Oracle Identity Manager Connector - Datasheet
May 2009 ORACLE IDENTITY MANAGER CONNECTORS FOR SAP ENTERPRISE APPLICATIONS
HIGHLIGHTS
OIM Connector for Oracle SAP Employee Reconciliation ?Reconciliation of
employee master
records from SAP
HR store ?Supports
configurable attribute
mapping through
SAP HRMD_A iDoc
configuration
?Can be deployed
independent of the
SAP User
Management
Connector ?Certified with a wide range of SAP
versions: SAP R3
4.6C (Basis 4.6C),
SAP R3 4.7 (WAS
6.20), MySAP ERP
2004 ECC 5.0 (WAS
6.40), MySAP ERP
2005 ECC 6.0 (WAS
7.00)Today’s enterprises have numerous applications, databases and services in a typical IT environment. On top of which, there are up to millions of end users to be provisioned and managed across heterogeneous environments. The time, money and effort spent in managing users across these platforms and application had easily become administrator’s nightmare.Customers have the need to automate provisioning and de-provisioning of user accounts and thus manage appropriate access rights in applications, operating systems, databases, and services across the enterprise via a centralized, enterprise-wide solution. Oracle Identity Manager (OIM) provides such a solution.
OIM Connectors are pre-packaged solutions that integrate target applications with OIM. Specifically, OIM’s SAP Connectors integrate OIM and SAP ERP.
1. OIM Connector for SAP Employee Reconciliation retrieves employee
records in real-time from SAP HR and creates identities for them in OIM
using a process known as identity or trusted source reconciliation.
2. OIM Connector for SAP User Management provisions SAP accounts
along with their role & profile entitlement associations. Additionally,
existing SAP accounts can be matched to OIM identities using a
process called target resource reconciliation. The connector also comes
pre-configured to validate any role or profile grant for Segregation of
Duties (SoD) violation by performing preventive simulation of that grant
in SAP GRC, SAP ERP’s SoD policy management app lication.
OIM Connectors for
Oracle SAP User
Management & SAP
CUA
?Account provisioning
and reconciliation of
SAP security
accounts
?Pre-configured to
perform real-time
validation of
Segregation of
Duties policy check
with SAP GRC
(formerly Virsa)
?Can be deployed
independent of the
SAP Employee
Reconciliation
Connector
?Certified with a wide
range of SAP
versions: SAP R3
4.6C (Basis 4.6C),
SAP R3 4.7 (WAS
6.20), MySAP ERP
2004 ECC 5.0 (WAS
6.40), MySAP ERP
2005 ECC 6.0 (WAS
7.00)
Overview
Oracle Identity Manager Connector for SAP Employee Reconciliation
SAP Employee Reconciliation Connector enables SAP HR store to function as an authoritative source of OIM User identities. This is achieved through the connector’s identity (aka trusted source) reconciliation capabilities.
Some of the key features of the connector include:
?Real-time & flexible integration architecture based on SAP HRMD_A iDocs
?Reconciliation of a configurable & extensible set of attributes
?Detection of all major person lifecycle events including onboarding, job changes, transfers, terminations etc.
?Support for reconciliation of future dated lifecycle events. This feature allows currently effective changes to be immediately applied into OIM
while future dated changes are applied to OIM when these changes
become effective. This feature leverages the OIM future dated
reconciliation feature newly introduced in OIM 9.1.0.2.
Default reconciliation handles all key employee attributes such as First Name, Middle Name, Last Name, Personnel Number, Department, Street Address etc. Additional attributes can be reconciled using the configurable attribute mapping feature.
Oracle Identity Manager Connectors for SAP User Management & SAP CUA
SAP User Management Connector provides account management features such as account provisioning and account (aka target resource) reconciliation between OIM and SAP. Additionally, this connector is pre-configured to perform real-time Segregation of Duties (SoD) policy validation with risk policies defined in SAP GRC. This validation leverages the SAP GRC SoD Invocation Library feature newly introduced in OIM 9.1.0.2.
Account Provisioning
Create account Based on information provided by OIM, the
connector would create a user in SAP security
store including population of all user attributes.
Update account Allows for the modification of attributes related to
specific account.
Reset password Resets the password of the SAP account.
Validate SAP GRC SoD policies prior to responsibility or role assignments Pre-configured to provide real-time validation of SoD policies defined in SAP GRC for any role or profile assignments
Add/remove role assignments Allows new roles to be added as well as existing roles to be removed. Provides the list of all available roles as an OIM Lookup Field.
Add/remove profile assignments Allows new profiles to be added as well as existing profiles to be removed. Provides the list of all available roles as an OIM Lookup Field.
Disable account Disables the SAP account Enable account Enables the SAP account
Account Reconciliation
Create a new target resource for existing account Matches an existing SAP security account to an “owner”OIM user based on matching rules. Creates a new OIM target resource for this existing account. Populates all the OIM target resource profile attributes with their corresponding values in SAP security account
Update an existing target resource Reconciles changes to SAP security account attributes from SAP system back into the OIM target resource.
Update the roles & profiles associated with an existing target resource Updates the roles & profiles associated with an existing OIM target resource profile with the changes made directly to the SAP security record.
Disable/enable existing target resource Reconciles account status information from SAP into OIM
For More Information
?To learn more about Oracle Identity Manager Connectors, visit https://www.wendangku.net/doc/4a19014933.html,/identity or call +1.800.ORACLE1.