Skip to Content
0

Looking For A Way To Map AD User To SAP Users (based On Email ID) In BI 4.1

Feb 10, 2017 at 05:05 PM

489

avatar image

Hello Experts,

We are planning to implement AD SSO in BI 4.1. We recently came across an implementation scenario where SAP Users are not same as AD users.

Example:

SAP User ID = 234567

AD User ID = ZRDRDS

Both belongs to same user and email ID is the common attribute. This scenario is no uncommon. Due to compliance reason may company setup access like this.
Now if we implement AD SSO, we will end up mapping alliances in BI.

Was hoping if there is a way to automate the process. Please let me know. SDK, Custom Script or standard BI solution.

Thanks,
Debjit

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Shawn Penner
Feb 14, 2017 at 04:43 PM
1

Some Starting Points:

1. The sample "Change Owner" found here:
https://blogs.sap.com/2013/05/13/scripts-for-user-management/

shows how to change the property SI_OWNERID. You would just need to change that to SI_PARENTID

2. I'm not sure what is meant by step 6. In the SDK there are two methods "AddExisting" and "AddNew" off of the IUserAliases object. However I don't think that either of those would work to add an alias that already exists in the system. On the same page as above there is an "Add Aliases" sample - but I'm not sure how to change it to work with an existing user object.

Shawn

Show 1 Share
10 |10000 characters needed characters left characters exceeded

I will check the content you shared. Thanks! I may have some follow up questions.

Thanks,
Debjit

0
Dell Stinnett-Christy Feb 10, 2017 at 06:16 PM
0

I have done this sort of thing using the Java SDK. You basically do the following:

1. Locate the duplicate users based on email address.

2. Look at the "aliases" of each user to determine which is the SAP user and which is the AD user.

3. Get the SI_ID of the SAP user's personal folder.

4. For each object in the AD user's personal folder, set the parent ID to the SI_ID of the SAP user's personal folder.

5. Repeat steps 2 and 3 for personal categories and inbox.

6. Make add the alias information for the AD user object to the SAP user objects aliases.

-Dell

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hi Dell,

Thanks for your suggestion. I am new to SDK. Can you share some script or suggest how we can automate the process.
As we have thousands of users in SAP and almost 6 times users in AD.

appreciate your help.

Thanks,
Debjit

0