Professional Documents
Culture Documents
V2.0 2018-02-16
V3.0 2019-02-08
V4.0 2020-05-04
Page 1 of 29
SAP UAM User Guide
Introduction ............................................................................................................................................ 3
What is SAP UAM? ....................................................................................................................... 3
Process and Workflow .................................................................................................................. 3
General information ............................................................................................................................... 5
User interface ................................................................................................................................ 5
Create new request for SAP access rights ............................................................................................ 6
Go to “New Request” .................................................................................................................... 6
Decide who should be the recipient .............................................................................................. 7
Select SAP system(s) ................................................................................................................. 10
Select the SAP user on the target system(s) .............................................................................. 11
Search and select SAP roles ...................................................................................................... 12
3.5.1. Role view ............................................................................................................................. 12
3.5.2. How to request access rights .............................................................................................. 13
Information during the request process ...................................................................................... 16
SOD-Check ................................................................................................................................. 16
Summary of the request .............................................................................................................. 17
Cart and start workflow ............................................................................................................... 17
Copying UAM requests ............................................................................................................... 18
Approve requests as supervisor .......................................................................................................... 19
Approval email............................................................................................................................. 19
Approval step and actions ........................................................................................................... 20
Manage your approvals ............................................................................................................... 22
Approve requests as business owner/keyuser .................................................................................... 22
Approval email............................................................................................................................. 23
Approval step and actions ........................................................................................................... 23
Manage your approvals ............................................................................................................... 24
Manage deputies ................................................................................................................................. 25
Manager and keyuser in 1 person ....................................................................................................... 25
Password Self-Service Tool ................................................................................................................. 27
Page 2 of 29
SAP UAM User Guide
Introduction
What is SAP UAM?
Easy to use self service tool for SAP user authorization request
SOX-compliant documentation and support of segregation of duties (SoD)
Integration within Magna Global IT environment (Active Directory and SAP Solution Manager)
SAP UAM supports following functionalities
o Request SAP authorization roles for named user and system user
o Request and create SAP user
o Standardized workflow (supervisor and business owner approval)
o Segregation of Duty (SoD) check (integration with SAST tool)
o Remove SAP authorization roles from user
o Configuration per division
Overview
Page 3 of 29
SAP UAM User Guide
Workflow Detail
Page 4 of 29
SAP UAM User Guide
General information
User interface
Link: http://mitapps-sapuam.magna.global/
New Request
Start new (User-, Role-)request for
you or a third person.
Change Language
The default application language is
derived from your browser settings.
You can switch the application
language from DE to EN.
Page 5 of 29
SAP UAM User Guide
Go to “New Request”
Page 6 of 29
SAP UAM User Guide
Personal request
1
Request a role or a SAP user for yourself (for your own account).
Page 7 of 29
SAP UAM User Guide
Click
Click
Page 8 of 29
SAP UAM User Guide
Click
Page 9 of 29
SAP UAM User Guide
Switch the tabs to select between Production and Quality/Development systems. Select one or
more systems for which you want to request.
NOTE:
If a user does not have an SAP account, all systems are shown automatically.
For users who have already an SAP account, only actual assigned SAP systems for the account
are automatically shown.
If additional systems are needed, the following checkbox can be deactivated so that all systems for
selection are shown.
Page 10 of 29
SAP UAM User Guide
Within this step select the SAP acoount you want to use for your request (has to be done for each system
you selected before).
If the user has one or more SAP If the user has no SAP account
accounts on the selected on the selected system
system
In case the user for whom you request has one or more SAP accounts within the selected system you
can select the appropriate account by clicking the dropdown menue.
If the person for whom you request does not have an SAP account you can request a new user.
The system will provide you a suggested username based on the Windows username of the recipient. In
this step you can also overwrite this suggested username and suggest your own name (in this case the
manager and the UAM Division Administrator has to approve this new username).
NOTE: The matching between the recipient´s user (Windows user) and the SAP user will be done with
the email address.
Page 11 of 29
SAP UAM User Guide
GREY
The role is currently not available.
(Please note that if a division is already using the new role kernel (roles named X*/Y*, old z*-roles will not
be maintained within UAM.)
If you mouseover the rolename you get more information about the role:
Role description
Page 12 of 29
SAP UAM User Guide
Select the tab “Role List” (default) to search the roles within a defined structure. In this view
you can also search by role name.
As soon as you select a role by clicking the checkbox next to the role title, the role will appear
on the right side under ‘selected roles’:
If you want to limit the access for the role you can set a valid to date by clicking the clock
symbol and selecting a date.
Page 13 of 29
SAP UAM User Guide
You can search the roles by looking into other users account (email or username).
Page 14 of 29
SAP UAM User Guide
Describe the authorization which is required. Your request will then come to the step
“Resolve Roles”. The SAP team will assign the appropriate roles.
In case you need to remove roles from an existing user select the tab “Remove roles”. All
existing roles will be shown in a table, you can remove the role immedatly or with a target
date.
Select the roles you want to remove, if you don´t set a target date, the roles will be removed
immediately If you select a role and set the targt date the role will be removed at End Of
Business (CET) on the selected day.
