Picture this: You're using SAP Cloud Identity Services (SCI), but there's a hitch. You can't whip out your magic wand and conjure up some custom logic for any event in the Identity Directory Service (IDDS). What a downer, right?
Well, wipe that frown away! The SAP Best Practices Identity Lifecycle Service (IDLS) is here to save the day. It's like your personal superhero, giving you the power to inject your own custom wizardry into the SCI. Whether there's a tiny tweak or a mammoth modification in the IDDS, IDLS is ready to execute your custom logic, written in the language of the internet - JavaScript!
Three Fabulous Feats You Can Perform:
How This Magic Works:
The service comes with a treasure chest of predefined JavaScript functions. It's nostalgia-inducing, just like good old SAP IdM. Use these to perform certain operations inside IDDS.
Here's a sneak peek at a script that covers two of the scenarios mentioned above: Recalculating an email address (including checking for uniqueness) and assigning a group based on the user's cost center.
function eventTriggered(value, event) { if (event.getValue() == "Changed") { if (value instanceof Java.type("com.sap.openapi.idds.model.User")) { let changesMap = new Map(Object.entries(JSON.parse(changes))); changesMap.forEach((valueAttr, key) => { print(`Changes: ${value.getUserName()} : ${key} `); if (key == 'familyName' || key == 'givenName') { handleUserNameChanged(value); } if (key == 'costCenter') { addUserToGroupByCC(value); } }); utils.patchValues('user', value); } } } function handleUserNameChanged(user) { let name = user.getName(); var familyName = name.getFamilyName(); var givenName = name.getGivenName(); var emailList = []; var email = `${givenName}.${familyName}@company.com`; email = deleteUmlauts(email); var index = 1; while (utils.getValueByEntry("email", email)) { email = `${givenName}.${familyName}${index}@company.com`; index++; } user.getEmails().forEach(element => { element.setValue(email); element.display(email); element.setPrimary(true); element.setType(utils.getEmailType('work')); emailList.push(element); }); print(emailList); user.setEmails(emailList); user.setUserName(email); } function addUserToGroupByCC(user) { if (user.isActive()) { var listGroups = utils.getGroups(); listGroups.forEach((group) => { let name = group.getGroupExentsion().getName(); print(`Cost Center Name: ${name}`); if(name.indexOf("_") > -1) { let cc_number = name.substring(name.indexOf("_") + 1) print(`Cost Center Number: ${name}`); if (cc_number == (user.getEnterpriseUser().getCostCenter())) { utils.addUserToGroup(user.getId(), group.getId()); } } }); } } function deleteUmlauts(value) { value = value.replace(/\u00e4/g, "ae"); value = value.replace(/\u00fc/g, "ue"); value = value.replace(/\u00f6/g, "oe"); value = value.replace(/\u00df/g, "ss"); value = value.replace(/\u00dc/g, "Ue"); value = value.replace(/\u00c4/g, "Ae"); value = value.replace(/\u00d6/g, "Oe"); return value; }
The function "eventTriggered" is like the red carpet rolled out for every modification the IDSL detects. This function sorts out the modifications ("Created", "Changed", "Deleted") and provides all the juicy details related to the event (like the modified name). This function is your VIP pass into the IDSL.
The functions "handleUserNameChanged" and "addUserToGroupByCC" jump into action when the name or cost center are tweaked, and perform the necessary operations. Think of them as your trusty sidekicks, ready to perform more feats as you add them.
So, buckle up and get ready to automate your user administration in the Cloud with SAP's IDLS!
This is a list of the predefined script functions available as of now:
The following BTP Services are required to be available to be able to use this SAP Best Practices Service:
If your curiosity is piqued and you're itching to know more about this service and how to roll it out, don't be shy! Reach out to me directly or shoot an email to security.consulting@sap.com. We're all ears!
__PRESENT
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
28 | |
17 | |
13 | |
13 | |
12 | |
10 | |
7 | |
7 | |
6 | |
6 |