Show TOC

Identity Management for SAP CRM: Distribution of Local UsersLocate this document in the navigation structure

Use

This function allows you to maintain user accounts for contact and partner contact business partners in SAP Customer Relationship Management (SAP CRM), using SAP NetWeaver Identity Management (SAP NetWeaver IDM). Business partners can be maintained in their respective applications on the WebClient UI. New or changed user account data is managed by SAP NetWeaver IDM and distributed to SAP CRM. The distribution of data by SAP NetWeaver IDM is especially useful if business partners require access to further systems in addition to or besides SAP CRM. You can create or change user accounts in other systems, primarily SAP Business Information Warehouse (SAP BW) or the Enterprise Portal, and use SAP NetWeaver IDM to distribute user account data to these systems. If a business partner requires a user account in another system in addition to SAP CRM, for example SAP BW, you can also first create a user account in SAP BW and use SAP NetWeaver IDM to distribute the user account data to SAP CRM. You can conversely create a user account in SAP CRM first, and transfer user account data from SAP CRM to SAP BW using SAP NetWeaver IDM.

Integration

Your SAP Netweaver IDM system must be active for you to change or create user accounts. When SAP NetWeaver IDM is active, and if the Internet User business partner role is assigned to the business partner, the Users assignment block is available, and the buttons for creating and changing user accounts are enabled.

Note

The above is true for the WebClient UI applications Partner Contacts, Accounts, and Contacts. In the Employees application, the Users assignment block appears when SAP NetWeaver IDM is active, but the buttons are not available, and the assignment block is read-only.

Prerequisites

  • You have installed SAP enhancement package 1 for SAP CRM 7.0.

  • You have installed SAP NetWeaver Identity Management 7.1 and it is connected to your SAP CRM system.

  • You have defined the settings for your SAP Netweaver IDM system in Customizing for SAP NetWeaver under Start of the navigation path Application Server Next navigation step System Administration Next navigation step Integration with SAP NetWeaver Identity Management End of the navigation path.

  • You have created a service user in SAP CRM and assigned the following PFCG roles to the service user in SAP NetWeaver IDM:

    • SAP_BC_SEC_IDM_COMMUNICATION

    • SAP_CA_BP_IDM_INTEGRATION

    • SAP_CRM_BUPA_IDM_INTEGRATION

  • You have assigned PFCG role SAP_CRM_BUPA_IDM_BUSINESS_USER in SAP CRM to any user who must send requests to SAP NetWeaver IDM, for example, to create or change a user account.

  • You have run an initial load job from SAP NetWeaver IDM before starting to work in SAP CRM.

Features

To change a user account, you require authorization to display and change business partners, which is the case with or without using SAP NetWeaver IDM, and is possible when the correct PFCG roles are assigned to your user account. For example, you can have business role Partner Manager or Channel Manager, which are assigned to the appropriate PFCG roles. You must also have PFCG role SAP_CRM_BUPA_IDM_INTEGRATION assigned to your user account. The following features are available with user accounts on the WebClient UI:

  • Create user account

    You can request a user account for a business partner in the system he or she would like to work in. You must enter the name and address data, and also assign the relevant business partner roles to the business partner. The user account data with the assigned roles is sent as a request for a user account to SAP NetWeaver IDM. The relevant business roles are assigned to the user in SAP NetWeaver IDM, to which the relevant PFCG roles are subsequently assigned. SAP NetWeaver IDM creates a user account in SAP CRM and assigns it to the correct business partner. The business partner receives an e-mail notification that contains the necessary information for logging on to SAP CRM, including a user name and password.

  • Change user account

    You can change the user account information for a business partner with an existing user account. You can change and save the data directly on the WebClient UI. For example, you may want to modify the business partner roles assigned, or the e-mail address used by SAP NetWeaver IDM that you originally provided. The changed user account data is sent to SAP NetWeaver IDM as a request. SAP NetWeaver IDM identifies the correct user account and stores the changes. SAP NetWeaver IDM then changes the user account data in SAP CRM.

    Note

    In the Accounts and Contacts applications, the assignment blocks Contact Header Data, Account Header, Partner Contact Header, and Business Partner Roles are affected by the activation of SAP NetWeaver IDM. If you change data in these assignment blocks when SAP NetWeaver IDM is active, and a user account exists for the business partner being maintained, a change request is triggered. The change request is only successful if the user account has already been distributed to SAP NetWeaver IDM.

  • Lock or unlock user account

    You can lock user accounts so that they cannot be accessed. The request to lock a user account is sent to SAP NetWeaver IDM as a change request, so is processed in the same way as a request to change a user account. You can unlock a user account again at a later time.

    Example

    A contact person is employed at a partner company for a particular project, and so for a limited time. The contact person leaves the company when the project is completed, but may be employed again in future for other projects. In this case, the contact person's user should be locked for the period of absence, rather than removed.

  • Reset user account password

    You can send a request to SAP NetWeaver IDM to reset a password for a user account, if a business partner requests that his or her password be reset. Once the change request is processed, the business partner receives an e-mail notification with a new password.

  • Remove user account

    You can remove a user account, or request a system administrator to remove it. The request is sent as a change request to SAP NetWeaver IDM, and the user account is completely deleted in SAP CRM and SAP NetWeaver IDM. You can specify in Customizing that the user account only be locked as a result of the remove request, rather than deleted.

If business partners have the correct authorizations, including an assignment to PFCG role SAP_CRM_BUPA_IDM_BUSINESS_USER to their user accounts, they can create or edit their own user accounts on the WebClient UI. In all cases, new and changed information is displayed in the Users assignment block on the WebClient UI after it is processed by SAP NetWeaver IDM.

More Information

For more information, see SAP Library for SAP Customer Relationship Management on SAP Help Portal at http://help.sap.com.