We use Sail point as IAM Service to submit a GRC Access request when any user submit a Guidepost request with Business Role.
Excepted workflow:
Step 1: User submits a Guidepost request with necessary Business Role for access in SAP.
Step 2: Once the Guidepost request submitted successfully, IAM application SailPoint will come into picture by routing the Guidepost request to requestor manager.
Step 3: Once the Manager approves the Guidepost request then Automatically SailPoint will check if the Business Role is already assigned to user or not. If assigned then it will throw error and say that “Duplicate request will be skipped as the Business Role has been already assigned to user”
If the Role was not already assigned to the user in GRACUSERROLE Table which SailPoint refers to for aggregation. It will automatically create a Access request in SAP GRC with User and Business Role details.
Step 4: Once the Access request get triggered then it will be routed to Risk owners(if any risk for the users) and then It will be routed to Role owners after the Risk owner approval
Step 5: If Risk owner or Role owner rejects the request then access will not be granted and request will be closed automatically.
Current Workflow:
Step 1: User submits a Guidepost request with necessary Business Role for access in SAP.
Step 2: Once the Guidepost request submitted successfully, IAM application SailPoint will come into picture by routing the Guidepost request to requestor manager.
Step 3: Once the Manager approves the Guidepost request then Automatically SailPoint will check if the Business Role is already assigned to user or not. If assigned then it will throw error and say that “Duplicate request will be skipped as the Business Role has been already assigned to user”
If the Role was not already assigned to the user in GRACUSERROLE Table which SailPoint refers to for aggregation. It will automatically create a Access request in SAP GRC with User and Business Role details.
Step 4: Once the Access request get triggered then it will be routed to Risk owners(if any risk for the users) and then It will be routed to Role owners after the Risk owner approval
Step 5: If Risk owner or Role owner rejects the request then access will not be granted and request will be closed automatically.
Step 6 : Duplicate GRC Access request will be generated automatically next day with the Description in request saying “Requestor comments are not present. Modify user request from identity NOW”.
Because of Step 6 Risk/Role owners are getting the Duplicate request in their inbox and email notification is frustrating the Owners.
Error message in GRC Comments : “Requester comments are not present. Modify user request from IdentityNOW” or Requester comments are not present. Create user request from IdentityNOW
Can anyone help assist us here if you have come across this situation before?