Configuration of a new system that will go through ROI iAM
Prerequisite
- The repository must be configured on the ROI iAM side (source, target, system details).
- ROI iAM has to complete the initial load for that system.
- All HR users must exist in ROI iAM and have their
ROIAM_IDENTIFIER_<hubName>populated in IdM.
Steps
Create connector repository
- Create a repository of type
ROIAM_CONNECTOR. - Configure these repository constants:
ROIAM_HUB_REPOSITORY– HUB repository storing ROI iAM connection details and configuration.ROIAM_TARGET_REPOSITORY– Name of the system in ROI iAM.
- Create a repository of type
Run connector initial load
Open the repository in the IdM Admin UI.
Go to Jobs and execute job "[1] Read - ROIAM data".
Confirm success by checking:
- The IdM job log shows success.
- These database tables exist:
roiam_%$rep.$NAME%_usersroiam_%$rep.$NAME%_userLinks_loadroiam_%$rep.$NAME%_accountsroiam_%$rep.$NAME%_groupsroiam_%$rep.$NAME%_groupMembers_load
- Verify the data in these tables is correct.
Run steps 2 and 3 of the connector’s initial load for the new connector repository:
- Execute job “[2] Write - ROIAM data” and confirm it finishes successfully.
- Execute job “[3] Load - ROIAM data” and confirm backend user access in IdM.
Test provisioning
Test end-to-end provisioning:
CreateUserModifyUserDeleteUserAssignUserMembershipRevokeUserMembershipEnableUserDisableUser
Important In the current ROI iAM version, the source of entries does not change. SAP IdM continues to create both
MX_PERSONandMX_PRIVILEGEentries, while the ROI iAM load jobs enhance them with the values required for provisioning to target systems.