In SAP Connector, we are using attribute sync for writing back SamAccount, Email address and SSO as per the SAPHRProvisioning Rule - https://community.sailpoint.com/t5/IdentityNow-Connectors/SAP-HR-Provisioning-Modify-Rule/ta-p/73639
We are using the same BAPI_EMPLCOMM_CHANGE for SSO field update as well under infotype 0105 and have enhanced the code to include SSO subtype in addition to 0010 for email and 0001 for system user.
Issue is, we are able to update and aggregate back everything but the sso is not working.
during the attribute sync request, the value of sso is being passed successfully and we can see under synced attributes but when we aggregate back, it is blank and never reached SAP.
Did anyone came across similar need to write back attributes apart from default ones supported?
Yes, we do. These 3 attributes(email, userid, sso) are in same infotype 0105 and also we have all access in SAP.
SSO config is also under subtype SSO and in infortype 0105, I am attaching SAP snip for SSO here.
One thing to note is instead of normal field of SAP, the sso field is under SAP additional fields( By default SAP is storing values in uppercase and sso ids are randomly generated values).
infotype : 0105
subtype : SSO
name : ZSSO_ID
@enistri_devo Emanuele, do you have any insight on what all changes will be required to support write back of SSO to additional field under subtype of 0105 infortype?
No, sorry. I think what you are doing is correct. I can only suggest to talk with the sap PM of your customer. SAP has a lot of configurations and is possibile you need a permission on SAP side.
Hi @kyle1, Thank you!
yes, the last issue was authorization issue and it worked after fixing that.
Also, to add more - for supporting additional write back if anyone is looking, Custom BAPI or Update BAPI will be required and the SailPoint configurations need to be updated as well accordingly.
