You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

Connect to SAP Netweaver

Owned by Phillip Hanegan
Last updated: Jul 03, 2024
6 min read

This guide provides detailed instructions on creating and configuring the SAPNetWeaver connector in EmpowerID. Follow these steps to ensure proper setup and synchronization of user data between EmpowerID and the SAPNetWeaver system.

Step 1: Create an SAP NetWeaver Account Store

  1. Navigate to Account Stores:

    • Go to Admin > Applications and Directories > Account Stores and Systems.

  2. Create Account Store:

    • Click on the Actions tab and select Create Account Store.

    • Search for Netweaver under System Types and select SAP NetWeaver.

  3. Enter Connection Details:

    • Fill in the following fields in the form:

      • Account Store Name: Provide a name for the account store.

      • Base URL: Enter the URL of the SAP NetWeaver system, including the port (e.g., https://YourSERVER).

      • Username: Enter the username with read and write access.

      • Password: Enter the password associated with the username.

  4. Submit: Click Submit to create the account store.

EmpowerID will create the SAPNetWeaver account store and the associated resource system.

Step 2: Verify Resource System Parameters

  1. Navigate to Account Stores:

    • Go to Admin > Applications and Directories > Account Stores and Systems.

  2. Select the SAP NetWeaver Account Store:

    • Search for the SAP NetWeaver account store created in the previous step and click the account store link.

  3. Verify Parameters:

    • Go to the Resource System tab and expand the Configuration Parameters accordion.

    • Verify the following parameters are correctly set for your system.

    • Click the Edit button for any parameter you need to change, enter the new value, and click Save.

Name

Value

Name

Value

SAPNetWeaver.BaseUrl

https://YourServer

SAPNetWeaver.Password

Your Password

DateTimeCulture

en-US

DateTimeFormat

yyyyMMddHHmmssZ

UserPrimaryKey

id

UserIdentifier

sapuser

IsDebugMode

FALSE

RolePrimaryKey

id

RoleIdentifier

saprole

GroupIdentifier

sapgroup

InventoryRoleAssignments

TRUE

UserSearchKey

logonname

RoleSearchKey

uniquename

GroupSearchKey

uniquename

GroupPrimaryKey

id

InventoryGroupMembership

TRUE

InventoryRole

TRUE

InventoryGroup

TRUE

InventoryGroupRoleAssignments

TRUE

InventoryNestedGroups

TRUE

UserLogonNameAttribute

logonname

RoleLogonNameAttribute

uniquename

GroupLogonNameAttribute

uniquename

InventoryUsers

TRUE

SendNotificationForUserDuplicates

TRUE

UserDuplicatesEmailMessageName

NetWeaverDuplicateUser

UserDuplicatesManagementRolesToBeNotified

F7382AE1-920E-4134-B669-7E0B75F74CD2

UserDuplicatesAttachmentFileName

DuplicateUsers

UserDuplicatesAttachmentFileListOfColumns

firstnamelastnameemailuniquename

SendNotificationForRoleDuplicates

TRUE

UserDuplicatesEmailMessageName

NetWeaverDuplicateUser

UserDuplicatesManagementRolesToBeNotified

F7382AE1-920E-4134-B669-7E0B75F74CD2

UserDuplicatesAttachmentFileName

DuplicateUsers

UserDuplicatesAttachmentFileListOfColumns

firstnamelastnameemailuniquename

SendNotificationForRoleDuplicates

TRUE

RoleDuplicatesEmailMessageName

NetWeaverDuplicateGroup

RoleDuplicatesManagementRolesToBeNotified

F7382AE1-920E-4134-B669-7E0B75F74CD2

RoleDuplicatesAttachmentFileName

DuplicateGroups

RoleDuplicatesAttachmentFileListOfColumns

uniquenameid

SendNotificationForGroupDuplicates

TRUE

GroupDuplicatesEmailMessageName

NetWeaverDuplicateGroup

GroupDuplicatesManagementRolesToBeNotified

F7382AE1-920E-4134-B669-7E0B75F74CD2

GroupDuplicatesAttachmentFileName

DuplicateGroups

GroupDuplicatesAttachmentFileListOfColumns

uniquenameid

WriteBackConfiguration

USER.PRIVATE_DATASOURCE.un:

IsLockedByAdmin

TRUE

Step 3: Enable Inventory for the Account Store

  1. Allow Provisioning and De-provisioning:

    • Configure the Resource System to allow provisioning, de-provisioning, and attribute flow.

    • Configure the Account Store to allow RET provisioning and de-provisioning.

