Mapping Users in Table USREXTID
Use this procedure to map users of the ABAP service provider to the external user IDs
sent by a SAML 2.0 identity provider in the chosen name ID format. On the
Name ID Management
tab,
you can set mappings for single users for most name ID formats. For more information,
see SAP Note 1362866 
.
-
You have agreed the name ID format you are using and what the resulting name ID looks like for your users with the administrator of the identity provider.
-
If you mass configure user mappings, you have determined what common factor to use to create the external ID. You can choose from the following:
-
User ID
-
Logon alias
-
A value determined by a custom BAdI
You must create your own BAdI. SAP provides the BAdI USREXTIDMAPPING as an example of an implementation of this type.
-
Performing Mass Configuration of Mapping Data
-
In transaction SA38, open report RSUSREXT.
In the User section, determine the selection criteria for the users to which you want to map external IDs.
-
In the Ext. Name Changed section, enter the following data:
-
Choose an external ID type to match the name ID format as listed in the following table:
Name ID Format
External ID Type
E-mail
SA
Kerberos
KB
Transient
SA
Windows Name
NT
X.509 Subject Name
DN
Unspecified
SA
-
Enter any text that is to appear before or after the common part of the external name ID.
Example-
For X.509, enter CN= as the prefix and , O=EXAMPLE, C=US as the suffix.
-
For unspecified, add a prefix using the pattern <trusted_provider>: <name_qualifier>:.
-
-
Choose the source for the common part of the external name ID.
-
-
Enter further options as required.
-
Choose
.
Mapping a Single User
-
In transaction SM30, open view VUSREXTID.
-
Choose an external ID type to match the name ID format as listed in the following table:
Name ID Format
External ID Type
E-mail
SA
Kerberos
KB
Transient
SA
Windows Name
NT
X.509 Subject Name
DN
Unspecified
SA
-
Edit the table entries.
-
Save your entries.