In case of a roles removal the Keyuser/Business owner approval step will not be
neccassary, just the Supervisor/Manager has to approve this.
Page 15 of 29
SAP UAM User Guide
During the whole request process you will have a live information of your current status (on the right side
of the window).
Role description
Information of your description of roles you
need
Selected Roles
Roles you selected from the role list
Existing Roles
Roles which are already assigned to your user
within this system (you can´t select them
anymore from the list). Roles which will be
deleted in future are marked in red with the
deletion date in the tool tip.
Roles to remove
Roles which you have selected to be removed.
SOD-Check
The SoD check will be performed with all requests (can be deactivated per division). The check will be
done on an external system and can take up to 5 minutes (depends on the number of roles).
Page 16 of 29
SAP UAM User Guide
(In the workflow the manager has to review and accept your accepted risks.)
In this step you can review your request and send it to the cart.
After you send your request to the cart you can start the approval workflow.
Page 17 of 29
SAP UAM User Guide
If you have more than 1 request with the same needed settings/access rights it is possible to copy an
UAM request:
Select ‘requests’ – ‘open’ on the left side – the ‘copy request’ button is available as soon as there was no
action from the manager:
If you use the function ‘copy request’ the settings for the new request will be filled out automatically –
therefore you have to overwrite the recipient, username ,…
Page 18 of 29
SAP UAM User Guide
Approval email
You will be notified via email. If you click the link in the notification mail you will be automatically
forwarded to the approval page within UAM.
Page 19 of 29
SAP UAM User Guide
Actions
Accept (default) or decline individual roles by clicking the box next to role description
Page 20 of 29
SAP UAM User Guide
See the complete history of the request, including persons who are
eligible to approve the request.
Delegation of approval step to a third person (add the reason for
delegation).
Save the current status
Review and change SAP username (in case a new user has been requested):
If there was a new user request the title “New User:” followed by the proposed name will be shown.
The system will check if the username is already in use witin the SAP systems.
The naming convention of new user accounts is the decision of each division.
Recommendation: AD-name should be used for new SAP accounts.
Page 21 of 29
SAP UAM User Guide
Within ‘Tasks’ (Inbox) you see all requests of your division which have to be handled by your role.
You can also search for specific requests by entering the appropriate info like ‘task at’.
Page 22 of 29
SAP UAM User Guide
Approval email
As soon as the manager approval was done, the request will be sent to the business owner/keyuser
approval step.
Actions
Accept (default) or decline individual roles by clicking the box next to role description
Page 23 of 29
SAP UAM User Guide
See the complete history of the request, including persons who are
eligible to approve the request.
Delegation of approval step to a third person (add the reason for
delegation).
Save the current status
Normally, more than one keyuser per role is assigned. Only 1 of the defined keyuser can approve/decline
the role.
Example: If you are one of three defined keyusers and another keyuser already approved a role for which
you are also keyuser, it is not possible anymore for you to approve the role again as keyuser.
Within ‘Tasks’ (Inbox) you see all requests of your division which have to be handled by your role.
You can also search for specific requests by entering the appropriate info like ‘task at’.
Page 24 of 29
SAP UAM User Guide
Manage deputies
If you are in the role of a manager or keyuser, please set a deputy for the time you are not in the office.
The requests will be forwarded to your deputy in the mentioned period.
By selecting ‘Deputies’ in the menu bar you can search for deputies which are involved in the workflows.
After clicking ‘OK’, you have to delegate the role to someone else:
Page 25 of 29
SAP UAM User Guide
Mark the roles/tree, select a person and click ‘delegate selected roles’.
After that, click the ‘Exit’ button on the left side to leave the request.
Page 26 of 29
SAP UAM User Guide
Magna-IT offers a Password Self-Service Tool within supported SAP systems. This tool is connected to
UAM and can be used in several scenarios.
1. Reset the password in one system and meanwhile the user will be automatically unlocked if it is
locked before.
2. Reset the password in all systems and meanwhile the user will be automatically unlocked if it is
locked before.
3. Unlock the user in one system without password reset
4. Unlock the user in all systems without password reset
The link for the password-reset web tool is listed on the logon screen of each SAP system – for this
example it is the production system ITP:
Copy the following link to a web browser such as Internet Explorer or Google Chrome:
https://sap-sm3.magna.global:8001/pwreset
(We also recommend you to add the link to the favorites folder in your browser.)
Once opening the website, you will see the following application screen.
Page 27 of 29
SAP UAM User Guide
Email confirmation window appears and ask if the mentioned mail address is the right one.
If you confirm with ‘yes’ an email will be sent to you.
If you negate, MIT helpdesk will be informed to check the mail address which is listed within your SAP
account.
As soon you got the activation mail please confirm the link within the mail:
For the first login, you have to change your password after entering the generated password which you
got before per mail (generated password is valid 7 days).
Page 28 of 29
SAP UAM User Guide
Mail: sap.global@magna.com
Phone: +49 6093 9942 5062
Page 29 of 29