Additional Information

Enable and Disable Account

Modify Account

Note

  • This is applicable for SAP GRC AC12 SP19 and above versions.

  • Modify Attributes only supports updating the values of the attributes on the user’s highest priority connector. For example, the System value for the user.

SAP has introduced a new process where any modifications in the user attributes reflect in GRC tables only after completing a Repository Sync Job from the GRC side.

The following steps must be performed sequentially for a successful modify operation:

  1. Configure the Attribute Sync request on the user in Identity Security Cloud for the GRC source. To configure the attribute sync request, refer to Synchronizing Attributes - SailPoint Identity Services.

  2. Run the Repository Object Sync job on your GRC system

  3. Execute User Aggregation on your GRC source to get the updated values of the user attributes.

Provisioning Multiple Systems using User Group Attribute

The SAP GRC connector supports modification of the User Group attribute for multiple systems. To enable this functionality, follow these steps:

  1. Pass the User Group attribute as a list in the provisioning plan:

    Copy
    <AttributeRequest name="User Group" op="Set">
        <Value>
            <List>
                <String>systemNameA/GroupName1</String>
                <String>systemNameB/GroupName2</String>
            </List>
        </Value>
    </AttributeRequest>
  2. Set the setUserGroupInUserInfo flag to true in the source configuration:

    Key=setUserGroupInUserInfo

    Value=true

    The setUserGroupInUserInfo is a boolean attribute.

    Note
    The setUserGroupInUserInfo flag must be set to true for the provisioning of multiple systems to be supported.

Firefighter ID Configuration

  1. Enable the Manage Firefighter IDs setting to aggregate and provision Firefighter IDs where applicable. By default, this checkbox is unselected for new and existing applications.

  2. Enter Firefighter ID with days to configure the Validity Period in Days for Firefighter ID or Superuser Access in days.

    This setting overrides SAP GRC configurations when applied in Identity Security Cloud. If no value is provided, the system defaults to the standard SAP GRC Firefighter ID validation period (days). The start date is automatically set to the current system date, and the end date is determined by adding the specified number of days.

  3. Enter the Firefighter ID Access Request Priority, which is a 3-digit number that indicates the priority for all SAP GRC FFID access requests triggered by Identity Security Cloud. The default value is 006.