Sap Security Pages

Learn SAP Security & Authorizations Concepts

AS Java Security Identity Management - Configuration 

Identity Management – Configuration

Aninda 0 Comments , , , , ,

Before we can start building roles or creating users on AS Java we have to start with configuring the UME. The configuration options are available under the configuration tab of the Identity Management application. Even under the configuration there are a number of sub tabs allowing different features to be configured. We look at a few of the more important options below.

Probably the most important configuration option is to set the data sources for the UME. This determines the data sources from where the UME reads the user information. We can set the data source as an AS ABAP SAP system, a LDAP system, an Active Directory server or a AS Java Database. The example screenshot below shows data source to be a set to a Active Directory Server.

Identity Management - Configuration - Data Sources
Identity Management - Configuration - Data Sources

Though setting the data source value is part of the Identity Management configuration but many a time the actual choice is determined by your network infrastructure and overall access structure. For example, its quite common that all users would have access to the corporate portal of an organisation but not everyone would be expected to work in SAP. As a result all employees will not a SAP account and in such a case, setting the UME database to a ABAP system would not work.

Identity Management configuration allows us to specify password parameters, like minimum and maximum length, use of special characters and validity dates, user id length, locking of accounts on using wrong password. The names of the parameters are quite self explanatory and appear under the “Security Policy” tab page. The screenshot below show an example configuration.

Identity Management - Configuration - Security Policy
Identity Management - Configuration - Security Policy

We also have a way of changing Notification Email settings as part of our configuration activities. Again the screenshot below shows some typical settings. I am not describing all the remaining tabs. Just explore them as the need arises. The configuration steps that are performed on the UME are basically one time activities. It would be very rare that you need to change these once the system is set up and running.

Identity Management - Configuration - Notification Emails
Identity Management - Configuration - Notification Emails

Leave a Reply

Your email address will not be published. Required fields are marked *