cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Manager for IAG Workflow

SubbuIyer
Participant

on ‎11-11-2022 10:18 PM

0 Kudos

Hello Experts,

As per the below SAP Note, if we maintain the manager information for the user in IAS then the data can be automatically retrieved in the access request. We would like to utilize the manager information for Access Request and Access Certification workflows.

https://launchpad.support.sap.com/#/notes/2924629

The issue here is that this field would only accept the P-User (User ID) as the manager, a number generated by IAS itself. It is practically impossible to maintain this value for every employee manually, especially because the manager's information may keep changing in HR from time to time.

Even if we set up Azure AD as a source for IAS user provisioning, how do we handle the transformations to change this value to the P-User in IAS for the manager ID retrieved from AD?

If any of you have experience handling this requirement then your input is greatly appreciated.

Regards,

Subbu Iyer

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

SoniaPetrescu
Product and Topic Expert
Product and Topic Expert
‎11-14-2022 1:34 PM
0 Kudos

Hello Subbu,

you actually do not need to maintain this manually. There is a function in IPS that you can use (providing you use IPS between Azure AD and IAS). The function is called resolveEntityIds. Have a look at this note as an example : 3046724 - How to provision the manager from SAP SuccessFactors to Identity Authentication .

This note does not 1:1 apply to your case as you would have a different user source but you can get an idea about what the function does. Here is the IPS documentation for this function : https://help.sap.com/docs/IDENTITY_PROVISIONING/f48e822d6d484fa5ade7dda78b64d9f5/0cdac7ce593548d38b5...

Also, if you are performing a direct provisioning into the SAP Cloud Identity Services, keep in mind that :

Kind Regards,

Sonia

Show replies
Show replies
SubbuIyer
Participant
‎12-09-2022 10:37 PM
0 Kudos

Thanks Sonia.

Apparently, IPS does not currently have the capability to read the manager information from Azure (SAP Note 3235598).

Do you know in the absence of SuccessFactors, which are the systems that IPS can read the information from? We spent quite a lot of effort working with the Azure team in setting up the connection and then we discovered this SAP Note. The customer has on-premise MS AD and Okta with Manager information. There is also Workday which has this information.

Regards,

Subbu Iyer

Ask a Question