SAP NetWeaver IDM Architecture

SAP NetWeaver IDM consists of two independent components

  • Identity Center (IC)
  • SAP Virtual Directory Server (VDS)

That makes it SAP IDM VDS. Identity Center and its data model can enhance using the administration console, It’s  based on a relational database which forms the core of the IDM system. Relation database provides transactional security, in directory service you can store current representation of an object in form of a flat list of attributes, whereas a relational database also store historic values and connect additional data for reporting purposes.

The IC database stores all the information regarding managed users and corresponding account information. All communication between the applications and the database happens using database libraries. In addition, external repositories are accessed from the Identity Center and Virtual Directory Server, to create user accounts and manage access rights. Which systems are accessed, depends on each specific implementation.

Note: The separate components have different installation jobs, and although it’s possible to install everything (including databases) on same server, still different servers are a better option to be used in production environment.

IC can be subdivided into three layers

EE User interface (UI) components

EE Database and identity store(s)

EE Runtime components (IC runtime)

SAP Netweaver IDM Architecture

SAP Virtual Directory Server (VDS) provides functionality for real-time access to multiple data sources in the middleware mode with special transformation functions, like the transformation of attribute values or enrichment from other data sources at the time of query and the support of specific protocols that are common in the IDM environment,  example LDAP & Service Provisioning Markup Language (SPML).

The Virtual Directory Server has separate configuration files, which is stored in the database. Virtual Directory Server is to be deployed on SAP NetWeaver AS Java. Logging for the Virtual Directory Server is configured in SAP NetWeaver.

Identity Management User Interface is to be deployed on SAP NetWeaver AS Java. To achieve high availability, as well as load balancing, the Identity Center solution should be installed on multiple servers. The database should be clustered. The Runtime Components has be installed on all servers running SAP NetWeaver AS Java. The Virtual Directory Server can also be installed on these same or different servers.


When you combine IC and SAP VDS, the result is an overall architecture with a very comprehensive interface for easy access. This is required for administrating, distributing, and providing identity data in a complete enterprise system landscape via one central access point — SAP NetWeaver IDM.

We can achieve connection between applications and systems directly via the technical adapters of IC and via the VDS. However, connecting additional systems will be handled by the SAP VDS in the future. On the one hand, this involves interfaces that are based on an official standard; on the other hand, the SAP VDS allows for direct requests for reading, changing, and deleting identity data. By contrast, the IC adapters must always be triggered by IC itself