https://raw.githubusercontent.com/ajmaradiaga/feeds/main/scmt/topics/SAP-Cloud-Identity-Access-Governance-qa.xmlSAP Community - SAP Cloud Identity Access Governance2024-05-20T11:12:25.798354+00:00python-feedgenSAP Cloud Identity Access Governance Q&A in SAP Communityhttps://community.sap.com/t5/technology-q-a/sac-repsync-job-error/qaq-p/12806626SAC_REPSYNC job error2023-08-11T07:53:53+02:00plaban_sahoohttps://community.sap.com/t5/user/viewprofilepage/user-id/795565Hi All,
<BR />Rep sync job gives the below error for SAC. Could you please suggest on this
<BR />log:
<BR />Error occurred during group sync: Service call return code : 500
<BR />Error occurred during user sync: Service call return code : 500
<P>Note: proxy system, BTP destination and Application are set up as per integration guide at SAP help library</P>
<BR />Regards
<BR />
<P>Plaban</P>2023-08-11T07:53:53+02:00https://community.sap.com/t5/technology-q-a/azure-as-idp-for-btp-iag/qaq-p/12750984Azure as IDP for BTP/IAG2023-08-23T08:55:07+02:00plaban_sahoohttps://community.sap.com/t5/user/viewprofilepage/user-id/795565<P>Hi All,</P>
<P>i have set-up Azure as IDP for IAS . And then have IAS as IDP for BTP/IAG. Can you please suggest if this set-up can allow Azure users(corporate) users to login to IAG</P>
<P>And can this framework be used to set up other apps as IDP, such as SAC, S4 Hana cloud, etc</P>
<P>i have been through the below and related blogs.But would like to confirm the same for a proposal</P>
<P><A href="https://developers.sap.com/tutorials/cp-ias-azure-ad.html" rel="noopener noreferrer">Connect Azure Active Directory to Identity Authentication Service | Tutorials for SAP Developers</A></P>
<P>Regards</P>
<P>Plaban</P>2023-08-23T08:55:07+02:00https://community.sap.com/t5/technology-q-a/cronus-configuration-for-email-notifications/qaq-p/12756603Cronus Configuration for Email Notifications2023-09-08T15:15:47+02:00Blanca_Ahttps://community.sap.com/t5/user/viewprofilepage/user-id/18052<P>Hello Team,</P>
<P>Kindly requesting your feedback on the following: </P>
<P><STRONG>Is it possible to configure Cronus(Hosted in SAP Network) in BTP for IAG email notifications?</STRONG></P>
<P>Regards,</P>
<P>Blanca</P>2023-09-08T15:15:47+02:00https://community.sap.com/t5/technology-q-a/grc-iag-use-of-btp-destination-called-iagauthservice/qaq-p/12802821GRC-IAG: Use of BTP destination called IAGAuthService2023-09-22T12:44:20+02:00plaban_sahoohttps://community.sap.com/t5/user/viewprofilepage/user-id/795565<P>Hi All,</P>
<P>in GRC -IAG bridge scenario, the note 3155715 mentions that >Administration -> Configuration->Application Parameters –> Configuration Group – Security – Parameter Value – Yes. But Parameter 1090 as YES also allows GRC AC to ask IAG to conduct the risk analysis.</P>
<P>In addition, what does the BTP destination IAGAuthService play a part in this Bridge scenario? GRC already uses the other 2 RFC for estanblishing connection with IAS. So, please help with the need of IAGAuthService </P>
<P>Regards</P>
<P>Plaban</P>2023-09-22T12:44:20+02:00https://community.sap.com/t5/technology-q-a/provisioning-to-cloud-apps-without-iag/qaq-p/12742740Provisioning to Cloud apps without IAG2023-09-28T16:50:54+02:00plaban_sahoo6https://community.sap.com/t5/user/viewprofilepage/user-id/245157<P>Can Hi All, i have a requirement of provisioning to IAS and BTP Cloudfoundry using IPS, but without using IAG. </P>
<P>A necessity is that Roles should be provisioned to IAS and BTP via GRC /IAG</P>
<P>Can you please suggest if this can be achieved. If yes, please provide the solutions.</P>
<P>Regards</P>
<P>Plaban</P>2023-09-28T16:50:54+02:00https://community.sap.com/t5/enterprise-resource-planning-q-a/create-worker-without-business-user-cb-user-in-3sl-public-cloud/qaq-p/12759082Create worker without business user (CB user) in 3SL Public cloud2023-09-29T11:25:59+02:00IncharaBKhttps://community.sap.com/t5/user/viewprofilepage/user-id/148800<P>Hi All,</P>
<P>Please let me know how we can do a mass import for the creation of Workers and not the business user.</P>
