Entering content frame

Function documentation User Mapping Locate the document in its SAP Library structure

Use

The user's portal user ID is stored in the user repository for the enterprise portal. To enable Single Sign-On, a user's portal user ID and password must be mapped to the corresponding user ID for each system in which the user ID is different.

User mapping is required for two methods of Single Sign-On:

·       SSO using user ID and password: In this case, it is necessary to map the portal user ID and password to the user ID and password in the component system. See the section on Single Sign-On with user ID and password in the SAP Enterprise Portal Security Guide on SAP Service Marketplace.

·       Using SAP logon tickets for Single Sign-On to SAP Systems: You can only use user mapping in conjunction with logon tickets for Single Sign-On to SAP Systems.

The requirement is that the user ID be the same for all SAP Systems using logon tickets for Single Sign-On. If the SAP user IDs are the same as the portal user IDs, there is no need for mapping. If the SAP user IDs are different to the portal user IDs, you must define an SAP reference system. This is the system that is then used for user mapping. In other words, users map their portal user ID to the user ID in the SAP reference system.

A user's portal user ID and the SAP user ID are stored in the user's SAP logon ticket. When the user tries to access a component system, the system extracts the user ID from the logon ticket.

For more details on configuring Single Sign-On with Logon Tickets, see the SAP Enterprise Portal Security Guide on SAP Service Marketplace.

 

It is possible to map either a user, group, or role to a user ID in a system connected to the portal.

Caution

In the case of SAP Systems connected to the portal, you cannot map groups or roles to a user in a SAP System. You can only map a user to a user.

When a user tries to access an iView that requires data from a connected system that does not support SAP logon tickets, the procedure is as follows:

...

      1.      The portal first checks whether the user has been mapped to a user for the corresponding system and if so, logs on with the mapped user data.

      2.      If not, then it checks whether the group that contains the user has been mapped to a user and if so, logs on with the mapped user data.

      3.      If not, then it checks whether any of the roles assigned to the user has been mapped and if so, logs on with the mapped user data.

      4.      If not, the iView will normally prompt the user to enter mapping data (the iView developer needs to program the iView accordingly).

If the component system supports SAP logon tickets, the user ID is already contained in the ticket.

Prerequisites

·       You must enter a value in the fields usermappingtype and (optionally) usermappingfields in the system properties of the systems for which you wish to map user data. For details see System Properties for User Mapping.

·       You must define a system alias for a system, otherwise it will not appear in the user mapping tool.

Features

There are three methods for entering mapping data:

·       The portal administrator enters user mapping data for groups and roles when configuring the portal for use. See Mapping Users: Administrator Tool.

·       The user enters his personal mapping data in the Enterprise Portal. See Mapping Users: User Enters Own Data.

·       The user calls an iView that needs to connect to a component system. If there is no user mapping data stored yet, and the developer has programmed the iView accordingly, the user is redirected to the user mapping iView in order to enter his logon data for this system. After submit, the user mapping iView sends a redirect back to the calling application.

Leaving content frame