Skip to Content
avatar image
Former Member

Provisioning users with different SAP backend ID and Portal ID

We are going through upgrade from AC 5.3 to AC 10.0 system. We have AD as the User search data source for AC10. Portal or LDAP can be the user detail data source. Field mappings/corresponding portal group mapping are also maintained as per the SAP documentation. We have 2 different IDs maintained; one for users to login which is the LDAP AD authentication ID (long ID) and another backend ID which is a short ID. The AD has both the long ID (cn) and the short ID (short ID) maintained. In the backend systems, the Long Id of the LDAP is stored in the User Alias. This set up worked fine with AC 5.3 using the SAP_USER_ID field.

As part of the LDAP field mapping in AC10, we mapped the User ID to long ID (cn) in LDAP and the SAP_User_ID is mapping to the short ID. So when a user look up is done in access request, it should look up for the long Id but when it populates the user info back to the access form, the IDs should be in the right place i.e. USERaLIAS field in Access form should have the long Id and the SAP_USER_ID/ USER_ID should have the short Id. But it never populates both the fields. We are on AC 10 SP13.

SAP_USER_ID was not showing up before. So I checked 1724954 and added the field to the GRACV_ACFIELD view and I was able to finish up the field mapping. But still the user ID are not getting populated in the Access request form correctly for provisioning. I also checked the 1834706 which came with SP 13. Since we are already on this SP level, this change is already in our system.

Has anyone dealt with multiple Id across EP and backend systems? How did you go about provisioning in that scenario?

Any insight would help.


Thanks

K

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    Jan 22, 2014 at 11:52 AM

    Hi,

    I am in similar situation but i am proposing to change the AD account names to short ids that can be used across systems. The proposal is more from the Identity management perspective across systems within Organisation.

    Please let me know if there is any technical solution within GRC.

    Regards,

    Prasad

    Add comment
    10|10000 characters needed characters exceeded