<P>We need only worker to be created but business user is not required. Which template needs to be used for this in 'Manage Workforce' App?</P>
<P>We are using S/4 HANA 3SL Public cloud System.</P>
<P>Please advise.</P>
<P>Thank you. </P>2023-09-29T11:25:59+02:00https://community.sap.com/t5/technology-q-a/sap-iag-ips-provisioning-to-cloud-system/qaq-p/12759967SAP IAG, IPS: Provisioning to cloud system2023-10-01T06:35:20+02:00plaban_sahoohttps://community.sap.com/t5/user/viewprofilepage/user-id/795565<P>Hi All,</P>
<P>Please advise if SAP IPS can provision to cloud apps without SAP IAG. And if so, please help how.</P>
<P>Regards</P>
<P>Plaban</P>2023-10-01T06:35:20+02:00https://community.sap.com/t5/technology-q-a/sap-commerce-cloud-integration-with-iag/qaq-p/12810811SAP Commerce Cloud: Integration with IAG2023-10-31T11:16:29+01:00plaban_sahoohttps://community.sap.com/t5/user/viewprofilepage/user-id/795565<P>Hi All, As there is no standard integration between IAG and SAP Commerce Cloud as per IAG Admin and Integration guide at below link, can you please suggest if the same can be added as a SCIM application, and then be integrated with GRC via IAG Bridge <A href="https://help.sap.com/docs/SAP_CLOUD_IDENTITY_ACCESS_GOVERNANCE/e12d8683adfa4471ac4edd40809b9038/37e4c466f8294eed88d284650d0c7070.html" target="test_blank" rel="noopener noreferrer">https://help.sap.com/docs/SAP_CLOUD_IDENTITY_ACCESS_GOVERNANCE/e12d8683adfa4471ac4edd40809b9038/37e4c466f8294eed88d284650d0c7070.html</A></P>
<P>My objective is to provision users to AP Commerce Cloud via IAG. Please suggest if IAG is capable for the same.</P>
<P>Regards</P>
<P>Plaban</P>2023-10-31T11:16:29+01:00https://community.sap.com/t5/technology-q-a/grc-iag-risk-analysis-using-both-at-same-time/qaq-p/12747780GRC-IAG: Risk analysis using both at same time2023-11-08T09:59:59+01:00plaban_sahoohttps://community.sap.com/t5/user/viewprofilepage/user-id/795565<P>Hi All,</P>
<P>In my GRC-IAG Bridge scenario, can i use GRC AC for risk analysis for my on-prem systems and use IAG for risk analysis for cloud apps. And can i use both GRC AC and IAG for provisioning to their respective On-prem and cloud apps</P>
<P>Regards</P>
<P>Plaban</P>2023-11-08T09:59:59+01:00https://community.sap.com/t5/financial-management-q-a/iagauthservice-and-extended-authorizations-for-bridge-scenario/qaq-p/12750423IAGAuthService and Extended authorizations for Bridge scenario2023-11-11T09:04:25+01:00plaban_sahoohttps://community.sap.com/t5/user/viewprofilepage/user-id/795565<P>Hi All,</P>
<P>i am unable to co-relate IAGAuthService and SAP note (<A href="https://me.sap.com/notes/3155715" rel="noopener noreferrer">3155715 - Extended authorizations for Bridge scenario - SAP for Me</A>). Can you please suggest on the same,</P>
<P>And what does Extended mean in <STRONG>Extended Authorization for Bridge Scenario.</STRONG></P>
<P><STRONG>My understanding is As a GRC AC end-user i raise a access request which triggers a call to IAG for risk analysis. This authentication call is performed by IAG_SOD_AUTH. And then IAG_SOD_CHECK is used to call the risk/Access analysis service. </STRONG></P>
<P><STRONG>But the note says(as below screenshot) that only when the config. is done end users can do risk analysis and that too with auth? Which id is to be assigned Auth. And why does the note mentions to have </STRONG>IAGAuthService(is a Destination created in BTP Subaccount pointing to IAS. is not clear.</P>
<P><IMG class="migrated-image" src="https://community.sap.com/legacyfs/online/storage/attachments/storage/7/attachments/2229629-image.png" /></P>
<P>Regards</P>
<P>Plaban</P>2023-11-11T09:04:25+01:00https://community.sap.com/t5/technology-q-a/using-sap-iag-with-sap-ecc/qaq-p/12777946Using SAP IAG with SAP ECC2023-12-11T19:12:19+01:00former_member844066https://community.sap.com/t5/user/viewprofilepage/user-id/844066<PRE><CODE>Hello everyone, everything good? It is possible to use SAP IAG with SAP ECC or use IAG and only for S4 Hana.
