The following figure shows how the SAP Portal driver works. The driver provisions users from the Identity Vault and pass them to the SPML listener service on the portal. The SPML listener passes the requests to the User Management Engine (UME) and the UME writes the request to the UME local database, to an external LDAP directory, or to an ABAP system, depending on the configuration of the identity store for the portal. If the request is written to the ABAP system, the request can be passed to any CUA SAP systems that are part of the ABAP back end.
Figure 1-1 SAP Portal Driver
The SAP Portal driver synchronizes SAP users as well as the user’s SAP group assignments and SAP role assignments. If the Portal is configured with an ABAP user store, the user account is synchronized and added to the ABAP system; however, the ABAP roles, which display as SAP group objects in the portal, cannot be assigned directly in the SPML service. To synchronize groups, you must use the SAP User Management driver with the SAP Portal driver. For more information, see the Identity Manager 3.6.1 Driver for SAP User Management Implementation Guide.
The SAP Portal driver can be configured to use any of the back-end identity stores that are available.
The SAP Portal driver synchronizes information from the Identity Vault into the portal. Synchronizing information from the portal into the Identity Vault is not supported. This is unidirectional driver.