Additional Information
Enable and Disable Account
Note
The Valid From or Valid To date must be present in the provisioning plan in the format SystemName/yyyyMMdd
to update the dates when the account is enabled or disabled.
-
Example AttributeRequest for single account disable/enable:
Copy<AttributeRequest name="Valid To" op="Set " value="systemName/20230101 "/>
-
Example Attribute Request for Multiple account disable/enable:
Copy<AttributeRequest name="Valid To" op="Set">
<Value>
<List>
<String>systemNameA/20501029</String>
<String>systemNameB/20231029</String>
<String>systemNameC/20301029</String>
</List>
</Value>
</AttributeRequest>
Note
The User Group or User Group Assignments must be present in the provisioning plan in the format SystemName/<Group name>
to update the dates when the account is disabled. Existing groups will be replaced with those provided in the provisioning plan.
-
Example attribute request to update the User Group:
<AttributeRequest name="User Group" op="Set">
<Value>
<List>
<String>systemNameA/GroupName1</String>
<String>systemNameB/GroupName2</String>
</List>
</Value>
</AttributeRequest>
-
Example attribute request to update the User Group Assignments:
<AttributeRequest name="User Group Assignments" op="Set">
<Value>
<List>
<String>systemNameA/GroupName1a</String>
<String>systemNameA/GroupName1b</String>
<String>systemNameB/GroupName2a</String>
<String>systemNameB/GroupName2b</String>
</List>
</Value>
</AttributeRequest>
The connector will disable all systems connected to SAP GRC.
To Remove All Roles When Account is Disabled, select the option to disable it, and all roles from the GRC account will be removed. Leave the option unselected to enable it.
Modify Account
Note
This is applicable for SAP GRC AC12 SP19 and above versions.
SAP has introduced a new process where any modifications in the user attributes reflect in GRC tables only after completing a Repository Sync Job from the GRC side.
The following steps must be performed sequentially for a successful modify operation:
-
Configure the
Attribute Sync
request on the user in Identity Security Cloud for the GRC source. To configure the attribute sync request, refer to Synchronizing Attributes - SailPoint Identity Services. -
Run the
Repository Object Sync
job on your GRC system -
Execute
User Aggregation
on your GRC source to get the updated values of the user attributes.
Note
Modify Attributes only supports updating the values of the attributes on the user’s highest priority connector. For example, the System
value for the user.