SAP IdM
upgrade scenarios

SAP Identity Management (IdM) version 7.2 is still frequently used. This is despite the fact that it reached the end of its maintenance period in 2018 and therefore no extended support is available from SAP. As a result, companies must upgrade to the new version SAP IdM 8.0, which is initially in mainstream maintenance until 31 December 2027.

The upgrade to SAP IdM 8.0 brings with it a host of new functions and more platform independence. But there are also technical challenges during the changeover. As the architecture and therefore the operation had to be changed in some places, the switch to 8.0 is more than just running an update script. It requires dedicated planning for the migration, including the necessary transformations.

There are various ways to upgrade to SAP IdM 8.0. Depending on how "overgrown" the old system is and how well the established processes have been documented, there are two options:

Firstly, a "side box" scenario - the creation of a new SAP IdM 8.0 system into which the configuration and data of the old system are imported. Alternatively, a direct upgrade of the existing SAP IdM 7.2 system, which must be at least on SP09. This scenario also requires manual rework and the effort and associated "downtime" of the system must be taken into account when deciding on the upgrade procedure. SAP also recommends not upgrading directly on the existing system, but on a copy.

From practice

itesys has realised an upgrade to SAP IdM 8.0 in a "side box" scenario for the customer Debrunner König, a Swiss wholesale company in the construction, industrial and commercial sectors. In addition to the existing SAP IdM 7.2, a new SAP IdM 8.0 was set up in parallel. Firstly, the relevant components were identified and transferred to the new system. These included tasks and UI tasks, which were converted into processes and forms, jobs, attributes and business roles. On the input side, the existing SAP HCM integration was prepared in such a way that it could be converted to the new system in a single step. During the actual conversion of the connected systems (called repositories in IdM terms), the great advantage of this procedure became apparent. The repositories were "moved" individually with minimal time interruption and the data such as users, roles and their assignments were reloaded, starting of course with the test and development systems. This allowed IdM 8.0 to be subjected to a test phase before the productive systems were finally moved. The data was also cleansed accordingly and only relevant clients were "loaded", for example.

Such a migration always requires good co-operation between the various parties involved. A comprehensive understanding of the implemented processes is also necessary, including the willingness to carry out the tests.