The main functions of SAP NetWeaver Identity Management include:
Provisioning, Workflow & Approvals
Business rules and policies drive assignment and maintenance of user access rights across multiple systems. You can quickly provision employees as well as business partners, and all changes and approvals are fully auditable.
NW IDM 7.0- Working with Workflows PartI
7.2 Getting more information from Web Enabled Tasks
Read the following blogs on workflow & approvals:
- Using Email Templates with SAP NetWeaver Identity Management 7.1
- Custom Approval Objects with SAP Identity Management
- All about pending values: Part 1, Part 2
- Podcast: How it Works - Flexible Approval Workflows with SAP NetWeaver IDM
- Approval Items in UWL (Part 1), (Part 2)
- How To Determine Business Roles Proposals in Workflows...
- Dynamic Resolution of Approver and Approvee in Workflows
- Delegate Access in Workflows via Referrals at runtime
- Send an email notification containing data selected from the requestor (changed on 26.09.2008)
Role Management
Roles align with business processes rather than technical directory structures. Users are assigned roles and given certain privileges, called entitlements, which enable access to various systems.
Read the blog How mature is your authorization concept?
Read part 1 and part 2 of these blogs for details oin how to manage role and privilege assignments in the 7.2 User Interface
Password Management & Self-Services
The software supports self-service password reset and password synchronization across all connected target systems, as well as the ability to perform self-service updates of personal information.
Usually it's avoided to use agents which have to be installed on target systems. In most cases the conncetion is done with the standard API of a connected target system to process all provisioning task, e.g. for LDAP directories, ADS, Exchange.
In some rare cases agents are used, e.g. for the "ADS Password Hook" because it's the only way to go. In addition to that, customers may want to develop their own agents for sending events to IdM.
Reporting & Auditing
Critical for compliance, this feature enables you to produce reports based on current access and past events. If questions come up, reports can conclusively state whether the person in question had entitlements to particular applications and associated features and functions. You can transparently maintain all changes to data, user access rights, and administrative permissions.
Read the following information on reporting:
- From SAP standard report to your own report (Blog)
- How To... Create Reports with SAP NetWeaver Identity Management (How-To Guide)
- How it works: IDM reporting (Podcast)
- SAP NetWeaver Identity Management 7.1: Can you check the SBOP Access Control 5.3 detailed Audit Information for a request? (Blog)
Identity Virtualization
SAP NetWeaver Identity Management provides an integrated, unified view of the virtual identity of users, as well as identity services to let you leverage identity information and access rights across networks.
Data Synchronization
If you change key information in one application, it is transformed and propagated to other related applications to maintain data consistency and quality.