on 11-04-2009 10:24 AM
hi,
Could some one highlight on the integration of SAP GRC with non SAP system.
The scenario could be like I have integrated Active Directory with SAP GRC. I have pulled in all Active Directory group information into SAP GRC.
Now while provisioning the user to Active Directory I would like SAP GRC to check for the SOD violations based on the AD group information.
We will be provisioning the user through an Identity Management product.
Any help is highly appreciated.
regards
Sunil
non of the links are working!!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Sunil,
Plz go through with the demo link.....
Hope it will help.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Team,
We are trying to integrate GRC with EP. We are unable to do it, we have created an url iview in the portal http://sapgrcd:50000/webdynpro/dispatcher/sap.com/grc~acappcomp/AC when we preview the iview it was asking for login id and password. But it should not ask the login details.
Can you guys please provide me the complete step by step process at the earlest.
In case if you have any documents can you please provide me.
We are not useing LDAP we are using ume.
Waiting for your responce
Daniel
Hi Sunil,
See the following link for details on using CUP and IdM integration to provision SAP and non-SAP systems. Depending on the IdM system that you have, there may be delivered web services that allow you to push the request from CUP to IdM, so that your IdM system can complete the provisioning. Information is also available in the AC 5.3 Configuration Guide - Appendix A.
For Risk Analysis, you can define rules for non-SAP systems in RAR and use the Data Extractor functionality for this analysis. You can get details on the Data Extractor in the AC 5.3 Configuration Guide - Appendix B.
Erin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
In order to do this, you will need to have a custom RTA / agent in place to perform provisioning from CUP to non sap systems.
You can however, link your LDAP system as a repository for user authentication or finding user related information.
Simon
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Sunil,
I think you can achieve this as long as you don't try to use CUP to provisiong users into AD. You can go through workflow approval process and at the time of provisioning send the request to IdM solution. To check for SoD, you will have to set up roles, rules and users into RAR. RAR can not directly connect to AD so setting them up would be a manual job.
Alpesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.