Configuring Access Management

Configure the aggregation filters to determine which accounts are aggregated.

Note
These attributes will be aggregated from a custom Business Application Programming Interface(BAPI). Creating a Custom Business Application Programming Interface (BAPI) is required to aggregate on these values.

Note
For more information about obtaining these values, refer to Role Aggregation.

  1. Provide the list of Role Types(s), Business Process(es), and Sub Process(es) to aggregate by entering them using commas to separate the values.

    • Business Process(es) aggregate roles for only the specified business processes.

    • Sub Process(es) only aggregates roles for the specified sub processes.

  2. Specify the Aggregation Delimiter. The Aggregation Delimiter configuration is applicable only in the case of the '/SAILPOIN/SAIL_READ_TABLE' and the '/SAILPOIN/SAIL_READ_TABLE_LEG' Function Module.

  3. Specify the Access Request Priority. This is the 3-digit number that indicates the priority for all SAP GRC access requests triggered by SailPoint. The default is 006.

  4. (Optional) Specify the name of the BAPI configuration in BAPI Name. This allows you to aggregate based on additional account attributes such as Functional Area, User Group Assignments, and SNC-Name. For more information, refer to Creating a Custom Business Application Programming Interface (BAPI).

  5. Select the Enable/Disable users on all the SAP GRC connected-systems to Enable/Disable users on all the SAP GRC connected-systems. If unchecked, the connector will only enable/disable users on the master system. The default is selected for new applications.

  6. Select the Enable Additional Settings to Add/Remove the key or value in the Access Request Type Mapping, Provisioning Actions for Role, and Provisioning Actions for System sections. If left unchecked, the connector will take the default value. By default, the checkbox is unselected for new and existing applications.

  7. Select Save.

Configuring Risk Management for Provisioning Through GRC

Enable risk analysis so the connector can find whether the requested access has violations on IdentityIQ. For more information, refer to Configuring Risk Management for Provisioning Through GRC.

To enable risk management for provisioning, through GRC:

  1. Select GRC for Risk Analysis.

    This is disabled by default. If left disabled, the connector doesn't perform risk analysis during provisioning.

  2. Select Save.