Write Back Email, Username and Phone to SAP HR Using SailPoint IIQ

Most joiner processes for new hires generate an username and email address dynamically, but a problem can arise when using SAP HR systems because there is no direct way to write back the newly generated username and email to SAP HR 105 records. Sailpoint IdentityIQ provides a simple solution. The rule below can be used to write back to SAP HR using IIQ.

The SAP service account should have permission to update the SAP HR records. Please refer to Sailpoint connector reference guide for SAP HR configuration.

1. Import the rule to Sailpoint

2. Edit application SAP HR and goto Rules-> Connector Rules -> Select Radio By Operation Rule-> Select the Rule name “SAP HR Provisioning Rule” as Modify Provision Rule.

3. Go to Identity Mapping -> Edit Email attribute -> Set Target Mapping with SAP “Email” Attribute.

4. Go to Identity Mapping -> Edit UserName attribute -> Set Target Mapping with SAP “System user name (SY-UNAME)” Attribute.

5. Go to Identity Mapping -> Edit Phone attribute -> Set Target Mapping with SAP “Telephone” Attribute.

6. Enable attribute sync in the Refresh Identity Cube and execute.

The modify plan will be generated for the newly created identities and it will call the below rule to write back to SAP.


Questions, comments or concerns? Feel free to reach out to us below, or email us at IDMWORKS to learn more about how you can protect your organization and customers.

Tags: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *