Skip to Content
0

changepasswordofabapuser from IDM to UserAlias Attribute on SAP ERP

Jan 29 at 10:57 PM

39

avatar image

Hi,

In this moment, IDM work fine on "Self-Service Password Reset" and "Logon Help" environment, but i need introduce a change. The LogonUID from my SAP ERP is diferente to the CN attributes en my LDAP (Active Directory). With this landscape, the password change flow not work because the users are diferents on both sources (ERP and LDAP). I can´t rename objects on any source, but i thing that i can use attribute %UserAlias% from my ERP on my IDM Deployment, but i dont know how to do it.

Please help me.

Thanks,

Paul Pedroza

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

C Kumar Jan 30 at 03:25 AM
0

Hello Edison,

In such case, you need to find a common identifier to map the user to all the system correctly. An alias can be used however another better way is to use Active Directory field samAccountname as MSKEYVALUE in IDM, if its store the user id in AD.

Regards,

C Kumar

Share
10 |10000 characters needed characters left characters exceeded
Edison Borrero Jan 30 at 06:56 PM
0

Dear C Kumar,

Thanks a lot for your suggest. The users on Active Directory can´t be modified because they are read from another integrated applications with LDAP.

The other way that i thing can use, is set the UserAlias field from my ERP with the same value that i have on "SamAccountName" or "Common Name" from Active Directory and after, sync it this, but i dont know how map the field UserAlias to the Active Directory over CN or SAN, like in the follow image:

Which values i do modified on the ABAP or AD connector on IDM?

Thanks,

Paul Pedroza


Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hello Edison,

SAP field useralias stores the alias name of the user and it is already mapped in the CreateABAPUser and UpdateABAPUser pass. The default mapping is useralias to MX_LOGONALIAS however as per your requirement you can change it to MSKEYVALUE or ACCOUNT<AD_REP_NAME>.

Regards,

C Kumar

useralias.jpg

useralias.jpg (63.6 kB)
0