cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Hooking up GRC Risk analysis only functionality with IDM 8.0

akhilseth
Explorer

on ‎07-28-2016 4:41 PM

0 Kudos

Hi All,

I have my IDM product already provisioning to the satellite connectors and my next ask is to hook up GRC10.1 with IDM 8.0 so any role assignment done in IDM will go the GRC for Risk analysis and then assigned to the user.

I also read from there different type of scenarios possible while hooking up IDM to GRC.After reading that we came to conclusion that we want to go with Centralized provisioning-Risk analysis only scenario.

I referred the IDM configuration guide and with the help of that I have configured GRC Repository in IDM and also VDS connection to GRC.Commons and Centralized job are also ran.

Question1:I am not able to figure out what else need to configure for GRC 10.1 hook up to IDM.

Question2: What different we will see in IDM after Jobs execution?

Question3: How I can visualize the whole expectation(Ex: Submit request-->Risk analysis done-->Result back to IDM-->Access Assigned)?

Appreciate your inputs here.

Thanks

Akhil Seth

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

normann
Advisor
Advisor
‎08-01-2016 9:11 PM
0 Kudos

Hi Akhil,

1. Are the satellite systems already connected to GRC as well? If so you only need to activate the web services starting with GRAC_ (you might no need all, you can see in VDS configuration somewhere which exactly are called) and to define the workflow on GRC.

2. The privileges that IdM is able to match to privileges in GRC will have a new attribute set, called MX_REPOSITORY_VALIDAT=GRC10 - which will cause those privileges to inherit the Validation Task (MX_VALIDATE_ADD_TASK) from this repository. Means when you assign one of those privileges, the AC Validation task will be started before the assignment will be provisioned.

3. Sorry, I dont understand this question. I try it the other way: In IdM you have a validation task and an add member task. The validation task is executed before the add member task. The validation task will be the validation task of the repository GRC10, since the privileges will inherit this task due to the attribute MX_REPOSITORY_VALIDAT. This task will be AC Validation and is going to be executed before the actual provisioning (ADD_MEMBER_TASK) of the repository of the privilege will be started.

This is all described in the config guide at http://help.sap.com/Download/Multimedia/saphelp_nwidmic_80/SAP_IDM_ConfigGuide.pdf on page 645

You can find some explanation about the whole eventing topic here: Member Event Handling - SAP Identity Management Configuration Guide - SAP Library and here Privilege and Role Assignment Attributes - SAP Identity Management Library - SAP Library

Regards

Norman

Show replies
Show replies
akhilseth
Explorer
‎08-01-2016 8:09 PM
0 Kudos

Is there any help available for the above queries on IDM8.0 integration with GRC please.

Akhil Seth

Show replies
Show replies
Ask a Question