Partner directory
The Partner Directory of SAP Integration Suite is used to simplify the configuration of various aspects of ROI iAM. Below are listed the partner directory entries, which need to be configured for the proper operation of the product.
ROIAM_CONSTANTS_CONFIG
This partner directory contains string properties and a binary file, which allow the solution to be configured without touching the actual artefacts in the SAP Cloud Integration tenant. The properties are as follows:
ROIAM_Public_Event_Time_To_Wait – The period during, which the event consumer iFlow will wait for incoming events, before grouping them together for processing
- Default value 10 000 ms. Do not change it unless explicitly requested.
ROIAM*SCIM_Cred_Name – The Credential name from the Security materials of SAP Cloud Integration. Used for calling the ROI iAM SCIM API from iFlows.
TIP
The recommended value should start with ROI_iAM as prefix. Default value -> "ROIiAM_SCIM_oAuth2_Client_Credentials"*
If the credentials do not exist in the Security materials of SAP Cloud Integration, create them using the following steps:
Type: OAuth2 Client Credentials
Description: Credentials for direct communication between CI and ROI iAM SCIM
Token Service URL:
/oauth2/token
TIP
From the SAP BTP subaccount where ROI iAM is deployed, navigate to Instances and locate the instance named "ROIAM_authentication_ias_consumer". A service key named "consumer_key" should be available. Extract the "url" attribute value.
- Client ID : (clientid)
TIP
From the SAP BTP subaccount where ROI iAM is deployed, navigate to Instances and locate the instance named "ROIAM_authentication_ias_consumer". A service key named "consumer_key" should be available. Extract the "clientid" attribute value.
- Client Secret : (clientsecret)
TIP
From the SAP BTP subaccount where ROI iAM is deployed, navigate to Instances and locate the instance named "ROIAM_authentication_ias_consumer". A service key named "consumer_key" should be available. Extract the "clientsecret" attribute value.
- Resource: Fixed value:
urn:sap:identity:application:provider:name:roiam
ROIAM_SCIM_URL – The host where the SCIM API is deployed.
- This value can be taken from the SAP BTP subaccount where ROI iAM is deployed by looking for the URL of the application named "ROIAM_SCIM_REST".
API_Mgmt_Default_Page_Size – Used for paging during SCIM calls.
- Default value: 100. Increase it if the system is performing well to reduce roundtrips from the iFlow.
API_Mgmt_Key – The API key used for communication with API Management.
TIP
This is maintained in the Security Material section of SAP Cloud Integration as a Secure Parameter. The API key can be taken from the Developer Hub Application (set up later in this document) named "ROIAM_Internal_Application".
Default value: "ROIAM_API_MANAGEMENT_KEY"
If the secure parameter is not yet created in the Security material of SAP Cloud Integration, follow the steps below:
Within the Security Material, create an item of type Secure Parameter.
Enter "ROIAM_API_MANAGEMENT_KEY" as the Name.
Description: API KEY for communication with API Management through "ROIAM_Internal_Application".
Secure Parameter and Repeat Secure Parameter are taken from the "key" value of the application "ROIAM_Internal_Application" within the Developer Hub.
- API_Mgmt_Cred_Name - The credential name from the Security materials of SAP Cloud Integration. Used for calling API Management from iFlows.
The recommended value should start with ROI_iAM as a prefix. Default value: ROI_iAM_APIMgmt_oAuth2_Client_Credentials.
If the credentials do not exist in the Security materials of SAP Cloud Integration, create them using the following steps:
Type: OAuth2 Client Credentials
Description: Credentials for communication between CI and API Management through ROIAM_Internal_Application.
Token Service URL: Built from the API Management URL configured in the next string parameter "API_Mgmt_URL", with the suffix
/oauth/token.Client ID and Client Secret can be captured from the Developer Hub Application (set up later in this document) named "ROIAM_Internal_Application", respectively as "key" and "secret":
API_Mgmt_URL – The API Management URL to be used for communication from the iFlows.
- This value can be taken from the Developer Hub when browsing any of the products that will be created later in the document. Here is an example:
The URL is different for every API Management tenant and depends on the subaccount region as well as the virtual host name and account type defined in Settings → Runtimes during the setup of the SAP BTP Cloud Integration tenant.
Binary file for upload: This can be requested from ROIABLE. It requires no changes and simply needs to be uploaded under the following ID: "roiam_properties".
ROIAM_SCIM_BULK_STRUCTURES
The Partner Directory is used mainly to streamline the mapping of external data structures to the ROI iAM internal data model. It contains the following binary parameters. Request the files to be provided by ROIABLE and upload them without any changes using the following IDs:
Link
Account
User
License
Group
ROIAM_SCHEDULER
This entry is used by the ROI iAM - Framework - Scheduler iFlow. It contains the configuration for iFlows that need to run on a schedule. All information is stored in JSON format within a binary parameter with ID iFlow_Schedules.
The structure of this file is as follows (example below):
{
"schedules": [
{
"processId": "<unique identifier of the schedule that needs to match an existing JMS queue>",
"period": "PT1H",
"period_comment": "'P1DT2H3M4S' is 1 day, 2 hours, 3 minutes, and 4 seconds, whereas 'PT30M' is 30 minutes",
"initial_startDateTime": "2025-11-14T13:11:56Z",
"headers": {
//list of headers needed for the respective iFlow to be called
"roiam_customer_system_name": "<example repository name>",
"roiam_scim_skip_write": false
},
"headers_comment": "headers will be sent as properties over JMS",
"body": {
//body to be set during the call of the iFlow from the scheduler
}
}
]
}The "schedules" attribute is an array that can be either empty (no schedules defined) or contain one or many JSON structures as shown above.
The iFlow Scheduler reads the above information and makes an automated decision about whether the particular configuration is ready to run. The information about the last run for each processId is stored in a global data store named "ROIAM_SCHEDULER":
In addition to "iFlow_Schedules", there is one more dummy backup binary parameter that typically keeps the default structure of the JSON for reference. It is also used as a keeper for the Partner Directory. If you need to re-upload "iFlow_Schedules" and delete it before doing so, this will also remove the Partner Directory entry. To avoid this inconvenience, we introduced the dummy entry.
Once all partner directory artifacts are created, the Partner Directory entry should look like this:
