Configuration Parameters

For more information on obtaining the values of the Filter parameters, refer to Obtain the values for Filter Parameters .

For more information on obtaining the SAP GRC URLs, refer to Obtain the SAP GRC URLs in IdentityIQ.

Refer to SAP Secure Network Communication (SNC) for SAP Connector in IdentityIQ in the Compass community for prerequisites.

The following is a list of configuration parameters for SAP GRC:

Note
Attributes marked with * sign are mandatory attributes.

This is the 3-digit number that indicates the priority for all SAP GRC access requests triggered by IdentityIQ. Default: 006

End Point URL for SAP GRC Audit Log Web Service.

To get Mitigation details in IdentityIQ the audit log URL can be provided. This detail can be viewed in the Interaction section of the Access Request page.

The format of the URL will be as follows:

https://<SAP GRC Host Name>/sap/bc/srt/rfc/sap/GRAC_audit_logs_ws<WebService Binding URL>

Enter the name of a customized Business Application Programming Interface (BAPI). This allows you to aggregate based on additional account attributes such as Functional Area, User Group Assignments, and SNC-Name. For more information, refer to Creating a Custom Business Application Programming Interface (BAPI).

Enter comma separated values to aggregate roles for that specific business process only.

The Language code to be used while connecting. For Example, English = EN.

The Client ID to be used while connecting to SAP.

Select the checkbox to enable/disable users on all the SAP GRC connected systems. If the checkbox is unchecked it will only enable/disable users on the master system.

Select this checkbox to enable partial provisioning in SAP GRC Integration.

Enable Secure Network Communication.

The name of the Host where the SAP server is running.

Indicates what the application is used for:

  • Risk Analysis

  • Access Management

Represents the Quality of Protection (QOP) level and is defined as follows:

1 — Apply authentication only: The system verifies SailPoint's identity only. This is the lowest level of protection.

2 — Apply integrity protection (authentication): The system detects change or manipulation of the data which might have occurred between the two end points of communication.

3 — Apply privacy protection (integrity and authentication): The system encrypts the messages being transferred to make eavesdropping useless. This level of protection also includes integrity protection and is the maximum level of protection.

8 — Default Protection: Applies the default protection.

9 — Maximum Protection: Uses the value from snc/data_protection/max on the SAP application server.

Note
The SNC Quality of Protection, (SNC_QOP, QoP) indicates the level of protection to apply to a communication path. Some external security products do not support all levels of protection. If you request a quality of protection level that is higher than that which is supported by your security product, then the system uses the highest available protection level of your product instead.

The Name of the Function Module which you need to configure. The Default is 'SAILPOIN/SAIL_READ_TABLE'.

Number of records fetched in one page from the server. The Maximum supported value is 100000.

The Service Account password.

The polling interval in minutes to check the status of the request.

The End Point URL for the SAP GRC Request Detail Web Service.

The format of URL will be as follows:

https://<SAP GRC Host Name>/sap/bc/srt/rfc/sap/GRAC_request_details_ws<WebService Binding URL>

The name of the connector configured in the SAP GRC server which is treated as the Request Initiation System. This connector is configured in SPRO defined connectors or in the SM59 transaction code.

For more information, see Creating an RFC Connection on SAP GRC System.

The end Point URL for SAP GRC Access Risk Analysis Web Service.

The format of the URL will be as follows:

https://<SAP GRC Host Name>/sap/bc/srt/rfc/sap/GRAC_risk_analysis_wout_no_ws<WebService Binding URL>

The end Point URL for SAP GRC Access Role Details Web Service.

The format of the URL will be as follows:

https://<SAP GRC Host Name>/sap/bc/srt/rfc/sap//GRAC_ROLE_DETAILS_WS<WebService Binding URL>

Enter comma separated values to aggregate roles of that specific type only.

The end Point URL for SAP GRC Access Search Role Web Service.

The format of the URL would be as follows:

https://<SAP GRC Host Name>/sap/bc/srt/rfc/sap//GRAC_SEARCH_ROLES_WS<WebService Binding URL>

The path to the library which provides the SNC service. It internally signifies jco.client.snc_lib.

For example, the value to be passed is as follows:

  • On Microsoft Windows: C:/sapcryptolib/sapcrypto.dll (the location of the cryptographic library)

  • On UNIX: /opt/sailpoint/lib/custom/libsapcrypto.so (the location of the cryptographic library)

The SNC name generated on the SailPoint client side.

The SNC name of the SAP application server.

Enter comma separated values to aggregate roles for that specific sub process only.

(Access Management only)

The System number for the SAP installation.

The Service Account created in the SAP GRC server.

The end Point URL for the SAP GRC User Access Web Service.

The format of the URL will be as follows:

https://<SAP GRC Host Name>/sap/bc/srt/rfc/sap/GRAC_user_acces_ws<WebService Binding URL>