Identity Solutions

Replacement of a Notes-based role administration and integration of approx. 100 SAP systems into the IDM. The approx. 1 million SAP roles are to be mapped in the IDM. The administration is to be carried out from a workflow and use the SAP GRC module as well as being as user-friendly as possible. In addition, it should be possible to reset the SAP password from within identity management, whereby possible user locks should be lifted.

The roles must be permanently synchronized with the SAP systems. A search in the workflow should be possible by SAP system as well as by role and must be fluent. There are different numbers of approvers per system and role.

Creating a JAVA class to call the corresponding BAPI for importing the roles from SAP. A NULL driver is used to import and permanently synchronize the roles from all systems. For the provisioning of the accounts and roles as well as the password reset, a SAP user management driver in fan-out mode is used. A JAVA-based client is written for the simple administration of the configuration of the approx. 100 SAP systems.
Creation of a workflow to apply for roles according to the department affiliation. Transmission of the request to SAP GRC via SOAP and evaluation of the response. According to this and the number of further approvers the authorization is granted or not.
Creating a logic driver for the dynamic configuration of the approver groups.

Integration of a university’s card management system with the IDM system. Establish a uniform electronic management of images for printing student ID cards and ensure that the images are authentic and correspond to the necessary dimensions and resolutions.

Today’s images now have very high resolutions and therefore also require a correspondingly large amount of memory. This resolution is neither useful for saving nor for printing. In addition, it must be ensured that the person in the picture also corresponds to the person applying for the permit. For regulatory reasons, the images should be deleted after printing. Nevertheless, it must be possible for the person himself to manage the image.
Another challenge is the printing itself. At the beginning of the semester, large quantities of cards are printed, which is very time-consuming. Here a possibility has to be created to prioritize cards for second printing or to send them to other printers. The students should be informed about the printing and should be able to acknowledge the receipt of the card as uncomplicated as possible.

Establishment of a workflow for initial registration and a workflow for further self-administration of student data. Integration of a photo upload with predefined parameters and grop function. Automatically downsample the resolution of the uploaded image to minimize storage requirements and store in the directory service.
Implement a semi-automated process to validate the photo and then transfer it to the card management system. Manage various re-print options through the IDM (card loss, defective card, renewing the photo). Managing the corresponding card options (semester ticket, semester abroad, leave of absence, etc.) in the IDM and transferring them to the card management system in the corresponding print format.
Set up queue management so that new cards are not printed immediately, but in bundles of at least 10 cards to optimize printing.