  2. Run the Inventory:

    • Once the account store is set up, enable the inventory for the newly created account store.

  3. Reset IIS and Restart Services:

    • Reset IIS and restart web roles and worker services to ensure the settings are applied.

Step 4: SQL Configuration Scripts

Run the SQL scripts in the below dropdown to create necessary attributes and configurations in the database.

--**************************** Create SecurityBoundaryAttribute ************************************ IF NOT EXISTS( SELECT * FROM [SecurityBoundaryAttribute] WHERE ObjectAttributeID = (SELECT TOP 1 [ObjectAttributeID] FROM [ObjectAttribute] WHERE Name = N'CustomAttribute26') AND SecurityBoundaryTypeID = (SELECT TOP 1 [SecurityBoundaryTypeID] FROM [SecurityBoundaryType] WHERE Name = N'SAPNetWeaver') ) INSERT INTO [SecurityBoundaryAttribute]( [ObjectAttributeID], [SecurityBoundaryTypeID], [FriendlyName], [Name], [AttributeType], [BackLinkAttribute], [DirectoryDataType], [MaxLength], [MultipleValue], [AttributeFlowType], [AttributeFlowAssembly], [IsSearchable], [ConfigurationXml], [ModifiedDate], [CreatedDate], [DoNotAllowDelete], [ExtensionAttribute1], [ExtensionAttribute2], [ExtensionAttribute3], [ExtensionAttribute4], [ExtensionAttribute5], [ExtensionAttribute6], [ExtensionAttribute7], [ExtensionAttribute8], [ExtensionAttribute9], [ExtensionAttribute10], [ExtensionAttribute11], [ExtensionAttribute12], [ExtensionAttribute13], [ExtensionAttribute14], [ExtensionAttribute15], [SearchTerms]) VALUES( (SELECT TOP 1 [ObjectAttributeID] FROM [ObjectAttribute] WHERE Name = N'CustomAttribute26'), (SELECT TOP 1 [SecurityBoundaryTypeID] FROM [SecurityBoundaryType] WHERE Name = N'SAPNetWeaver'), N'salutation', N'salutation', N'string', NULL, N'DirectoryString', NULL, 0, N'TheDotNetFactory.Framework.ClassLibrary.SalutationHandler', N'SNCNameAttributeHandler Version=4.0.180.1 Culture=neutral PublicKeyToken=2d2253f74d4496ef', 0, NULL, CONVERT(DATETIME, '2022-03-29 14:14:43.407', 121), CONVERT(DATETIME, '2022-03-17 14:35:21.790', 121), 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, N'salutation salutation Name_salutation salutation salutation FriendlyName_salutation') -- Repeat for other attributes --**************************** Insert ResourceSystemResourceType ************************************ INSERT INTO ResourceSystemResourceType( ResourceSystemID, ResourceTypeID, ResourceEntitlementProviderType, ResourceEntitlementProviderAssembly) VALUES (ResourceSystemID, 2, 'TheDotNetFactory.Framework.ClassLibrary.SAPNetWeaverRetProvider', 'SAPPORetProvider Version=4.0.180.1 Culture=neutral PublicKeyToken=2d2253f74d4496ef' ) --**************************** Create Attribute Flow ************************************ EXEC Custom_AccountStoreObjectAttributeSync_VerifyByAccountStoreID {AccountStoreID} --**************************** Update Attribute Flow to Outbound ************************************ UPDATE SecurityBoundaryType SET DefaultAccountClass = 'user', DefaultGroupClass = 'group' WHERE SecurityBoundaryTypeID = 64 UPDATE a SET a.AttributeSyncTypeID = 2 FROM AccountStoreObjectAttributeSync a INNER JOIN AccountStore acc ON a.AccountStoreID = acc.AccountStoreID INNER JOIN SecurityBoundary sb ON acc.SecurityBoundaryID = sb.SecurityBoundaryID WHERE sb.SecurityBoundaryTypeID = 64 --**************************** Configure Set Group and Set ************************************ IF NOT EXISTS(SELECT * FROM [Resource] WHERE ResourceGUID = N'F064ED47-F7D2-42B0-B6B4-5BDAB5930873') INSERT INTO [Resource]( [ResourceGUID], [ResourceSystemID], [ResourceTypeID], [FriendlyName], [Name], [Description], [BlockInheritance], [RiskFactor], [RelativePath], [AbsolutePath], [AbsolutePathHash], [ParentOU], [ParentOUHash], [ParentID], [InheritsPermissions], [SystemName], [SystemUniqueID], [ResourceClass], [ResourceGroupID], [SessionDirtyDate], [Icon], [SmallIcon], [ResourceEnforcementTypeID], [LastEnforceAttempt], [LastEnforceSuccess], [LastProjectAttempt], [LastProjectSuccess], [LastRightsInventoryAttempt], [LastRightsInventorySuccess], [DefaultUserCreationPath], [DefaultGroupCreationPath], [ResourceEntitlementPersonID], [ResourceEntitlementID], [ResourceEntitlementManual], [AssetCatalogItemID], [AssetTypeID], [AssetPersonID], [Deleted], [DeletedDate], [ExtensionAttribute1], [ExtensionAttribute2], [ExtensionAttribute3], [ExtensionAttribute4], [ExtensionAttribute5], [ExtensionAttribute6], [ExtensionAttribute7], [ExtensionAttribute8], [ExtensionAttribute9], [ExtensionAttribute10], [ExtensionAttribute11], [ExtensionAttribute12], [ExtensionAttribute13], [ExtensionAttribute14], [ExtensionAttribute15], [LicenseMode], [ConfigurationXml], [ModifiedDate], [CreatedDate], [OrganizationID], [IsTemplate], [TransitiveResourceGUID], [SearchTerms], [CreatedByPersonID], [RbacProcessed], [TagList], [TagListChanged], [TagListCompiled], [SearchTermsCompiled], [AccessRequestPolicyID], [KeyEntryName], [KeyEntryDescriptionName], [OwnerAssigneeID], [ValidityLastAttestationDate], [ValidityLastResourceAttestationSnapshotID]) VALUES( N'F064ED47-F7D2-42B0-B6B4-5BDAB5930873', (SELECT TOP 1 [ResourceSystemID] FROM [ResourceSystem] WHERE Name = N'EmpowerID' AND CreatedDate = CONVERT(DATETIME, N'1980-01-01 00:00:00.000', 121)), (SELECT TOP 1 [ResourceTypeID] FROM [ResourceType] WHERE Name = N'SetGroup'), N'SAPPOProvisioningPolicySet', N'SAPPOProvisioningPolicySet', NULL, 0, NULL, N'1_42_SAPPOProvisioningPolicySet', NULL, NULL, NULL, NULL, NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 0, NULL, NULL, NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 1, NULL, CONVERT(DATETIME, '2022-03-04 16:29:19.083', 121), CONVERT(DATETIME, '2022-03-04 16:29:19.083', 121), N'5EB659C4-EF64-448A-8D32-8A45A70F184F', 0, NULL, NULL, N'9BAD13D4-577D-4BC3-B6B6-BD2B74A86714', 0, NULL, 0, 1, 0, N'2156D697-42C4-45D2-9F5C-98E51DE927D1', NULL, NULL, NULL, NULL, NULL) IF NOT EXISTS(SELECT * FROM [SetGroup] WHERE SetGroupGUID = N'F064ED47-F7D2-42B0-B6B4-5BDAB5930873') INSERT INTO [SetGroup]( [FriendlyName], [Name], [Description], [SetGroupGUID], [ResourceID], [CanBeAssigneeInRBAC], [ExtensionAttribute1], [ExtensionAttribute2], [ExtensionAttribute3], [ExtensionAttribute4], [ExtensionAttribute5], [ExtensionAttribute6], [ExtensionAttribute7], [ExtensionAttribute8], [ExtensionAttribute9], [ExtensionAttribute10], [ExtensionAttribute11], [ExtensionAttribute12], [ExtensionAttribute13], [ExtensionAttribute14], [ExtensionAttribute15], [RiskFactorTotal], [RiskFactorLastCalculated], [ConfigurationXml], [ModifiedDate], [CreatedDate], [Email], [OrganizationID], [FileFullExportPath], [FileDifferentialExportPath], [SearchTerms], [KeyEntryName], [KeyEntryDescriptionName]) VALUES( N'SAPPO Provisioning Policy Set', N'SAPPOProvisioningPolicySet', N'Created as a matching SetGroup for the SAPPOProvisioningPolicySet', N'F064ED47-F7D2-42B0-B6B4-5BDAB5930873', (SELECT TOP 1 [ResourceID] FROM [Resource] WHERE ResourceGUID = N'F064ED47-F7D2-42B0-B6B4-5BDAB5930873'), 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, CONVERT(DATETIME, '2022-03-04 16:29:19.320', 121), CONVERT(DATETIME, '2022-03-04 