You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

SAP ECC

The EmpowerID SAP ECC connector lets you create, synchronize, and manage ECC users, groups and group memberships in EmpowerID. Imported user data can be managed and synchronized with data in any connected back-end user directories.

Supported Features and Attribute Mappings

  • Account Management

    • Inventory – Users in SAP ECC are inventoried as accounts in EmpowerID.

    • Create users – Create SAP ECC users in EmpowerID.

    • Update users – Update SAP ECC user attributes updated in EmpowerID.

    • Disable users – Disable SAP ECC users in EmpowerID.

    • Enable users – Enabled disabled SAP ECC users in EmpowerID.

    • Change password – Update SAP user passwords in EmpowerID.

  • Group Management

    • Inventory – Inventory SAP Roles, Profiles, and Transactions as EmpowerID Groups.

    • Inventory group memberships – Inventory SAP Roles, Profiles, and Transaction memberships as group members in EmpowerID.

    • Add users to groups – Add users in EmpowerID to SAP Roles and Profiles.

    • Remove users from groups – Remove users in EmpowerID from SAP Roles and Profiles.

  • Account Attribute Flow
    Users in ECC are inventoried as accounts in EmpowerID. The below table shows the attribute mappings of ECC user attributes to EmpowerID attributes.

SAP ECC Attribute

EmpowerID Attribute

Description

SAP ECC Attribute

EmpowerID Attribute

Description

NAME_FIRST

FirstName

First name of the user.

NAME_LAST

LastName

Last name of the user.

NAMEMIDDLE

MiddleName

Middle name of the user.

BNAME

LogonName

User name of the user.

BNAME

SystemIdenitfier

Unique System Identifier of the user.

TEL_NUMBER_MOBILE

MobileNumber

Mobile number of the user.

TEL_NUMBER

Telephone

Home phone number of the user.

SMTP_ADDR

Email

Email ID of the user.

LANGU

PreferredLanguage

Language of the user

UFLAG

Disabled

Determines whether or not user is active.

TITLE

PersonalTitle

PersonalTitle of the user.

TITLE_ACA1

AcademicTitle

AcademicTitle of the user.

FUNCTION

BusinessFunction

BusinessFunction of the user.

ROOMNUMBER

RoomNumber

RoomNumber of the user.

FLOOR

Floor

Floor of the user.

BUILDING

BuildingCode

BuildingCode of the user.

FAX_NUMBER

Fax

Fax of the user.

USERALIAS

Alias

Alias of the user.

USTYP

UserType

UserType of the user.

SECURITY_POLICY

SecurityPolicy

SecurityPolicy of the user

DEPARTMENT

Department

Department name of the user.

CLASS

UserGroup

UserGroup of the user

GLTGV

ValidFrom

ValidFrom of the user

GLTGB

ValidUntil

ValidUntil of the user

ACCNT

AccountNo

AccountNo of the user

KOSTL

CostCenter

CostCenter of the user

TZONE

TimeZone

TimeZone of the user

PWDCHGDATE

PasswordLastChanged

PasswordLastChanged

TRDAT+LTIME

LastLogonTime

LastLogonTime

company

Company

Company name of the user.

PNAME

UserPrincipalName

SNC Name of the user.

Prerequisites

You can connect EmpowerID to SAP R/3 system two ways:

  1. Application Server

  2. Message Server

Each has its own set of prerequisites. Expand the drop-down for that connection method to view.

 

You also need the following from SAP to connect EmpowerID to SAP via Application Server:

  • Host Name of the Application Server used for RFC communication

  • Username that is authorized to read from and write to the BAPI

  • Password of the service account

  • ClientID of the application server

  • Instance number

  • Network port number that is open to connect to the application server

By default, the SAP connector uses the 33+Instancenumber as the port to connect to the SAP application server. If a different port is used, specify the port number in the hostname column with the following syntax “HostName + ‘:’ + portNumber”

 

You also need the following from SAP to connect EmpowerID to SAP via Message Server:

  • Host Name of the Message Server used to establish the connection the to SAP R/3 system

  • Name of the LogonGroup used by the SAP R/3 connector

  • SystemID of the SAP system

  • Username that is authorized to read from and write to the BAPI

  • Password of the service account

  • Network port number that is open to connect to the message server (Refer https://help.sap.com/viewer/ports for port number information)

 

Beyond connection method specific prerequisites, the SAP proxy account used for the ECC connector needs to have access to the below tables as well as the ability to make the remote procedure calls listed:

REQUIRED TABLE ACCESS

REQUIRED REMOTE PROCEDURE CALLS

REQUIRED TABLE ACCESS

REQUIRED REMOTE PROCEDURE CALLS

ADCP

BAPI_USER_ACTGROUPS_ASSIGN

ADR2

BAPI_USER_CHANGE

ADR3

BAPI_USER_CREATE1

ADR6

BAPI_USER_EXISTENCE_CHECK

ADRP

BAPI_USER_GETLIST

AGR_1016

BAPI_USER_GET_DETAIL

AGR_1251

BAPI_USER_LOCK

AGR_AGRS

BAPI_USER_UNLOCK

AGR_DEFINE

PING

AGR_USERS

RFCPING

TSTC

RFC_GET_FUNCTION_INTERFACE

TSTCT

RFC_GET_NAMETAB

USCOMPANY

RFC_PING

USR02

RFC_READ_TABLE

USR10

 

USR11

REQUIRED ACTIVITY

USR21

Execute

USRACL

 Display

USREFUS

 

UST04

 

UST10C

 

UST10S

 

UST12