- Products & services Products & services
- Resources Resources
- Community CommunityKnowledge
- Knowledge
- IdentityIQ wiki Discover crowd sourced information or share your expertise
- IdentityNow wiki Discover crowd sourced information or share your expertise
- File Access Manager wiki Discover crowd sourced information or share your expertise
- Submit an idea Get writing tips curated by SailPoint product managers
- Compass
- :
- Products
- :
- Connectors
- :
- SailPoint Connectivity Updates
- :
- SAP GRC Critical Update for Integration with GRC12 SP19 and Above
SAP GRC Critical Update for Integration with GRC12 SP19 and Above
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Content to Moderator
Dear Valued Customer,
We want to inform you about an important update regarding our SAP GRC integration, specifically with GRC version 12 SP19 and above.
SAP has introduced significant modifications in its SAP GRC version AC 12.0 SP19 and above in inactive users and sync job processes, which has affected our SAP GRC connector functionality adversely.
We have addressed the impacts of these changes and the fixes have been rolled out to staging and production for IdentityNow customers.
Details about the issues and fixes
Diable Operation
-
Issue: With the upgrade of GRC from AC12 SP19 & above, you may see System attribute on account schema as INACTIVE_USER for the aggregated accounts which are disabled only on highest priority system on SAP GRC
- Resolution: This issue is observed due to the Repository sync job changes introduced by SAP for updating their table values. For resolution, kindly ensure the changes on GRC and source configuration as below:
- Ensure that the Repository sync job is scheduled on your SAP GRC instance.
- The option for ‘Disable only Master’ system has been removed from the source config. UI without impacting existing customers’ configuration. We highly recommend you to revisit your source configuration for ‘Disable’ operations. The changes have been documented in Enable and Disable Account section
- Provide additional permissions required on the SAP Tables for GRC 12 SP19 and above for Aggregation and Disable operations. Kindly refer to our doc guide Configuration Table for SAP GRC section
Modify Operations
- Issue: SAP has introduced a new process where any modifications/changes in the user profile reflect in GRC tables only after completing the Repository sync job. This has adversely affected our connector operations
- Resolution: The following steps must be performed sequentially for a successful modify operation:
- Configure the Attribute Sync request on the user in IdentityNow for the GRC source. To configure the attribute sync request, refer to Synchronising Attributes - SailPoint Identity Services.
- Run the Repository Object Sync job on your GRC system
- Execute User Aggregation on your GRC source to get the updated values of the user attributes.
Link to our previous blog post which includes moe details and SAP KB Articles as attachments
Kindly reach out to your CSM or our support team for any queries or issues.
Sincerely,
SAP Integrations Team
-
Announcements
16 -
application onboarding
4 -
AWS
1 -
connectivity
3 -
Connectivity Product Release Highlights
1 -
Critical Update
1 -
Deprecation
1 -
FedRAMP
1 -
governing applications
1 -
identity security
1 -
Identity Security Cloud
4 -
IdentityIQ
2 -
ISC Identity Risk Connector
1 -
Microsoft Entra ID
1 -
Monthly Product Release Highlights
2 -
Navigate 2024
1 -
NetSuite
1 -
New SaaS Connector
1 -
New SaaS Connectors
2 -
Okta Connector
1 -
Oracle
1 -
SaaS connectors
1 -
SailPoint delivered SaaS Connectors
3 -
SAP Analytics Cloud
1 -
SAP governance
1 -
SAP GRC
1 -
SAP Integration
1 -
SAP integrations
1 -
SAP transformation
1 -
secrets manager
1 -
Security
1 -
Service Principals Account Management
1 -
time-to-value
1 -
Updates
6 -
vertical connectivity
1
- « Previous
- Next »
