request Management ... 149
6.3.3 ... Management of Authorizations ... 150
6.3.4 ... Reporting ... 151
6.3.5 ... Provisioning ... 151
6.3.6 ... Authentication/SSO ... 151
6.4 ... Challenges ... 152
6.5 ... Integrated Project Approach ... 154
6.5.1 ... Roadmap and Phase Approach ... 154
6.5.2 ... Kick-Off Workshop ... 158
6.5.3 ... Installation of a Two-Level System Landscape ... 159
6.5.4 ... Detailing the Technical Concept ... 160
6.5.5 ... Preliminary Consideration of the Target Process for the Creation of New Identities ... 160
6.5.6 ... Preparations for Data Consolidation ... 162
6.5.7 ... Planned Use of OM in SAP ERP HCM ... 164
6.5.8 ... Creating the Detailed Design ... 165
6.6 ... Implementing the IdM Solution ... 165
6.6.1 ... Phase 1: Creating a Consistent Data Basis ... 166
6.6.2 ... Phase 2: Self-Services and Approval Processes ... 175
6.7 ... Summary and Outlook ... 184
6.7.1 ... Phase 3: Complete Integration of Authorization Management ... 186
6.7.2 ... Phase 4: Integration of SAP BusinessObjects Access Control ... 188
6.8 ... Evaluation of the Implementation of SAP NetWeaver IdM ... 188

7 ... IdM at Mechatronic ... 191
7.1 ... Development of IT at Mechatronic ... 193
7.2 ... Project Initiation ... 198
7.3 ... Project Preparations ... 201
7.4 ... Getting Started — Milestone 1.0 ... 205
7.4.1 ... Design Phase ... 205
7.4.2 ... Implementation Phase ... 207
7.4.3 ... Stabilization Phase ... 212
7.5 ... Further Integrations — Milestone 2.0 ... 213
7.5.1 ... Requirements of User Departments after Milestone 1.0 ... 214
7.5.2 ... Implementation of Milestone 2.0 ... 217
7.5.3 ... Stabilization Phase ... 220
7.6 ... Intermediate Phase — Milestone 2.1 ... 221
7.6.1 ... Recording of Follow-Up Requirements ... 222
7.6.2 ... Implementation of Milestone 2.1 ... 224
7.6.3 ... Stabilization ... 228
7.7 ... Intermediate Phase — Milestone 2.2 ... 231
7.7.1 ... Implementation of Milestone 2.2 ... 232
7.7.2 ... Stabilization Phase ... 238
7.8 ... Project End with Milestone 3 ... 239
7.9 ... Summary ... 240

8 ... Basic Concepts of SAP NetWeaver IdM ... 243
8.1 ... Data Storage ... 243
8.1.1 ... IC Data Model ... 244
8.1.2 ... Global Configuration: Repositories, Constants, and Variables ... 251
8.2 ... Roles and Privileges ... 253
8.2.1 ... Privileges in IC ... 253
8.2.2 ... Roles ... 255
8.2.3 ... Setting Up Role Hierarchies ... 259
8.2.4 ... Changing Roles or Role Hierarchies ... 261
8.3 ... Rule-Based Role Assignment ... 261
8.4 ... Tasks and Processes ... 264
8.4.1 ... Passes ... 267
8.4.2 ... Scripting ... 270
8.4.3 ... Jobs ... 270
8.4.4 ... Tasks ... 271
8.4.5 ... Scheduling of Standard Jobs ... 274
8.5 ... Summary ... 275

9 ... Summary and Outlook ... 277
9.1 ... Current Status ... 277
9.1.1 ... Identity Center (IC) ... 278
9.1.2 ... SAP Virtual Directory Server (VDS) ... 278
9.1.3 ... SAP NetWeaver IdM UI ... 279
9.1.4 ... SAP NetWeaver IdM and SAP BusinessObjects Access Control ... 279
9.1.5 ... SAP NetWeaver IdM and SAP BusinessObjects Crystal Reports ... 280
9.1.6 ... Available Connectors in IC ... 280
9.1.7 ... SAP NetWeaver IdM and SAP ERP HCM ... 281
9.2 ... Outlook and Wish List for Future Product Versions ... 281
9.2.1 ... Integration with SAP Solution Manager ... 281
9.2.2 ... Merging with SAP BusinessObjects Access Control ... 282
9.2.3 ... SAP NetWeaver Composition Environment (CE) and Business Process Management (BPM) ... 282
9.2.4 ... Predefined, Ready-for-Use Reporting ... 282
9.3 ... Organizational Challenges ... 283
9.3.1 ... Creating Organizational Acceptance of SAP NetWeaver IdM ... 283
9.3.2 ... Establishing a Holistic and Current Functional Role Model ... 284
9.4 ... Final Considerations ... 284

... Appendices ... 285
A ... Additional Literature ... 285
A.1 ... Books and Articles ... 285
A.2 ... Online Sources Sorted by Chapters ... 285

The Authors ... 289

... Index ... 293