You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
SAP Netweaver
The EmpowerID SAPNetWeaver connector enables organizations to integrate user data, such as user accounts, groups, and group memberships from their SAPNetWeaver system into EmpowerID. This integration facilitates seamless management and synchronization with any connected back-end user directories, ensuring data consistency and improved identity management.
Key Features of the EmpowerID SAP NetWeaver Connector
The EmpowerID SAPNetWeaver connector is designed to provide robust and comprehensive integration capabilities. It supports the following features:
Bi-directional Synchronization
Supports both inventory and write-back functionalities for users, groups, and group memberships, ensuring data consistency in both systems.
Full Inventory Support
Inventories all accounts, groups, and memberships during each inventory run, maintaining up-to-date data in EmpowerID.
SPML Requests via SOAP Calls
Utilizes SPML requests for communication, enabling efficient data transfer between systems.
Secure Authentication
Authenticates using a username and password, ensuring secure access to the SAPNetWeaver system.
Schema Support
Supports a wide range of attributes for users and groups, ensuring essential identity information is synchronized.
CRUD Operations
Enables Create, Read, Update, and Delete (CRUD) operations on user accounts and groups within the SAP NetWeaver environment.
Connectivity Details
The connector authenticates to the SAP NetWeaver system using the following parameters:
Base URL: The URL of the SAP NetWeaver system, including the port number.
Username: The username with read and write access to SAP NetWeaver.
Password: The password associated with the username.
Inventory Capabilities
The SAPNetWeaver connector manages the identities, groups, and group memberships within the EmpowerID system. It supports only full inventory, meaning all accounts, groups, and memberships are synchronized each time the inventory runs.
Account Inventory
SAPNetWeaver accounts are inventoried into the EmpowerID Account table. The connector supports full inventory for accounts, synchronizing all accounts from the external system to EmpowerID during each run. The 'id' attribute from the external system is used as the primary key and synced to the systemIdentifier
column in the Account table. The following attributes are inventoried by the out-of-the-box connector:
SAPNetWeaver Attribute | EmpowerID Attribute |
---|---|
department | Department |
description | Description |
displayname | FriendlyName |
firstname | FirstName |
lastname | LastName |
securitypolicy | EmployeeType |
uniquename | LogonName |
validfrom | ValidFrom |
validto | AccountExpires |
Group Inventory
SAPNetWeaver groups are inventoried into the EmpowerID Group table. The connector supports full inventory for groups, synchronizing all groups and their memberships from the external system to EmpowerID during each run. The 'id' attribute from the external system is used as the primary key and synced to the systemIdentifier
column in the Group table. Group memberships are stored in the EmpowerID GroupAccount table.
Supported CRUD Operations
The EmpowerID SAP NetWeaver connector supports the following CRUD operations for user accounts and groups:
User Accounts
Create: Ability to create new user accounts in SAP NetWeaver from EmpowerID.
Read: Ability to read and synchronize user account details from SAP NetWeaver to EmpowerID.
Update: Ability to update existing user account details in SAP NetWeaver from EmpowerID.
Delete: Ability to delete user accounts in SAP NetWeaver from EmpowerID.
Groups
Create: Ability to create new groups in SAP NetWeaver from EmpowerID.
Read: Ability to read and synchronize group details from SAP NetWeaver to EmpowerID.
Update: Ability to update existing group details in SAP NetWeaver from EmpowerID.
Delete: Ability to delete groups in SAP NetWeaver from EmpowerID.
Helper Code and SPML Requests
The connector uses various helper functions and SPML requests for CRUD operations. Here is an overview of the key code components:
Helper Functions
SerializeToString<T>: Serializes an object to an XML string.
GetConfigSettingValue: Retrieves configuration settings.
CreateSOAPBody: Creates a SOAP envelope for SPML requests.
ParseSearchResponse: Parses SPML search responses.
SPML Requests
CreateSPMLSearchRequest: Creates an SPML search request.
CreateSPMLAddRequest: Creates an SPML add request.
CreateSPMLModifyRequest: Creates an SPML modify request.
CreateSPMLDeleteRequest: Creates an SPML delete request.
CRUD Operations
PerformCRUD: Executes CRUD operations by sending SPML requests to SAP NetWeaver.
Example Code
Here is an example of a helper function to create an SPML search request:
public static SearchRequest CreateSPMLSearchRequest(string id, string primaryKey, List<string> attributes)
{
Identifier identifier = new Identifier();
identifier.Item = id;
Filter filter = new Filter();
FilterSet filterSet = new FilterSet();
List<string> primaryKeys = new List<string>();
if (string.IsNullOrWhiteSpace(primaryKey))
primaryKeys.Add("logonname");
else
{
if (primaryKey.Contains(' '))
primaryKeys.AddRange(primaryKey.Replace(" ", "").Split(' '));
else
primaryKeys.Add(primaryKey.Trim());
}
object[] obj = new object[primaryKeys.Count];
ItemsChoiceType[] itemsChoiceTypeArray = new ItemsChoiceType[primaryKeys.Count];
int pkIndex = 0;
foreach (string pk in primaryKeys)
{
AttributeDescription attrDesc = new AttributeDescription();
attrDesc.name = pk;
obj[pkIndex] = attrDesc;
itemsChoiceTypeArray[pkIndex] = ItemsChoiceType.present;
pkIndex++;
}
filterSet.Items = obj;
filterSet.ItemsElementName = itemsChoiceTypeArray;
filter.Item = filterSet;
filter.ItemElementName = ItemChoiceType.and;
AttributeDescriptions[] attrs = new AttributeDescriptions[1];
if (attributes != null && attributes.Count > 0)
{
AttributeDescription[] attributeField = new AttributeDescription[attributes.Count];
int index = 0;
foreach (string attribute in attributes)
{
AttributeDescription attributeDescription = new AttributeDescription();
attributeDescription.name = attribute;
attributeField[index] = attributeDescription;
index++;
}
AttributeDescriptions attributeDescriptions = new AttributeDescriptions();
attributeDescriptions.attribute = attributeField;
attrs[0] = attributeDescriptions;
}
SearchRequest searchRequest = new SearchRequest();
searchRequest.searchBase = identifier;
searchRequest.filter = filter;
searchRequest.attributes = attrs;
return searchRequest;
}
Â
Conclusion
The EmpowerID SAP NetWeaver connector provides a powerful and flexible solution for integrating SAP NetWeaver with the EmpowerID IGA system. By following the configuration steps and utilizing the provided helper functions and SPML requests, organizations can ensure seamless synchronization and management of identity data across both platforms. This integration enhances security, compliance, and overall identity management efficiency.