Version 8.4
We have integrated SAP GRC with IdentityIQ with option of access management mode, IIQ is able to submit requests in GRC but unable to capture the request status from GRC, please let know if we need to configure SAP GRC workflows which are specific to risk analysis integration mode for access management as well
Have you imported the Workflow_SAPGRC_Integration.xml from IIQ_HOME/WEB-INF/config folder containing SAP GRC Data Generator and SAP GRC Request Executor workflows. If Yes then you will also have to update your Provisioning Approval Subprocess in your LCM Provisioning workflow to call these SAP GRC specific workflows. You can refer to steps included in integration documentation.
As @SanjeevEdgile mention, if you are implementing risk integration you should import workflows SAP GRC workflows.
As you can see in the documentation:
The standard LCM provisioning workflow does not support the SAP GRC integration. The following are the Custom workflows that are shipped with IdentityIQ to support this integration:
- SAP GRC Data Generator
- SAP GRC Request Executor
Please, check bellow documentation regarding ro configure Risk Analisys
Thanks for the reply @SanjeevEdgile, this is Access Management mode, not the Risk Analysis mode. For Access Management mode, I don’t think we need SAP GRC Data Generator and SAP GRC Request Executor workflows. Can you please let me know if my understanding is not correct.
For Access Management, application type SAP GRC is enough with option Access Mgmt and all the endpoints for access request, request details and etc. Please let me know if I’m missing any configuration
Hi @ismaelmoreno1 - this is not risk analysis integration, I’m looking for configuration for Access Management integration
In this case, when you submit a request, the status of the request in Sailpoint Identity IIQ would be Pending status, and the current step would be Approve and Provisioning Subprocess, because request is pending of Check Status of Queued Items workflow. This workflow is waiting your approval request from SAP GRC.
In this case, please check the values of the following arguments of “Check Status of Queued Items” workflow
provisioningMaxStatusChecks: The maximum number of times to check back with the queuing system for the current status of the queued request; -1 means infinite number of times (forever); this value is only used if no values are specified on the applications
provisioningStatusCheckInterval: The number of minutes to wait between status check attempts, in minutes; this value is only used if no values are specified on the applications
From other side, plese set trace level to this workflow to check when is executed and what values are returned.
Plese check following link for more details about Check Status of Queued Items workflow
Thank you so much for detailed information @ismaelmoreno1 , this really helped a lot to investigate, I will keep you posted on the progress.