The steps below guide you through the process of configuring the ERP MA to support password resets. If possible, it is recommended to either use or start with the default template. The steps outlined in this section, describe the process for creating a new passwordset operation for a User Object Type.

The approach

FIM will request a password for a SAP user by directly calling the SAP MA password set operation. We must therefore configure the passwordset operation in the MA confirmation file to call the necessary password set BAPI (i.e. BAPI_USER_CHANGE).

  • . Configure SETPASSWORD operation in our configuration using the ERP Configuration Tool.

  • Configure SAP MA through FIM to support password change

For this example, we'll configure the minimum set of attributes

  • username - anchor attribute (attribute which defines the user)

  • newpassword - the runtime alias containing the new password.


  • You have already created a configuration (or in the process or creating a configuration) that you need to add passwordset support to.

  • You have a object type named 'user' configured for managing SAP user accounts.

To configure the SETPASSWORD operation
  1. To begin, start the ERP Configuration Tool. This will bring you to the main window. Click the connect button to connect to your SAP server.

  2. Click the "User" object type, then click "Add Operation" action button to add a new 'setpassword' operation for the SAP users. The Add operation wizard will be displayed to guide you through the rest of the steps needed. Once displayed, select 'setpassword' operation from the drop down list of operations.

  3. Click the "Add" button to add a new function to be called for this operation. A function search dialog will appear, enter the name 'BAPI_USER_CHANGE' and click search.Once found, select the function from the search results and click OK. This will selection the function and return you to the configure operation wizard.

    Select the function (again) and click the 'Edit' button to begin editing and configuration the data source for the function parameter.
  4. Edit 'PASSWORD' parameter to configure the data source of the new password to be flowed to this function/parameter.

  5. Flow runtime alias value 'user.newPassword' to this parameter.

  6. Click OK to complete this Configure Operation wizard. Save the configuration to the <FIMInstallDirectory>/Extensions folder. Remember to use a name which will be the name of you MA within FIM.

Configuring ERP MA for SAP to support

  1. Start the FIM Administrative Console Tool.

  2. Select the ERP MA for SAP and click properties. The configuration Dialog for MA will be displayed.

  3. Select 'Configure Extensions' option from the left pane options.

  4. Set the following fields values:

    • Enable password management: Checked

    • Extension Name: SAPMA.dll

    • Set Only: Checked

  5. Click settings button and enter the credentials to be used for settings passwords.

  6. Click OK to complete the dialog box.