Skip to Content
0

Is SAP IDM able to work with 2 AD

May 24, 2017 at 03:16 PM

51

avatar image

is SAP IDM able to work with 2 different AD's , which one is Master and the second will be secondary , but truly different ? and if yes, what will be the limitations? So can we provision business roles based on the Master AD, which through IDM can be managed to the secondary AD ( total different domains)

thank you

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Matt Pollicove
May 24, 2017 at 03:18 PM
0

Hi Floriana,

Yes it is. It's just a matter of setting up a repository for every AD system that you're looking to work with. Take a look at the documentation on the Provisioning Framework.

Matt

Share
10 |10000 characters needed characters left characters exceeded
Dominik Trui May 26, 2017 at 10:50 AM
0

Yes it's possible. We had four different domains which were trusted to each other. Now we reduced them down to two. Still works quite fine.

However, one thing I found to be a bit problematic:

If you want to provision group assignments cross domain the IdM wants to create a second user in the other domain. We don't want that. Thus, I had to supress this. Now the cross-domain assignments are handled within a batch job and I also set the Only priv of the other domain hard in a ToIdentityStore with DIRECT_REFERENCE=1.

If I understood correctly you have business roles with AD groups from both domains in them? Could even be a bit more tricky than my setup.

Share
10 |10000 characters needed characters left characters exceeded