Based on what I’ve been hearing from the SAP NetWeaver
Identity Management Community there have been some grumbles about the Complexity
and Functionality in NW IDM. This is not going to be a slam on SAP, since
almost everybody recognizes that IDM has improved immeasurably since the
release of NetWeaver Identity Management 7.0.
I’d like to address some of the most common questions/ comments I’ve
heard. Hopefully we’ll be able to start a little bit of a conversation here…
Q1. Why doesn’t IDM just work out of the box?
A1. Why doesn’t any Enterprise System just work out of the
box? Folks, Identity Management is not a
project, it’s a program comprised of many little projects, with User Provisioning
only being a small part of the whole pie. It also affects many other systems in
your Enterprise. Based on this it cannot
be simple. Adding in the context of SAP does not make it any easier. Consider
your ERP roll out. Was it Simple? Was
it Straight forward? Did you need consensus before making decisions? Well here
you go. In some ways SAP IDM is easier than other systems since it is so
tightly integrated with the rest of the SAP Ecosystem.
Let’s face it SAP is tough and complicated since it touches
so much of the organization, throw in a couple of more systems, maybe you’re
using a different HCM system, or a couple of Directory Services. That increases complexity as well. Compared
to some other products it’s a real breeze. The product does not require you to
work purely in XML and only uses Java and JavaScript to extend, not build the
provisioning system. Also the connectors are flexible and robust. Compared to
some other Provisioning Systems where we had to constantly contact the Development
team to get connector source code so that we could make modifications.
Even for consultants setting up a new system, it’s not
always so easy. While I’ve developed a nice little tool kit of jobs, passes and
scripts, there’s always Pollicove’s
Law of Provisioning to consider. Even in the same industry there are wide
swings in the approach to IT Security and User Provisioning. This presents
challenges for everybody.
Q2. Why is it so complicated? Why am I logging so many !@$#
OSS notes.
A2. Well first off go to
training. It seems I get blank stares
when I bring this up. SAP has a great
Training Class for 7.1 and 7.2. Personally,
I’d like to see more training offered, but that’s for another post.
Also in the case of SAP IDM, have you looked at the
documentation? There are some excellent guides for setting up some common
workflows and tips on how to customize them.
Note to SAP: Adding
a section to SDN where people can post workflow samples would be a nice idea
that could foster the exchange of ideas?
Maybe something that people can start getting involved with at TechEd
DemoJam?
Also, refer to the previous question. It can be complicated and the product is
still maturing. Give it time. Believe me, from my talks with SAP, there is
even more that they want to do than you want from it. I think 7.2 is going to go a long way here in
addressing functionality that people keep requesting via OSS.
Q3. Why don’t they support…
A3. See the Previous question. If you want it, SAP probably wants it as
well. I saw a recent thread on SDN about supported databases and why don’t we
support…. Well the answer is there are certain things needed from a database
system for IDM to even potentially work with it. (triggers and stored
procedures) that believe it or not, are supported by every database out there.
(At least no one asked about Access)
So what do these questions have and answers have in common:
- A need for a greater understanding of what’s involved in your Identity Management Solution
- Good Administrator/Architect/Engineering preparation through training and research
- An appreciation of how the entire Enterprise (SAP and non-sap) works together.
Kind of sounds like the first bullet is about defining
requirements, the second point is about resources, and the third is about
design. Something to think about. While I'm not saying that it's all customer prep (or lack thereof) that raises issues, it certainly is a factor.
NetWeaver IDM is a product that is still
maturing, and doing so at a nice clip. 7.2 is a major evolutionary
milestone. Of course, this gets me
excited for what’s going to happen in the next version. But please, no more
major database upgrades!
1 comment:
So true - thanks for sharing!
Post a Comment