Software Units and Capabilities of SAP NetWeaver IDM

SAP NetWeaver Identity Management is an add-on to the SAP NetWeaver Application Server Java (AS Java). Components that makes up SAP NetWeaver Identity Management run on AS Java, Other components are mainly  stand-alone and are installed separately. Below are the complete set of software units that make up SAP NetWeaver Identity Management.

Software components

Software components consists of the individual install-able software units.

  • Identity Center
  • Virtual Directory Server (VDS)
  • Identity Management User Interface
  • Identity Provider


Software components overview

Software components                                                                                  Description
Identity Center


The Identity Center is the primary component used for SAP IDM ( SAP Identity Management ) .It uses centralized repository that is called identity store to provide a uniformed view of the data, regardless of the data’s original source. The Identity Center retrieves the data from these various repositories consolidates and transform it into the required formats, and publishes it back to the various decentralized repositories.
Virtual Directory Server (VDS)


The Virtual Directory Server is available in default with SAP NetWeaver IDM, which acts as a single access point for clients retrieving or updating data in multiple data repositories.
Identity Management User Interface


The Identity Management User Interfaces referred to here are the UIs that are deployed on the AS Java and used for the purposes mentioned above. There are  user interfaces for Virtual Directory Server and the Identity Center
Identity Provider


SAP NetWeaver Identity Management also includes an SAML 2.0 identity provider that you can use for Single Sign-On with SAP or non-SAP service providers. You can deploy this software on an AS Java release 7.2 SPS 2 The identity provider runs separately from all other SAP NetWeaver Identity Management system.




Connectors are the interfaces that enable you to connect SAP or non-SAP systems to SAP NetWeaver IDM. The connectors are directly related to system type.

  • SPML
  • AS ABAP for SAP Business Suite systems
  • SAP BusinessObjects Access Control ( SAP GRC )
  • LDAP directory servers
  • MS Active Directory
  • Generic database
  • Generic ASCII Interface
  • Lotus Notes / Domino
  • MS Exchange




SPML SPML is to automate the steps needed to manage (create, amend, and revoke) user or system access entitlements like Identity Provisioning. De-provisioning, such as when an employee leaves a company, In this context, SPML defines concepts and operations of XML-based provisioning request-and-response protocol.
AS ABAP ASABAP applications (i.e. SU01 users) have SAP HCM employee data (export to SAP NetWeaver Identity Management)
AS ABAP for SAP Business Suite systems SAP Business Suite applications (i.e. provisions SU01 users and application-specific identity information like business partners)
SAP BusinessObjects Access Control (GRC) SAP BusinessObjects Access Control
MS Active Directory MS Active Directory

Connector overview

LDAP directory servers Any LDAP directory server using the generic LDAP API Novell e-Directory  Sun One Directory

Special requirements for other directory servers.

Generic database Any SQL database
Generic ASCII Interface Any ASCII text file
Lotus Notes / Domino Lotus Notes Lotus Domino server
MS Exchange MS Exchange 2000/2003 or higher



Frameworks are extension to the connectors. It contains logic and functions that are used while storing and provisioning identity data. Frameworks are broader than the connectors and still specific to the system type.

  • Provisioning framework for SAP systems
  • SAP HCM staging area identity store
  • SPML IDS identity store
  • Governance, Risk, and Compliance (GRC) Framework

Framework overview

Framework                                                                                      Description
Provisioning framework for SAP systems The provisioning framework for SAP systems provides set of templates that is used to connect to SAP systems to SAP NetWeaver Identity Management and to set up  jobs & tasks for provisioning of the corresponding users as well as the corresponding assignments. The framework supports the SAP system types: AS Java, AS ABAP, and SAP Business Suite. It also includes support for Sun-One & Microsoft Active Directory servers.
SAP HCM staging area identity store This system provides a staging area identity store and framework to use at time when importing identity data from an SAP HCM system. You can then work with the data in the staging area before provisioning to the corresponding SAP systems.
SPML IDS identity store This framework also provides an identity store and framework to use when integrating those SAP Business Suite applications that send SPML requests using RFC from the SAP HCM system to SAP NetWeaver Identity Management.
Governance, Risk, and Compliance (GRC) Framework The GRC framework consists of a set of tasks in Identity Center and a configuration in the Virtual Directory Server that enables the use of SAP.


SAP NetWeaver Identity Management system run on AS Java. SAP Identity Management User Interface and Other components are stand-alone and are installed separately. Above set of software units  make up SAP NetWeaver Identity.