SAP Netweaver

The EmpowerID SAPNetWeaver connector enables organizations to integrate user data, such as user accounts, groups, and group memberships from their SAPNetWeaver system into EmpowerID. This integration facilitates seamless management and synchronization with any connected back-end user directories, ensuring data consistency and improved identity management.

Key Features of the EmpowerID SAP NetWeaver Connector

The EmpowerID SAPNetWeaver connector is designed to provide robust and comprehensive integration capabilities. It supports the following features:

Bi-directional Synchronization

Supports both inventory and write-back functionalities for users, groups, and group memberships, ensuring data consistency in both systems.

Full Inventory Support

Inventories all accounts, groups, and memberships during each inventory run, maintaining up-to-date data in EmpowerID.

SPML Requests via SOAP Calls

Utilizes SPML requests for communication, enabling efficient data transfer between systems.

Secure Authentication

Authenticates using a username and password, ensuring secure access to the SAPNetWeaver system.

Schema Support

Supports a wide range of attributes for users and groups, ensuring essential identity information is synchronized.

CRUD Operations

Enables Create, Read, Update, and Delete (CRUD) operations on user accounts and groups within the SAP NetWeaver environment.

Connectivity Details

The connector authenticates to the SAP NetWeaver system using the following parameters:

Base URL: The URL of the SAP NetWeaver system, including the port number.
Username: The username with read and write access to SAP NetWeaver.
Password: The password associated with the username.

Inventory Capabilities

The SAPNetWeaver connector manages the identities, groups, and group memberships within the EmpowerID system. It supports only full inventory, meaning all accounts, groups, and memberships are synchronized each time the inventory runs.

Account Inventory

SAPNetWeaver accounts are inventoried into the EmpowerID Account table. The connector supports full inventory for accounts, synchronizing all accounts from the external system to EmpowerID during each run. The 'id' attribute from the external system is used as the primary key and synced to the systemIdentifier column in the Account table. The following attributes are inventoried by the out-of-the-box connector:

SAPNetWeaver Attribute	EmpowerID Attribute

SAPNetWeaver Attribute	EmpowerID Attribute
department	Department
description	Description
displayname	FriendlyName
email	Email
firstname	FirstName
lastname	LastName
securitypolicy	EmployeeType
uniquename	LogonName
validfrom	ValidFrom
validto	AccountExpires

Group Inventory

SAPNetWeaver groups are inventoried into the EmpowerID Group table. The connector supports full inventory for groups, synchronizing all groups and their memberships from the external system to EmpowerID during each run. The 'id' attribute from the external system is used as the primary key and synced to the systemIdentifier column in the Group table. Group memberships are stored in the EmpowerID GroupAccount table.

Supported CRUD Operations

The EmpowerID SAP NetWeaver connector supports the following CRUD operations for user accounts and groups:

User Accounts

Create: Ability to create new user accounts in SAP NetWeaver from EmpowerID.
Read: Ability to read and synchronize user account details from SAP NetWeaver to EmpowerID.
Update: Ability to update existing user account details in SAP NetWeaver from EmpowerID.
Delete: Ability to delete user accounts in SAP NetWeaver from EmpowerID.

Groups

Create: Ability to create new groups in SAP NetWeaver from EmpowerID.
Read: Ability to read and synchronize group details from SAP NetWeaver to EmpowerID.
Update: Ability to update existing group details in SAP NetWeaver from EmpowerID.
Delete: Ability to delete groups in SAP NetWeaver from EmpowerID.

Helper Code and SPML Requests

The connector uses various helper functions and SPML requests for CRUD operations. Here is an overview of the key code components:

Helper Functions

SerializeToString<T>: Serializes an object to an XML string.
GetConfigSettingValue: Retrieves configuration settings.
CreateSOAPBody: Creates a SOAP envelope for SPML requests.
ParseSearchResponse: Parses SPML search responses.

SPML Requests

CreateSPMLSearchRequest: Creates an SPML search request.
CreateSPMLAddRequest: Creates an SPML add request.
CreateSPMLModifyRequest: Creates an SPML modify request.
CreateSPMLDeleteRequest: Creates an SPML delete request.

CRUD Operations

PerformCRUD: Executes CRUD operations by sending SPML requests to SAP NetWeaver.

Example Code

Here is an example of a helper function to create an SPML search request:

public static SearchRequest CreateSPMLSearchRequest(string id, string primaryKey, List<string> attributes)
{
    Identifier identifier = new Identifier();
    identifier.Item = id;
    Filter filter = new Filter();
    FilterSet filterSet = new FilterSet();
    List<string> primaryKeys = new List<string>();
    if (string.IsNullOrWhiteSpace(primaryKey))
        primaryKeys.Add("logonname");
    else
    {
        if (primaryKey.Contains(' '))
            primaryKeys.AddRange(primaryKey.Replace(" ", "").Split(' '));
        else
            primaryKeys.Add(primaryKey.Trim());
    }
    object[] obj = new object[primaryKeys.Count];
    ItemsChoiceType[] itemsChoiceTypeArray = new ItemsChoiceType[primaryKeys.Count];
    int pkIndex = 0;
    foreach (string pk in primaryKeys)
    {
        AttributeDescription attrDesc = new AttributeDescription();
        attrDesc.name = pk;
        obj[pkIndex] = attrDesc;
        itemsChoiceTypeArray[pkIndex] = ItemsChoiceType.present;
        pkIndex++;
    }
    filterSet.Items = obj;
    filterSet.ItemsElementName = itemsChoiceTypeArray;
    filter.Item = filterSet;
    filter.ItemElementName = ItemChoiceType.and;
    AttributeDescriptions[] attrs = new AttributeDescriptions[1];
    if (attributes != null && attributes.Count > 0)
    {
        AttributeDescription[] attributeField = new AttributeDescription[attributes.Count];
        int index = 0;
        foreach (string attribute in attributes)
        {
            AttributeDescription attributeDescription = new AttributeDescription();
            attributeDescription.name = attribute;
            attributeField[index] = attributeDescription;
            index++;
        }
        AttributeDescriptions attributeDescriptions = new AttributeDescriptions();
        attributeDescriptions.attribute = attributeField;
        attrs[0] = attributeDescriptions;
    }
    SearchRequest searchRequest = new SearchRequest();
    searchRequest.searchBase = identifier;
    searchRequest.filter = filter;
    searchRequest.attributes = attrs;
    return searchRequest;
}

Conclusion

The EmpowerID SAP NetWeaver connector provides a powerful and flexible solution for integrating SAP NetWeaver with the EmpowerID IGA system. By following the configuration steps and utilizing the provided helper functions and SPML requests, organizations can ensure seamless synchronization and management of identity data across both platforms. This integration enhances security, compliance, and overall identity management efficiency.