Thanks!</CODE></PRE>2023-12-11T19:12:19+01:00https://community.sap.com/t5/technology-q-a/how-role-designer-iag-works/qaq-p/12819032How Role Designer IAG works?2024-01-08T16:53:10+01:00former_member844066https://community.sap.com/t5/user/viewprofilepage/user-id/844066<P>Good afternoon, I would like to know if IAG has simple role maintenance like it does in GRC AC BRM or if the way they are created has changed. I read documentation that IAG only uses Business Role in the Role Designer module, it this correct?</P>
<P>There are some functional documentation I can consult?</P>
<P>Thaks.</P>2024-01-08T16:53:10+01:00https://community.sap.com/t5/technology-q-a/mitigation-control-assignment-in-grc-iag-bridge-call/qaq-p/13590898Mitigation Control assignment in GRC-IAG Bridge Call2024-02-01T12:30:31.848000+01:00plaban_sahoohttps://community.sap.com/t5/user/viewprofilepage/user-id/795565<P>Hi All</P><P>i would also like to know if there is a access request that is passed over to IAG in a bridge call. if so, can IAG apply the Mit. control in the same access request</P><P>Or GRC AC will only assign the mitigation control in the access request after receiving the risk analysis result from IAG</P><P>Regards</P><P>Plaban</P><P> </P>2024-02-01T12:30:31.848000+01:00https://community.sap.com/t5/technology-q-a/in-iag-pam-is-there-possibility-to-enable-mandatory-approval-of-2-or-more/qaq-p/13627592In IAG PAM, is there possibility to enable mandatory approval of 2 or more approver’s approval.2024-03-05T02:21:51.297000+01:00Rajendra_https://community.sap.com/t5/user/viewprofilepage/user-id/1408943<P>Hi </P><P>In IAG PAM, is there possibility to enable mandatory approval of 2 or more approver’s approval.</P><P>currently in access request workflow, if there are 2 approvers configured for PAM ID, then if one approver approve in role owner stage the workflow gets completed. We have requirement of both the approver required to approve . Pls suggest whethe this feature is there similar to onprem GRC access control</P><P>#IAG #IAGPAM #IAGWF</P>2024-03-05T02:21:51.297000+01:00https://community.sap.com/t5/technology-q-a/mass-update-app-in-sap-iag/qaq-p/13630749Mass Update app in SAP IAG2024-03-07T07:05:49.356000+01:00surya_appalahttps://community.sap.com/t5/user/viewprofilepage/user-id/218315<P>Hi Experts, </P><P>While accessing Mass update application in SAP IAG, selected entity type as Business role --> Launch guided process, it throws an error as shown in the screen shot. </P><P>I have IAG_MASSUPDATE role mapped to a role collection and assigned to my ID. Any other role to be assigned? Please help. Thank you. </P><P>Regards,</P><P>Surya</P>2024-03-07T07:05:49.356000+01:00https://community.sap.com/t5/technology-q-a/grc-iag-bridge-sf-repsync-does-not-show-role-imported-in-brm/qaq-p/13644678GRC IAG Bridge: SF RepSync does not show role imported in BRM2024-03-20T17:16:05.742000+01:00plaban_sahoohttps://community.sap.com/t5/user/viewprofilepage/user-id/795565<P>Hi All,</P><P>GRC 12, SP20</P><P>Although rep sync job from GRC shows as successful, GRACROLE does not show the static group imported. However, GRACRLCONN does. The IAG role import was tick marked during the rep sync job. </P><P>FYI, my SF connector is maintained in IAG_GRP Connector type.