2007 Mar 06 8:05 PM
Hi ,
We are thinking of using the SAP HR ID has the SAP Login ID and the Portal Login ID, ... Did anyone had the same approach ? Any feedback will be welcome .
If my HR ID is 1234567 , my user ID will be 1234567 .
Or, (I'm a HR guy), what is SAP recommended approach and User ID ( How to generated the SAP User ID ) .
Regard's
2007 Mar 07 11:00 AM
That's actually a good idea since the HR ID (employee number) is unique and will not change - even when your lastname might change (e.g. due to marriage).
Question: do you also use the HR ID as Windows Domain Username?
Regards, Wolfgang
2007 Mar 07 2:00 PM
Wolfgang ,
For the moment we do not do it , HR master data, is just starting to be build .
We may do it in the future, but it's always time consuming when you already have policy is placed for Windows Domain Username .
Do you have any SAP documentation on the topic ?
Regard's
2007 Mar 07 2:20 PM
I don't think that there is an "official SAP documention" which would provide any clear guidance / recommendations on that topic. But it should be quite obvious that life is much easier if one single human user has only a few different "identities" (= account names) for the various <b>identity / user management</b> systems (i.e. Windows Domain Username, SAP UserID, Portal UserID, ...). "Less is more". Ideally there would be one a single "userID" - than you would not require any <b>user mapping</b> / <b>identity federation</b> functionality.
Regards, Wolfgang
2007 Mar 08 4:22 PM
At my company we built a special program that automatically generates a userid based off SSN and some other pieces of data. This id is used for Windows authentication as well as SAP. The id's are linked to SAP HR via infotype 105
Hope this helps.
2007 Mar 14 6:28 AM
Hi,
While creating the logon id instead of creating the user id via tcode su01 try creating it via tcode HRUSER.
Select the HR ids for which u want to create users and create the users. U can define the initial password there and even assign roles there too.
Other wise if u want to assign different roles to different users then only create the users via tcode HRUSER and assign the roles via SU01.
If users are created via tcode HRUSER the user name will be P<hr id> ie like P99003114.
First name and last name will be picked form hr
master data automatically.
Hope this will solve your purpose.
Pl dont forget to award points if resolved
Regards
2007 Mar 20 9:43 PM
Hi,
the idea is straightforward and good. btw: A unique user ID across all you systems makes (among others) an single sign-on implementation much easiert.
But consider also users that do not have a record in HR, e.g. functional users, external consultants, suppliers, customers etc. Maybe a scheme like prefix + personell no. would be better, "prefix" being a value for distinguishing employees from the other user types.
Regards,
Dominik