cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PSS: Systems not displaying for password self-service

Former Member

on ‎04-06-2016 9:32 AM

0 Kudos

Hi GRC experts,

I am facing issues where systems are not showing in PSS request.


Steps done:

1. Group field mapping is configured as per the ldap configuration guide

2. Auth and role syncs are performed successfully for the ldap connector

3. Authorization object: GRAC_SYS assigned to the shared ID of the services.


Login to end user logon page is successful with <domain name>\<userid> is entered. Could it be that system names are not showing as it is looking for an exact match of <domain name>\<userid>? If yes, how to configure login without domain name entered on end-user logon page?


Any inputs or guide is much appreciated here.

Regards,

Debbie

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Patrick_Koyle
Explorer
‎04-06-2016 2:15 PM
0 Kudos

Debbie-

Have you validated that the connector/target systems are enabled for PSS?

SPRO->Governance, Risk and Compliance ->Access Control-> Maintain Connector Settings. Scroll to the right and see if PSS is enabled for the connector.

Regards, Patrick

Show replies
Show replies
Former Member
‎04-07-2016 3:14 AM
0 Kudos

Hi Patrick,

Yes, PSS is enabled for the connectors in Maintain Connector Settings.

I'm currently implementing GRC 10.1/SPS11. In addition to the steps applied, I have also followed the notes below to enable user authentication from AD (LDAP) 'til this point:

Steps done:

1. Group field mapping is configured as per the ldap configuration guide

2. Auth and role syncs are performed successfully for the ldap connector

3. Authorization object: GRAC_SYS assigned to the shared ID of the services.

4. Applied notes 1584110, 1604946, 1978357 to enable LDAP authentication upon login


I was able to successfully login to the end user logon page with <domain name>\<userid>


However, I see that user on the password reset request page displays with <domain name>\<userid>.

Does GRC verify based on the user to determine the systems to display in the request form? If yes, how do I configure to login without entering domain name?


Regards,

Debbie

Former Member
‎04-08-2016 8:35 AM
0 Kudos

Some updates.

I have applied SAP note: 2221261 and system list is showing in password reset page via t-code NWBC.

However, system list is still not showing for logged-in user via the end user logon page. How do I maintain default AD domain in GRC 10.1 ?

Former Member
‎04-06-2016 1:07 PM
0 Kudos

Debbie,

Thanks for tagging your question with GRC 10.1 and giving us some clue, but unfortunately that is not quite enough. Please see the Minimum Required Information document for discussions in this space; providing adequate information helps the SCN members, who are in most cases here as volunteers,  help you more efficiently. Thanks.

Gretchen Lindquist

Space Moderator

Show replies
Show replies
Ask a Question