cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC System Access - Approach

Former Member

on ‎06-19-2014 7:06 AM

0 Kudos


Hi All,

My Scenario:

All users from LDAP are synced into GRC.

Users will access GRC system directly through NWBC and not through End user login page.

Users will be authenticated against LDAP credentials for logging into GRC.

Process:

1. Synch all users from LDAP to GRC
2. Give end users GRC NWBC URL. Since all users are synched into GRC, they can access GRC URL with LDAP credentials.

Is it possible to synch the users from LDAP to GRC system along with their LDAP passwords ?

Anyone worked on such scenario?

Regards,

Madan.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎06-19-2014 1:27 PM
0 Kudos

Hi Madan,

Yes, it possible to sync the users to GRC by integrating LDAP with GRC.

You can google to get many sources on how to establish the same.

To start with refer Note#1584110

Regards,

Ameet

Show replies
Show replies
Former Member
‎06-20-2014 2:39 AM
0 Kudos

Hi Ameet,

I know that users can be synced into grc. My question is more on whether users can be synced along with their passwords ??

Regards,

Madan.

Colleen
Advisor
Advisor
‎06-20-2014 2:53 AM
0 Kudos

Hi Madan

You are technically not synching their passwords in GRC component. You maintain a data source that leverages LDAP to a do a call for authentication.

GRC provides a set of webydnpros for end user functionality (access requests, password self service, etc) for Access Request Management. These webdynpros have a system user in SAP to authenticate and load and use the Data Source for LDAP to manage the login and load user information (as well as user sync jobs).

An end user will not have an SU01 account. Only your administrators and approvers would require a SAP SU01 user master in GRC.

Here's an example of the end user authentication for PSS from last year.

Regards

Colleen

Former Member
‎06-20-2014 3:33 AM
0 Kudos

Hi Colleen,

Thanks for the detailed explanation.

In the project I joined I saw below scenario:

Authentication from LDAP, user use LDAP User ID and Password to login. This login is not through end user login page but through GRC NWBC URL.

I was told that all LDAP users will be regularly synched to GRC system through a background job and these users login through GRC NWBC url using LDAP authentication.

End user login is not being used in this project.

So I am trying to understand how this can be achieved.

Synching the users to GRC and then authenticate them to login to GRC NWBC url through LDAP credentials.

Regards,

Madan.

Colleen
Advisor
Advisor
‎06-20-2014 3:44 AM
0 Kudos

Hi Madan

Is there an SAP Portal or some type of Single Sign-On in place?

Maybe it might be easier just to ask your project team how this works? I always value a team member who really wants to know the how and they why behind a solution

I'm probably not much help here as I'm going to end up playing a guessing game.

Regards

Colleen

Former Member
‎06-20-2014 4:22 AM
0 Kudos

Hi Colleen,

Actually I have joined a project where there was no hand over and I myself need to understand everything and document it

I am clear with all the things except this one as there is no documentation in place nor hand over.

Anyways I will check with basis guys if there was any portal or SSO setup configured for this.

Thanks a lot for taking your time in clarifying my queries.

Regards,

Madan.

Colleen
Advisor
Advisor
‎06-20-2014 4:47 AM
0 Kudos

Hi Madan

Your basis team should be able to identify the connectivity. I do wonder if it is more general SAP Security than specific to GRC

Let us all know how you go as it might be an idea for others to try

Regards

Colleen

Ask a Question