Installation / Update
The sections below describe the steps for a fresh installation or an update of ROI iAM in an SAP IdM environment.
IdM initial configuration
Prepare ROI iAM IdM packages
- Ensure you have the ROI iAM IdM packages provided by ROIABLE.
- Change the dispatcher's name so it is relevant to the SAP IdM system. Open the configuration file, locate
DISPATCHER MACHINE, and update the quoted value to the system dispatcher used for jobs and provisioning.
Import HUB package
- Import the
com.roiable.roiam.hubpackage into the target SAP IdM Identity Store. - Create a repository named
ROIAM_HUB_<landscape>using repository typeROIAM_HUB. - In IdM Developer Studio, execute the repository job "Load HUB data" for the newly created repository.
- Import the
Create ROI iAM users in UME
Create user ROIAM_APPROVER in UME and grant the following UME roles:
idm.authenticatedIDM_UserIdm.monitoringIdm.user
Create communication user ROIAM_TECH and assign UME role
RoiamIdmProxy.Provide the ROIAM_TECH credentials to the team responsible for the ROI iAM setup so they can configure the proxy.
Import connector and forms packages
Import the following packages into the SAP IdM Identity Store:
com.roiable.roiam.connectorcom.roiable.roiam.forms
Enhance attribute
MX_PRIVILEGE_TYPEwith a new value:ROIAM_CONNECTOR.
NWA deployment and configuration
Deploy ROI iAM Proxy
- Deploy the ROI iAM Proxy to the SAP NetWeaver Application Server Java (NWA), using telnet or any other standard method for deploying
.sca/.earfiles.
- Deploy the ROI iAM Proxy to the SAP NetWeaver Application Server Java (NWA), using telnet or any other standard method for deploying
Create datasources in NWA
- Create these datasources:
ROIAM_RT– runtime connection to the IdM database.ROIAM_OPER– oper connection to the IdM database.
- Create these datasources:
HUB repository configuration
Configure the Keys.ini constant
- In the
com.roiable.roiam.hubpackage, set the KEYS_INI_FILE_PATH constant to the path of the encryption key file.
INFO
Use the same value used by IdM Developer Studio. In NWA Java System Properties, look for property
com.sap.idm.rcp.crypt.keyfileand use its path for the HUB package constant.- In the
Populate configuration constants
Populate the configuration constants with the information for the
ROIAM_HUB_<landscape>repository, related IdM GUIDs, and proxy details:ROIAM_APIMGMT_HOST– Host for the ROI iAM Application Management.ROIAM_APIMGMT_CLIENT_ID– Client ID for ROI iAM Application Management.ROIAM_APIMGMT_CLIENT_SECRET– Client secret for ROI iAM Application Management.ROIAM_ENDPOINT_EVENT_PROV– ROI iAM Event Provisioning endpoint.ROIAM_ENDPOINT_SCIM– ROI iAM SCIM endpoint.ROIAM_ENDPOINT_OAUTH– ROI iAM OAuth endpoint.ROIAM_PROXY_AUTH_TYPE– Authorization type for the ROI iAM IdM Proxy application.ROIAM_PROXY_HTTP_USER– Connection user for the ROI iAM IdM Proxy application.ROIAM_PROXY_HTTP_PASSWORD– Connection password for the ROI iAM IdM Proxy application.ROIAM_PROXY_SERVICE_URL– Service URL for the ROI iAM IdM Proxy application.ROIAM_EVENT_<eventName>– ROI iAM event type ID representing the IdM CreateUser plugin.ROIAM_SCHEMA_<eventName>– ROI iAM schema identifier used for<eventName>event data.ROIAM_FORM_<eventName>– GUID of the form used as the attribute source for<eventName>.
INFO
ROI iAM configuration details must be provided by the responsible team.
Users' initial load from ROI iAM HUB
Prerequisite: Users must already exist in the respective ROI iAM landscape.
Execute the "Initial load - ROIAM users" job for the configured
ROIAM_HUB_<landscape>repository and confirm successful execution.Verify that all ROI iAM users appear in the temporary table:
roiam_%$rep.$NAME%_users
In IdM, ensure the same users have attribute
ROIAM_IDENTIFIER_<hubName>populated.
- After the initial load, schedule and execute the "Daily load - ROIAM users" job. Run this job after the standard "Load Users" job for the target HR system.