Many customers already have a Non-SAP identity management solution in place to manage their companywide identities. If not driven by factors like End-Of-Maintenance, they rarely see a need to change this solution and implement alternative solutions like SAP NetWeaver Identity Management.
But – as SAP NW IdM offers very powerful identity management capabilities in SAP landscapes (e.g. replacement of the Central User Administration (CUA)), quite a number of customers use SAP NW IdM for User Management and Role Provisioning in these landscapes in coexistence with the central IdM solution.
To be still able to manage all identities in the company with a central IdM solution, SAP NW IdM then can be used to establish the connection between the company IdM solution and the SAP systems.
The implementation of this scenario can be done using the Virtual Directory Server (VDS) component of SAP NW IdM to exchange the required information between systems.
VDS offers a single consistent view and entry point for multiple distributed identity data sources. Using standard protocols like LDAP and SPML, it can be used as an abstraction layer for these data sources and is able to transform incoming and outgoing LDAP requests and connect directly to the existing data repositories.
In such an environment SAP IdM will cover the complete Identity Management of the customer SAP systems – driven by the central company wide IdM system.