Skip to content

Creating SAP System Users

An SAP administrator must create an SAP System User ID within each target system. You will use the SAP username and password to enable Remote Function Call communications between the target system and the Access Risk Management agent.

Caution

If you use the integration between Access Risk Management and Identity Security Cloud, make sure you are not using the same user to connect Identity Security Cloud to SAP that you are also using to connect Access Risk Management to SAP. They must be unique users or you will be unable to extract data from SAP.

You can select any user with proper authorizations, but we recommend the following user specifications:

  • User: EM_CONNECTOR

  • User Type: System

  • Assign the roles:

    • Download the SAP file for standard access roles and assign them to the system user EM_CONNECTOR.
    • If you use Emergency Access Management or Access Reviews, you will also download the SAP file for additional role and assign it to the system user EM_CONNECTOR.

Note

Contact your SAP administrator if you need assistance using transaction PFCG to upload the roles.

Upload the necessary roles via PFCG for the implemented features (provided by SailPoint Support):

  • Access Analysis – z_sailpoint_arm_aa_2024.sap
  • Access Reviews (Certifications) and Emergency Access Management (Firefighter) – z_sailpoint_arm_eam_2024.sap

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.