SAP IDM - Using Identity Stores

In SAP IDM, information stored in Identity stores are used in provisioning framework and this provides a centralize repository for managing identity related information like Dept, Emp name, Groups, BU, etc. Identity store also provides extensive audit trail and tracking functionality to monitor attributes which can be changed.

Using Identity Stores

Usually an Identity store is connected to identity management user interface in SAP NetWeaver AS for Java and each Java installation can only connect to one identity store. There are number of system attributes added in the system when an identity store is created. There is an identifier- MSKEYVALUE which stores unique identifier in Identity store across all entry types.

In Identity Management, you use entry type to define an entry property such as allowed and mandatory attributes.

Note − MSKEY number is unique across in an identity center across all identity stores.

MSKEY Number

Managing Entry types in Identity store

Usually it is not recommended to delete entry types in an identity store as they are required for audit trail and tracking purpose. You can mark it as inactive or use a state field to mark the status of that entry type.

Ex − An employee can join back a company later and in that can it simplifies the process if the same entry type can be used for that employee.

Managing Entry Types in Identity Store