on 10-07-2010 5:20 AM
System : SAP GRC 5.3 SP 12..
We have requirement where in we need to design a workflow for creation of New SAP ID.
The Naming convention followed for SAP ID is FIRST LETTER of FIRST NAME and LAST NAME with maximum 8 characters.
For Eg
JOHN SMITH would have SAP ID as JSMITH
JERRY SMITH would have SAP ID as JSMITH01
The requirement here is when user fill the REQUEST FORM for NEW User ID there is field where in the requestor need to put the desired SAP ID,
Can a validation be set OR Logic be written so that user can put the SAP ID as per the naming convention..?
Also , any other solution as to how the situtation can be handled in CUP...
Regards.
Ajit
Hi Ajit,
With current design of CUP, we can not force user to follow naming convention.
Only validation that is possible is if it is new account request and user has type a userid that already exist than error/warning can be displayed. Configuration-> Auto provisioning-> account validation is setting for that.
Kind Regards,
Srinivasan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Srinivasan..
Can we look for an option where we maitain field for the ID in Active Directory and pull it in the request form?
OR
The Employees put in the EMPLOYEE CODE in SAP ID field , submits the request and last stage it come to Security Admin for AUTO PROVISION. Security Admin then replaces the EMPLOYEE CODE with SAP ID before AUTO PROVISIONING?
REGARDS
Ajit
Hi Ajit,
Yes, you can maintain the user ID in the Active Directory. User id will be now auto populated in the request form, from Active Directory when we data Source is LDAP -Actice directory. So when user login to end user form to create a request, It's all information( user details + manager details ) will fetched from Active Directory.
It is not possible to change userid in later stage of approval in the request.
You can have security as final stage and guide them to create user manually as per naming convention.
Make auto provisioning OFF in CUP
Kind Regards,
Srinivasan
Hi Ajit,
To add to Srinivasan's answer, you can connect to a LDAP and pull the usernames from it. However, if you have an existing setup, where a different convention is followed, this solution will not work.
You have to first fix the user names in the LDAP and then start using the Workflows in CUP.
Rgds,
Raghu
Hi Ajit,
Yes, it is possible. You can maintain one field in LDAP that is specific for SAP User id. You can maintain this filed as per the naming convention that u want. Now my LDAP mapping you can map this filed to SAP ID in CUP.
For doing this go to configuration-> field mapping->LDAP mapping.
Now define the new field name for User id mapping. In the request this filed value will come for user id.
Kind Regards,
Srinivasan
Ajit,
Also, you have to do the following configuration to pull all users from LDAP (Active Directory):
Goto Configuration -->user data source. In the options choose users data from LDAP alone or multiple system data too.
However, Approvers IDs should be maintained in UME only . There are no other options in this case.
Hope this clarifies.
Regards,
Raghu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.