09-10-2012 7:17 PM
Hello,
I currently administer the GRC 5.3 Access Control for my company. One of the concerns with this tool is that it doesn't conform with a couple of our Security Policies/standards. More specifically,the auto-provisioning at the end of the request process is enabled and the user receives an auto-email with their user ID and password. The (GRC) tool uses a group mailbox to send messages to users, but the messages being sent especially the ones with the User ID & Password are not encrypted thus non-compliant to the aforementioned policy. My question is... is there a way to change the message template (just like the other templates) to not include the user ID since this part of the credentials should already be known to the user? Also, is there a way to encrypt/secure the messages at the tool level or is this an issue that should be resolved at the mailbox level (my company uses outlook 2007)?
I also wonder how GRC 10 handles the communication of the credentials (ID & password) and whether it has an option to secure this communication.
Thank you in advance for your help.
09-11-2012 11:27 AM
Hi Renis,
You may choose the link to be sent instead-From Configuration tab->E-mail reminder Page-> Closing Tab Screen,You need to set the 'Send Password in mail' to 'NO', will send a link to the User, when the Password is reset.I have appended a screenshot for your convenience.
Kindly also check SAP note 1253720- Compliant User Provisioning 5.3-Supressing Password Email
Best Regards,
Saksham
09-11-2012 11:27 AM
Hi Renis,
You may choose the link to be sent instead-From Configuration tab->E-mail reminder Page-> Closing Tab Screen,You need to set the 'Send Password in mail' to 'NO', will send a link to the User, when the Password is reset.I have appended a screenshot for your convenience.
Kindly also check SAP note 1253720- Compliant User Provisioning 5.3-Supressing Password Email
Best Regards,
Saksham
09-11-2012 7:30 PM
Saksham,
Thank you for your response. Actually I was already aware of that functionality, but the problem is that it doesn't address the issue. I was able to find a way to modify the communication (containing the user id and password) using the info on the note below:
Note 1253720 - Compliant User Provisioning 5.3-Supressing Password Email
09-12-2012 8:14 AM
Hi Renis,
Please view the code: 1032 as given in SAP Note: 1253720 and remove the text 'your ID is #_!' from the file, screenshot is shown below:-
Let us know if it resolves the issue.
Best Regards,
Akhil Chopra