The EmpowerID SAP S/4HANA connector lets you create, synchronize, and manage SAP S/4HANA user, role/profile and role/profile assignment information in EmpowerID. Imported user information can be managed and synchronized with data in any connected back-end user directories. When EmpowerID inventories SAP S/4HANA, it creates an account in the EmpowerID Identity Warehouse for each SAP S/4HANA user, a group for each SAP S/4HANA role or profile, and assigns group membership to users based on their role or profile memberships in SAP S/4HANA.
| Info |
|---|
Additionally, the connector supports the inventory of SAP TCODEs, SAP Authorization Objects and its field type values as rights in EmpowerID. Successfully inventorying these objects requires additional configuration in EmpowerID. This is demonstrated in the Connect to SAP S/4 HANA article. |
Once connected, you can manage this data from EmpowerID in the following ways:
...
Each EmpowerID server used to run workflows or perform inventory functions must have the
librfc32.dllassembly copied into theC:\Windows\System32folder. EmpowerID uses the assembly to perform various SAP processes (inventory, workflows, etc.). You can download the assembly from EmpowerID at the following link: https://dl1.empowerid.com/files/librfc32_64.zipFor read-only connections, along with access to the below-mentioned tables, the service account needs access to the RFC_READ_TABLE BAPI
All mandatory fields must not be empyt empty (E.G., LastName, PersNumber)
The standard tables should have the same structure across all the systems
The systems should have unique records across all the standard tables. For example, the records should not have any leading or trailing spaces on the Primary Key columns
The system should be free of any data issues. For example, there should not be any duplicate company codes pointing to the same address number.
The following network configurations should be in place for connecting to the SAP system:
All necessary ports should be open on the server used to connect to the SAP system
The host name of the SAP system should be resolvable to an IP address
...
REQUIRED TABLE ACCESS | REQUIRED REMOTE PROCEDURE CALLS | |||||
|---|---|---|---|---|---|---|
ADCPAGR_DEFINE | BAPI_USER_ACTGROUPS_ASSIGN | |||||
ADR3AGR_TEXTS | BAPI_USER_CHANGE | |||||
ADRPAGR_AGRS | BAPI_USER_CREATE1 | |||||
AGR_12511016 | BAPI_USER_EXISTENCE_CHECK | |||||
AGR_DEFINE1251 | BAPI_USER_GETLISTAGR_ | |||||
USERSUSR10 | BAPI_USER_GET_DETAIL | |||||
TSTCTUSR11 | BAPI_USER_LOCK | |||||
USR02UST10C | BAPI_USER_UNLOCK | |||||
USR11UST10S | PING | |||||
USRACLUST12 | RFCPING | |||||
UST04TSTC | RFC_GET_FUNCTION_INTERFACE | |||||
UST10STSTCT | RFC_GET_NAMETAB | |||||
ADR2ADR6 | RFC_PING | |||||
ADR6ADRP | RFC_READ_TABLEAGR_ | |||||
1016USR02 | REQUIRED ACTIVITY | |||||
AGR_AGRSUSR21 | Execute | |||||
ADR2 | ||||||
ADR3 | ||||||
ADCP | ||||||
USREFUS | ||||||
UST04 | ||||||
AGR_TEXTSUSERS | ||||||
TSTCUSRACL | ||||||
USCOMPANY | USR10 | USR21 | USREFUS | UST10C | UST12 | |
USR01 | ||||||
USR06 | ||||||
AUTHX | ||||||
DD04T | ||||||
TADIR | ||||||
TDEVC | ||||||
TOBJ | ||||||
USOBT | ||||||
USOBT_C | ||||||
USOBX | ||||||
USOBX_C | ||||||
AGR_1252 |
| Tip |
|---|
As each organization's implementation, practices, and procedures with SAP differs, EmpowerID uses an SAP Data Analysis Utility to ensure the necessary tables can be read and the necessary BAPI's can be invoked. The utility reads from all the same tables as the connector and copies data from those tables into the EmpowerID Identity Warehouse. This provides EmpowerID with the opportunity to review and analyze data in order to modify connector logic before setting up the connection. |
...