cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP GRC User Authentication Schema

Former Member

on ‎12-10-2010 4:56 AM

0 Kudos

Dear Experts,

We are in process of implementing SAP GRC. We are going for for Single GRC instance which will talk with multiple SAP R/3 instances. (Two of our group companies are going for same GRC server).

We have option of using Compliant User Provisioning module of GRC AC to SAP or LDAP . Our LDAP is not that robust but our SAP is quite strong and has all users already created in it.

Other group companies still doesnt have all users mapped in SAP R/3. For us best option is to use SAP for CUP but our consultant s are saying CUP cant talk with multiple SAP system for user authentication.

I feel SAP GRC being a higher level solution shall have functionality to connect multiple SAP systems as this is common scenario for large scale companies.

Can you experts pl help me in understanding this in detail

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎12-11-2010 4:13 AM
0 Kudos

Dear Amol,

Also if you use SAP R/3 the user will not be able to use Password Self service option of CUP incase he forgets his password. Anyways you are using LDAP as authentication system for your users to login into the Windows. So the problem of system being Mature or robust can arise in case of logging into the your Windows system also.

To conclude I would recommend using LDAP as the Authentication as it has been a proven product and we had used it in last four implementations as Authentication system and where we haven't encountered any problem till date.

Show replies
Show replies
koehntopp
Product and Topic Expert
Product and Topic Expert
‎12-11-2010 8:49 AM
0 Kudos

I agree - using SAP as an authentication system is - at best - a kludge until you come up with a proper LDAP based mechanism.

Frank.

koehntopp
Product and Topic Expert
Product and Topic Expert
‎12-10-2010 8:13 AM
0 Kudos

Using multiple SAP systems for authentications is a difficult option - there's no way of telling what happens in case of duplicate IDs (users may have the same ID in both systems, or it may be different users!).

Your best option is to harmonize users in one system. That might be a CUA system, or better yet, make sure your ActiveDirectory is up to the job. I guess you're using it to authenticate Windows users when they login to their PC? If so, that's going to be your best option. There also is a report in R/3 that can replicate your existing users into LDAP.

Frank.

Show replies
Show replies
Former Member
‎12-10-2010 10:41 PM
0 Kudos

Authentication with multiple SAP systems is not available. I think it's a valid requirement and you should reach out to SAP. It should work the same way as mutilple LDAP in authentication or multiple datasource under user details data source.

For now, you should follow Frank's suggestion and go with one of the options below:

1) Use the source of record company is using (some LDAP or IdM)

2) Sync users from SAP to LDAP using report 'RSLDAPSYNC_USER'.

Regards,

Alpesh

Ask a Question