SAP GRC - Access management integration mode - IdentityIQ unable to poll the status of the request from GRC

Which IIQ version are you inquiring about?

Version 8.4

Share all details related to your problem, including any error messages you may have received.

We have integrated SAP GRC with IdentityIQ with option of access management mode, IIQ is able to submit requests in GRC but unable to capture the request status from GRC, please let know if we need to configure SAP GRC workflows which are specific to risk analysis integration mode for access management as well

Have you imported the Workflow_SAPGRC_Integration.xml from IIQ_HOME/WEB-INF/config folder containing SAP GRC Data Generator and SAP GRC Request Executor workflows. If Yes then you will also have to update your Provisioning Approval Subprocess in your LCM Provisioning workflow to call these SAP GRC specific workflows. You can refer to steps included in integration documentation.

hi @irappahosamani

As @SanjeevIAM mention, if you are implementing risk integration you should import workflows SAP GRC workflows.

As you can see in the documentation:

The standard LCM provisioning workflow does not support the SAP GRC integration. The following are the Custom workflows that are shipped with IdentityIQ to support this integration:

  • SAP GRC Data Generator
  • SAP GRC Request Executor

Please, check bellow documentation regarding ro configure Risk Analisys

Configuring Risk Analysis (sailpoint.com)

Thanks for the reply @SanjeevIAM, this is Access Management mode, not the Risk Analysis mode. For Access Management mode, I don’t think we need SAP GRC Data Generator and SAP GRC Request Executor workflows. Can you please let me know if my understanding is not correct.

For Access Management, application type SAP GRC is enough with option Access Mgmt and all the endpoints for access request, request details and etc. Please let me know if I’m missing any configuration

Hi @ismaelmoreno1 - this is not risk analysis integration, I’m looking for configuration for Access Management integration

Hi @irappahosamani

In this case, when you submit a request, the status of the request in Sailpoint Identity IIQ would be Pending status, and the current step would be Approve and Provisioning Subprocess, because request is pending of Check Status of Queued Items workflow. This workflow is waiting your approval request from SAP GRC.

In this case, please check the values of the following arguments of “Check Status of Queued Items” workflow

provisioningMaxStatusChecks: The maximum number of times to check back with the queuing system for the current status of the queued request; -1 means infinite number of times (forever); this value is only used if no values are specified on the applications

provisioningStatusCheckInterval: The number of minutes to wait between status check attempts, in minutes; this value is only used if no values are specified on the applications

From other side, plese set trace level to this workflow to check when is executed and what values are returned.

Plese check following link for more details about Check Status of Queued Items workflow

LCM Subprocess Workflows - Compass (sailpoint.com)

Thank you so much for detailed information @ismaelmoreno1 , this really helped a lot to investigate, I will keep you posted on the progress.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.