cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Help: User Locked in SystemA, but not in IdM

Go to solution
Former Member

on ‎03-18-2010 2:30 PM

0 Kudos

Hi all

Today a colleague came to me and said he locked himself in one of our SAP systems due to a wrong password. His account in Exchange, AD, other SAP-Systems was still active.

Now I'm asking myself how IdM will help in this case or how it must be configured to unlock a user in a single repository.

E.g. I could use a repository-specific MX_LOCKED and update it along with the regular update-jobs.

Or I will simply log-in to that specific system and unlock the user there (SU01, UME) - in this case IdM does not help in regular user administration tasks.

How do you guys handle such a situation?

BR

Michael

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member192665
Participant
‎04-12-2010 11:43 AM
0 Kudos

Hi Michael,

one of the options you have is to write a task that (un-) locks the user in a specific directory. This is possible, however it is not supported by the standard. Here is roughly how it could look like: Create LOCKED<REPNAME> attributes (similar to ACCOUNT<repname> and TEMPACCOUNT<repname>). Then you create UI task "un/lock user in repository" which provides a list of repositories. A simple workflow then sets the LOCKED<repname> attribute to 1 or 0 depending on which repository was chosen in the UI. Then you must only call the task SAP Provisioning Framework/System Type Specific Tasks/AS ABAP Tasks/LockUnlockUser and make sure not MX_LOCKED is used but the value of LOCKED<repname>, an event on the LOCKED<repname> attributes can automatically call this when the UI task is used. I would make a copy of this task so that you can modify it at will. You also must make sure that the correct repository is provided. One way to do this is compute the rep id by the global function sap_getRepositoryID. Then call the LockUnlockUser with uProvision and provide the repository ID as argument.

Hope this is not too confusion. All in all not more than 1-2 days of work.

Cheers,

Kai

-

http://kaidentity.blogspot.com/

Show replies
Show replies
Former Member
‎08-21-2013 6:32 PM
0 Kudos

Hi Kai!

First, thank you, the post is very good! Well, I am new in SAP IdM and would like to know if you have any screenshot with this configuration... Is yes, Can you shared with me?

King regards.

Answers (0)

Ask a Question