Integrating SailPoint with SAP GRC

This integration is used to aggregate all the Users and Roles from the systems (SAP SCM, JAVA, SAP ERP HCM, and so on) connected to SAP GRC and facilitates their provisioning by creating requests in GRC irrespective if there is risk present or not, as illustrated in the following figure:

The figure explains the following methods:

1. User Aggregated from the GRC connected system.

2. Roles Aggregated from the GRC connected system.

3. Request sent for adding or removing access to the connected system.

4. Access Request ID created in GRC.

5. Requests wait and are queued until a response is issued by SAP GRC.

6. On the basis of the response returned from SAP GRC (approval or rejection in GRC ), SAP GRC provisions or rejects the request and the corresponding status is maintained in the SAP GRC source.

Note
SAP GRC IAG Bridge is an additional optional feature provided in the existing SailPoint SAP GRC connector. An existing SailPoint SAP GRC connector set up is a prerequisite for this feature.

SAP GRC IAG Bridge is an additional setup on top of an existing SAP Access Control (GRC) on-premise solution, which communicates with SAP Cloud Identity Access Governance (IAG). This feature extends access governance functionality to cloud systems in a hybrid landscape.

IAG Bridge is a SAP suggested approach for the customers who have invested heavily in SAP GRC access control, but now want to provide support for cloud applications as well. This configuration helps to perform risk analysis of user requests in IAG for connected SAP cloud systems using the SAP GRC system as a bridge.

The major benefit for this integration is that the source of truth for access requests and risk analysis remains to be SAP GRC, and IAG acts as secondary system to communicate with cloud applications. Separate licenses must be procured from SAP for both GRC and IAG systems to use this feature.