To begin with the configuration, you need to set up the SCIM driver object in the Designer, and configure certain parameters to connect to SAP Cloud.
The procedure to set up the SCIM driver in Designer is similar for any connected application. The generic steps to set up a driver object in Designer is shown from step 1 to step 20. If you are familiar with the generic driver object set up, you can choose to skip Step 17 to continue with the configuration parameters specific to SAP Cloud.
Open Designer.
In the toolbar, click Help > Check for Package Updates.
Select the required package as shown in Installing the Driver Packages in Designer to download and click OK. The Designer is updated with the selected packages.
In Designer > Outline view, open your project.
Right click project > New > Identity Vault, or drag and drop Identity Vault from the Palette to Modeler window.
In the Add Server Association screen, select the following field values and click OK.
Server DN
Identity Manager Version
Identity Manager Edition
The Identity Vault Credentials window appears.
In Identity Vault Credentials window, enter:
Field |
Description |
---|---|
Host |
The identity vault hosting machine's IP address |
Username |
The name of the user, for example, Admin, if the user is an administrator. |
Password |
The password of the user to login to the identity vault |
Select Save Password, if you want to save your password for easy logins in the future.
Click OK.
The Identity Vault with the Driver Set appears in the Modeler window.
In the right pane, drag and drop the SCIM driver icon from Palette > Tool tab to the Modeler window.
In the Driver Configuration Wizard, select SCIM Base (Contains the base functionality for a driver. You must install a driver base configuration package first).
NOTE:You can only select one base package.
Click Next.
In the Select Mandatory Features page, select the SCIM Default Package, and click Next.
In the Select Optional Features page, select the SCIM SAPCloud Configuration Package, and if required select SCIM JSON Package, and click Next.
IMPORTANT:Though the SCIM SAPCloud Configuration Package appears in the Select Optional Features page, to configure the SCIM driver for SAP Cloud you must select this package mandatorily.
Verify if the required Important Note items are met, and click Next.
On the Driver Information page, specify a name for the driver, then click Next. The Connection Parameters page appears.
Select Basic in the Authentication Method field.
IMPORTANT:The SCIM driver for SAP Cloud is currently certified with Basic authentication only.
Enter the following fields as shown in the table below:
Field |
Sample Values |
---|---|
Authentication Method |
Select Basic. |
User Name: Specify the User ID obtained from SAP Cloud. The procedure to obtain the User ID is explained in Prerequisites. |
<be1a0804-7e91-46a1-be48-8a728fb60ef8> |
Password: Specify the password in the Enter Password and Re-enter Password fields that you have set in SAP Cloud. The procedure to set the password is explained in Prerequisites. |
<user defined password set in SAP Cloud> |
Application Login URL: The login URL of SAP Cloud. |
<https://tenant_name.accounts.ondemand.com/admin/> |
Header Fields: Click the icon to create the header fields. Enter the required header fields and supported values for the selected authentication method. |
|
Application Truststore File: The path and the name of the keystore file that contains the trusted certificates for the remote server to achieve SSL handshake. The trusted DigiCert CA certificate must be imported from the SAP Cloud portal. Import the keystore file by running the following command: keytool -import -file <name_of_cert_file> -trustcacerts -noprompt - keystore <filename> -storepass <password> |
</root/scim_configuration/trustSapCloud/SapCloud> |
Mutual Authentication:Enable and specify this field, if the authentication is supported by the connected application. You must ensure to have both the server certificates stored in Identity Manager and the connected application. |
Mutual Authentication is not mandatory for SAP Cloud. |
Proxy Authentication: Defaults to Hide. Select Show if you want to set proxy authentication parameters. Specify the host address and the host post when a proxy host and port are used. |
|
HTTPS Connection Timeout: Specify the HTTP connection time out value. |
The timeout value must be greater than 0. NOTE:The driver waits for the time specified (in minutes) and terminates the HTTPS connection displaying the error codes that are configured in the Subscriber Options > HTTPS error codes for retry field. |
SCIM 2.0 URL: Enter the URL for the SCIM Application. SCIM Resources like User, Group etc. will be appended to this URL. |
<https://<tenant ID>.accounts.ondemand.com/service/scim/> |
In the Install SCIM Base page, specify the Subscriber Options and Publisher Options, and click Next.
Field |
Description and Sample Values |
---|---|
Subscriber Options |
HTTPS error codes for retry: Specify the HTTPS errors that must return a retry status. Error codes must be a list of integers separated by spaces. For example: <307 408 503 504> NOTE:The operation will be retried if these errors are encountered. |
Publisher Options |
IMPORTANT:Polling Resource Options: This field does not appear when you are setting up the driver for the first time. These fields appear after configuring the driver in Designer. Once the driver is configured, double click the connector line in the modeler window and navigate to Driver Configuration > Publisher Options tab.
|
In the Schema Settings page, enter the values as shown in the following table:
Table 1-1 Schema Settings
Field |
Description with Sample Values |
---|---|
Refresh Schema on Driver Startup |
Specify Yes, to refresh the schema. IMPORTANT:You must select Yes only for the first time to load the application schema or if the application schema has changed. It is recommended to change it to No after you load the application schema. |
Schema Options |
Select SCIM 2.0.
|
Resource Type |
Specify the Resource ID and the Resource EndPoint for resources like Users, Groups, Roles, Entitlements etc. in Uniform Resource Name (URN) Format.
Similarly for Groups:
|
Table 1-2 Modifier Settings
Field |
Description with Sample Values |
---|---|
Custom Java Class |
Not Applicable for SAP Cloud. |
Document Handling |
Not Applicable for SAP Cloud. |
Review the summary of tasks that will be completed to create the driver, then click Finish. The configured driver appears in the Designer screen.