16:29:18.763', 121), NULL, N'5EB659C4-EF64-448A-8D32-8A45A70F184F', NULL, NULL, N'SAPPOProvisioningPolicySet SAPPOProvisioningPolicySet Name_SAPPOProvisioningPolicySet SAPPO Provisioning Policy Set SAPPO Provisioning Policy Set SAPPO_spchar_Provisioning_spchar_Policy_spchar_Set FriendlyName_SAPPO Provisioning Policy Set SAPPO_spchar_Provisioning_spchar_Policy_spchar_Set Created as a matching SetGroup for the SAPPOProvisioningPolicySet Created as a matching SetGroup for the SAPPOProvisioningPolicySet Created_spchar_as_spchar_a_spchar_matching_spchar_SetGroup_spchar_for_spchar_the_spchar_SAPPOProvisioningPolicySet Description_Created as a matching SetGroup for the SAPPOProvisioningPolicySet Created_spchar_as_spchar_a_spchar_matching_spchar_SetGroup_spchar_for_spchar_the_spchar_SAPPOProvisioningPolicySet', NULL, NULL) INSERT INTO [Set]( [SetTypeID], [FriendlyName], [Name], [Description], [Filter], [Path], [ObjectTypeID], [AccountStoreID], [ConfigurationXml], [InProgress], [LockedByServer], [NextCompilationTime], [ScheduleInterval], [IsEnabled], [SessionDirtyDate], [ModifiedDate], [CreatedDate], [DoNotAllowDelete], [SearchTerms]) VALUES( (SELECT TOP 1 [SetTypeID] FROM [SetType] WHERE Name = N'SQL Query'), N'SAPPO Provisioning Policy Set', N'SAPPOProvisioningPolicySet', N'SAPPO Provisioning Policy Set', N'DECLARE @ResourceRoles tResourceRoleIDResourceID insert into @ResourceRoles (ResourceRoleID ResourceID) select D.ResourceRoleIDG.ResourceID from dbo.[Group] G (NOLOCK) inner join resourcerole D ON G.ResourceID = D.ResourceID WHERE G.Deleted =0 AND D.ResourceTypeRoleID IN(8102866) AND G.AccountStoreID = {AccountStoreID} SELECT PersonGUID Friendlyname FROM dbo.Person(NOLOCK) P inner join [func_PersonIDResourceRoleIDResourceID_GetByResourceRoleTable](@ResourceRoles) RR ON P.PersonID = RR.PersonID WHERE P.Deleted = 0 group by PersonGUID Friendlyname', NULL, (SELECT TOP 1 [ObjectTypeID] FROM [ObjectType] WHERE Name = N'EmpowerID Person'), (SELECT TOP 1 [AccountStoreID] FROM [AccountStore] WHERE FQN = N'EmpowerID' OR NetBiosName = N'EmpowerID'), NULL, 0, NULL, CONVERT(DATETIME '2022-03-10 21:43:18.223', 121), N'<Schedule StartDate="2022-03-04T00:00:00Z" PredefinedDate="2032-03-04T23:32:04.6141713+01:00" ExpirationDate="2119-08-23T00:00:00Z" IntervalMode="Hourly" Interval="24" IsPerpetual="true" ExecutionCount="6" ExecuteUntilCount="0"><TimesOfDay/><DaysOfWeek/><MonthsOfYear/><DaysOfMonth/></Schedule>' 1 NULL CONVERT(DATETIME '2022-03-09 21:53:12.250' 121) CONVERT(DATETIME '2022-03-04 16:23:17.187' 121) 0 N'SAPPOProvisioningPolicySet SAPPOProvisioningPolicySet Name_SAPPOProvisioningPolicySet SAPPO Provisioning Policy Set SAPPO Provisioning Policy Set SAPPO_spchar_Provisioning_spchar_Policy_spchar_Set FriendlyName_SAPPO Provisioning Policy Set SAPPO_spchar_Provisioning_spchar_Policy_spchar_Set ')

 

Inventory Configuration

After configuring the account store and resource system parameters, enable the inventory to start synchronizing data between SAP NetWeaver and EmpowerID.

  1. Enable Inventory:

    • Go to the SAP NetWeaver account store page.

    • Select the Inventory tab and enable inventory for user accounts, groups, and group memberships.

  2. Full Inventory Sync:

    • The connector supports full inventory sync. During each inventory run, the connector will synchronize all user accounts, groups, and group memberships from SAP NetWeaver to EmpowerID.

  3. Monitor Inventory Jobs:

    • Navigate to Admin > Operations > Job Monitor to monitor the progress and status of inventory jobs.