SAP Community - SAP Cloud Identity Access Governance

SAC_REPSYNC job error

2023-08-11T07:53:53+02:00

Hi All,
Rep sync job gives the below error for SAC. Could you please suggest on this
log:
Error occurred during group sync: Service call return code : 500
Error occurred during user sync: Service call return code : 500

Note: proxy system, BTP destination and Application are set up as per integration guide at SAP help library

Regards

Plaban

Azure as IDP for BTP/IAG

2023-08-23T08:55:07+02:00

Hi All,

i have set-up Azure as IDP for IAS . And then have IAS as IDP for BTP/IAG. Can you please suggest if this set-up can allow Azure users(corporate) users to login to IAG

And can this framework be used to set up other apps as IDP, such as SAC, S4 Hana cloud, etc

i have been through the below and related blogs.But would like to confirm the same for a proposal

Connect Azure Active Directory to Identity Authentication Service | Tutorials for SAP Developers

Regards

Plaban

Cronus Configuration for Email Notifications

2023-09-08T15:15:47+02:00

Hello Team,

Kindly requesting your feedback on the following:

Is it possible to configure Cronus(Hosted in SAP Network) in BTP for IAG email notifications?

Regards,

Blanca

GRC-IAG: Use of BTP destination called IAGAuthService

2023-09-22T12:44:20+02:00

Hi All,

in GRC -IAG bridge scenario, the note 3155715 mentions that >Administration -> Configuration->Application Parameters –> Configuration Group – Security – Parameter Value – Yes. But Parameter 1090 as YES also allows GRC AC to ask IAG to conduct the risk analysis.

In addition, what does the BTP destination IAGAuthService play a part in this Bridge scenario? GRC already uses the other 2 RFC for estanblishing connection with IAS. So, please help with the need of IAGAuthService

Regards

Plaban

Provisioning to Cloud apps without IAG

2023-09-28T16:50:54+02:00

Can Hi All, i have a requirement of provisioning to IAS and BTP Cloudfoundry using IPS, but without using IAG.

A necessity is that Roles should be provisioned to IAS and BTP via GRC /IAG

Can you please suggest if this can be achieved. If yes, please provide the solutions.

Regards

Plaban

Create worker without business user (CB user) in 3SL Public cloud

2023-09-29T11:25:59+02:00

Hi All,

Please let me know how we can do a mass import for the creation of Workers and not the business user.

We need only worker to be created but business user is not required. Which template needs to be used for this in 'Manage Workforce' App?

We are using S/4 HANA 3SL Public cloud System.

Please advise.

Thank you.

SAP IAG, IPS: Provisioning to cloud system

2023-10-01T06:35:20+02:00

Hi All,

Please advise if SAP IPS can provision to cloud apps without SAP IAG. And if so, please help how.

Regards

Plaban

SAP Commerce Cloud: Integration with IAG

2023-10-31T11:16:29+01:00

Hi All, As there is no standard integration between IAG and SAP Commerce Cloud as per IAG Admin and Integration guide at below link, can you please suggest if the same can be added as a SCIM application, and then be integrated with GRC via IAG Bridge https://help.sap.com/docs/SAP_CLOUD_IDENTITY_ACCESS_GOVERNANCE/e12d8683adfa4471ac4edd40809b9038/37e4c466f8294eed88d284650d0c7070.html

My objective is to provision users to AP Commerce Cloud via IAG. Please suggest if IAG is capable for the same.

Regards

Plaban

GRC-IAG: Risk analysis using both at same time

2023-11-08T09:59:59+01:00

Hi All,

In my GRC-IAG Bridge scenario, can i use GRC AC for risk analysis for my on-prem systems and use IAG for risk analysis for cloud apps. And can i use both GRC AC and IAG for provisioning to their respective On-prem and cloud apps

Regards

Plaban

IAGAuthService and Extended authorizations for Bridge scenario

2023-11-11T09:04:25+01:00

Hi All,

i am unable to co-relate IAGAuthService and SAP note (3155715 - Extended authorizations for Bridge scenario - SAP for Me). Can you please suggest on the same,

And what does Extended mean in Extended Authorization for Bridge Scenario.

My understanding is As a GRC AC end-user i raise a access request which triggers a call to IAG for risk analysis. This authentication call is performed by IAG_SOD_AUTH. And then IAG_SOD_CHECK is used to call the risk/Access analysis service.