</P><P>Can you please suggest on this. And also the class/interface required to maintain in Integration Scenario ROLMG for Connector type IAG_GRP</P><P>Regards</P><P>Plaban</P><P> </P>2024-03-20T17:16:05.742000+01:00https://community.sap.com/t5/technology-q-a/common-master-data-and-master-data-for-access-control-access-analysis-in/qaq-p/13661055Common Master data and Master data for access control, access analysis in IAG2024-04-05T22:14:09.627000+02:00akshay_mohnothttps://community.sap.com/t5/user/viewprofilepage/user-id/1402965<P>I am implementing IAG for one of my clients. I have most of the configuration but am stuck at maintenance of common master data and master data separately for access analysis, access control and PAM. I am not sure where do I have to maintain that data. Any help will be highly appreciated.</P><P> </P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="upload_community.PNG" style="width: 999px;"><img src="https://community.sap.com/t5/image/serverpage/image-id/92249i5F1FB4650B62280A/image-size/large?v=v2&px=999" role="button" title="upload_community.PNG" alt="upload_community.PNG" /></span></P>2024-04-05T22:14:09.627000+02:00https://community.sap.com/t5/technology-q-a/how-to-use-2-ias-tenants-in-single-grc-iag-bridge-for-access-provisioning/qaq-p/13673441How to use 2 IAS tenants in single GRC-IAG bridge for access provisioning in Nonprod and prod system2024-04-17T15:22:43.486000+02:00raman_selvamhttps://community.sap.com/t5/user/viewprofilepage/user-id/636302<P>Is it possible to use 2 different IAS (Non-Prod & Prod) tenants in single GRC-IAG bridge setup.<BR /><BR />If yes, how GRC system will identify which IAS to check if single GRC-IAG Bridge system is used for access provisioning to both Non-Prod or Production cloud systems as both cloud systems will have different IAS tenants as source for user data.</P><P> </P>2024-04-17T15:22:43.486000+02:00https://community.sap.com/t5/technology-q-a/sap-application-user-provision-based-on-application-role-via-entra-id/qaq-p/13679713SAP Application User provision based on Application Role via Entra ID2024-04-23T17:22:07.846000+02:00Parinhttps://community.sap.com/t5/user/viewprofilepage/user-id/1442199<P>Hi Team,</P><P>As SAP IDM is expected to retire soon in the coming years, wanted to know possibility of it being replaced by Entra ID ( azure AD).</P><P>SAP IDM and SAP applications including security components - SAP GRC and IAG are very well integrated with each other as they are a part of same family.</P><P>Wanted to know if Entra ID can replace SAP IDM , with respect to tasks like :</P><P>1. Informing SAP IPS system to provision users to target application based on approval/deny event from SAP GRC or SAP IAG.</P><P>Is this possible with Entra Id ? How does the SAP Application role information flow from SAP GRC / IAG to Entra ID is it even possible ?</P><P> </P>2024-04-23T17:22:07.846000+02:00https://community.sap.com/t5/enterprise-resource-planning-q-a/trm-treasury-management-risks-and-functions-for-sap-iag-or-grc/qaq-p/13687774TRM(Treasury management ) risks and functions for SAP IAG or GRC2024-04-30T21:43:55.370000+02:00akshay_mohnothttps://community.sap.com/t5/user/viewprofilepage/user-id/1402965<P>Hi Guys, can anyone share TRM(Treasury management ) risks and functions for SAP IAG or GRC.I have to implement it but have not idea. I saw a post by madhusap by he didn't give the risks or functions. Would really appreciate any help</P>2024-04-30T21:43:55.370000+02:00