The user management engine (UME) provides a centralized user management for all Java applications and can be configured to work with user management data from multiple data sources. It is seamlessly integrated in the SAP NetWeaver Application Server (AS) Java as its default user store and can be administrated using the administration tools of the AS Java.
The UME adds business value by enabling you to leverage your existing system infrastructure by accessing user-related data on an existing LDAP directory, an AS ABAP system, a database of the AS Java, or any combination of these. In addition it reduces administrative overhead by allowing you to perform centralized user administration.
The UME runs as a service in the AS Java and is the default user store.
The UME can be configured to read and write user-related data from and to multiple data sources, such as Lightweight Directory Access Protocol (LDAP) directories, the system database of the AS Java, and user management of an AS ABAP.
The following figure illustrates the architecture of the UME.
In the figure, user data is stored in one or more data sources. Each type of data source has its own persistence adapter. The persistence manager consults the persistence adapters when creating, reading, writing, and searching user management data. The application programming interface (API) is a layer on top of the persistence manager.
In the persistence manager, you configure which data is written to or read from which data source, so that the applications using the API do not have to know any details about where user management data is stored.
Identity management enables administrators to perform routine administration tasks such as creating or searching for users and groups, and assigning users and groups to roles. You can also configure the UME for e-mail notification. E-mails are automatically sent to users or administrators on specific events. For example, if an administrator locks a user account, the user receives an e-mail informing him or her of the change.
You can define a password policy including settings such as minimum and maximum length of passwords, number of failed logons before the system locks a user, and so on.
UME provides self-service scenarios that allow users to register themselves as new users or to change their own data (address, password, and so on). It is also possible to set up an approval workflow, whereby administrators approve newly registered users.
The UME logs important security events, such as successful and failed user logons, and creation or modification of users, groups, and roles.
The UME enables you to import and export user data from and to external systems.
The UME enables you to define virtual groups based on the content of a user attribute.
Enables you to support delegated user administration.
You can configure what attributes the simple search targets.
The UME APIs support access using the Service Provisioning Markup Language (SPML). For more information, see service.sap.com/security ® Security in Detail ® Secure User Access ® Identity Management ® SAP Identity Management APIs.
SAP NetWeaver Identity Management Identity Center uses the SPML interface to access the UME.
For more information, see SAP NetWeaver Identity Management Identity Center.
Here you can find information on configuring the data sources that UME uses to read and write user management data, and other configuration options.
The UME provides an administration console called, identity management, for performing administrative tasks such as searching for and creating users, groups, and roles.
This section also includes information about configuring the emergency user.
This includes information on the UME properties and configuration files.
● For information on the UME tools in the portal, see the following in the Portal Administration Guide:
○ User Administration
○ User Management Configuration