But the note says(as below screenshot) that only when the config. is done end users can do risk analysis and that too with auth? Which id is to be assigned Auth. And why does the note mentions to have IAGAuthService(is a Destination created in BTP Subaccount pointing to IAS. is not clear.

Regards

Plaban

Using SAP IAG with SAP ECC

2023-12-11T19:12:19+01:00

Hello everyone, everything good? It is possible to use SAP IAG with SAP ECC or use IAG and only for S4 Hana.

Thanks!

How Role Designer IAG works?

2024-01-08T16:53:10+01:00

Good afternoon, I would like to know if IAG has simple role maintenance like it does in GRC AC BRM or if the way they are created has changed. I read documentation that IAG only uses Business Role in the Role Designer module, it this correct?

There are some functional documentation I can consult?

Thaks.

Mitigation Control assignment in GRC-IAG Bridge Call

2024-02-01T12:30:31.848000+01:00

Hi All

i would also like to know if there is a access request that is passed over to IAG in a bridge call. if so, can IAG apply the Mit. control in the same access request

Or GRC AC will only assign the mitigation control in the access request after receiving the risk analysis result from IAG

Regards

Plaban

In IAG PAM, is there possibility to enable mandatory approval of 2 or more approver’s approval.

2024-03-05T02:21:51.297000+01:00

In IAG PAM, is there possibility to enable mandatory approval of 2 or more approver’s approval.

currently in access request workflow, if there are 2 approvers configured for PAM ID, then if one approver approve in role owner stage the workflow gets completed. We have requirement of both the approver required to approve . Pls suggest whethe this feature is there similar to onprem GRC access control

#IAG #IAGPAM #IAGWF

Mass Update app in SAP IAG

2024-03-07T07:05:49.356000+01:00

Hi Experts,

While accessing Mass update application in SAP IAG, selected entity type as Business role --> Launch guided process, it throws an error as shown in the screen shot.

I have IAG_MASSUPDATE role mapped to a role collection and assigned to my ID. Any other role to be assigned? Please help. Thank you.

Regards,

Surya

GRC IAG Bridge: SF RepSync does not show role imported in BRM

2024-03-20T17:16:05.742000+01:00

Hi All,

GRC 12, SP20

Although rep sync job from GRC shows as successful, GRACROLE does not show the static group imported. However, GRACRLCONN does. The IAG role import was tick marked during the rep sync job.

FYI, my SF connector is maintained in IAG_GRP Connector type.

Can you please suggest on this. And also the class/interface required to maintain in Integration Scenario ROLMG for Connector type IAG_GRP

Regards

Plaban

Common Master data and Master data for access control, access analysis in IAG

2024-04-05T22:14:09.627000+02:00

I am implementing IAG for one of my clients. I have most of the configuration but am stuck at maintenance of common master data and master data separately for access analysis, access control and PAM. I am not sure where do I have to maintain that data. Any help will be highly appreciated.

How to use 2 IAS tenants in single GRC-IAG bridge for access provisioning in Nonprod and prod system

2024-04-17T15:22:43.486000+02:00

Is it possible to use 2 different IAS (Non-Prod & Prod) tenants in single GRC-IAG bridge setup.

If yes, how GRC system will identify which IAS to check if single GRC-IAG Bridge system is used for access provisioning to both Non-Prod or Production cloud systems as both cloud systems will have different IAS tenants as source for user data.

SAP Application User provision based on Application Role via Entra ID

2024-04-23T17:22:07.846000+02:00

Hi Team,

As SAP IDM is expected to retire soon in the coming years, wanted to know possibility of it being replaced by Entra ID ( azure AD).

SAP IDM and SAP applications including security components - SAP GRC and IAG are very well integrated with each other as they are a part of same family.

Wanted to know if Entra ID can replace SAP IDM , with respect to tasks like :

1. Informing SAP IPS system to provision users to target application based on approval/deny event from SAP GRC or SAP IAG.

Is this possible with Entra Id ? How does the SAP Application role information flow from SAP GRC / IAG to Entra ID is it even possible ?

TRM(Treasury management ) risks and functions for SAP IAG or GRC

2024-04-30T21:43:55.370000+02:00

Hi Guys, can anyone share TRM(Treasury management ) risks and functions for SAP IAG or GRC.I have to implement it but have not idea. I saw a post by madhusap by he didn't give the risks or functions. Would really appreciate any help