Applicative Credentials for SAP

Saurav
Tera Expert

Customer is using Horizontal Discovery at the moment (No Service Mapping)  , we have SAP Installations on the estate , we would like to understand how to apply SAP Applicative Credentials in ITOM.

As I understand from SAP Architecture team every SAP Installations would have their own ADMusers based on the SID , so if the SID is SAP1 is the SAP instance the userid would be SAP1ADM ,as you can understand there will be multiple SID based ADM user accounts , so multiple ADM User accounts , and these are setup automatically based on installations.

 

I am not sure which credentials to add to the Applicative Credentials as I cannot add all the SAP user admins to the Applicative Credentials for a single class in the fear that this would lockout these install accounts.

 

In terms of a single uniform credential I do not have any documentation links to point me to the level of access that is needed for SAP Applicative Credentials Setup on SAP.



 

 

6 REPLIES 6

Prabu Velayutha
Mega Sage
Mega Sage

Hi @Saurav 

 

You can configure multiple applicative credentials for a same CI type and mid server would try to authenticate in the order defined and identifies the best fit which it authenticate and creates a credential affinity with CI matched.

 

The below content is from product documentation:

 

The preconfigured pattern for discovering CIs belonging to this CI type contains commands that require a MID Server to use the applicative credential for this CI type. If there’s more than one credential configured for this CI type, the MID Server tries using these credentials in the order you define until it finds the credential that fits.

 

https://docs.servicenow.com/bundle/vancouver-platform-security/page/product/credentials/reference/ap...

 

If my response helps to solve your issue mark this as Helpful and Accept the Solution

 

Hi @Prabu Velayutha 

 

Thanks , as per the SAP Architecture team the SIDADM users are unique and are based on how SID is instantiated when SAP is installed, they are specific to the instance, so if we add the credentials based on the single class there will be say 15 credentials for the same class in applicative credentials ,  my question is at runtime would the pattern pickup the user based on the SAP instance it is running or would it try all the credentials one by one (in order) , why I am saying this if we have concurrent runs and the same SIDADM user is run across concurrently not relevant to the SAP Instance then it would lock out the SAPADM User Account.

 

I did read about the 'order' field but not sure if this will work. Any experience with SAP Integration with Applicative Credentials would be helpful.

 

https://docs.servicenow.com/bundle/vancouver-platform-security/page/product/credentials/reference/ap...

@Saurav it will go in order and it will not be concurrent. After the first run it will creat an affinity with credential matched and from next discovery run it will user credentials based on affinity created.

Saurav
Tera Expert

So another thing I think what would work is if try to do this , I create the credentials and hardcode in the affinity table (credentials affinity table) , I think that will force the affinity as per my hard entered choice.