We are connecting to SAP GRC from SailPoint ISC for Lifecycle management.
We currently facing the issue that in case of update accounts ISC is always using the request type “Change Account” is used. But our requirement is to use another request type from SAP GRC for Account Attribute updates “Other user change” with Code “024” for example and for updates regarding role add/removal and deactivation we need to use the “Change Account” request type.
Anyone has an idea how to configure the SAP GRC for such actions to use the specific request types?
If you want 024 (“Other user change”) only for user attribute updates, you need to map it to the Modify/attribute path, and leave Role + Disable mapped to “Change Account”.
Steps:
In SAP GRC: SPRO > GRC > Access Control > User Provisioning > Define Request Type – confirm 024 exists and is configured.
In ISC (SAP GRC source) > Provisioning Settings: set the mapping so Modify user attributes uses 024, while Provisioning Actions for Role (add/remove) and Provisioning Actions for System (disable) stay on Change Account.
If you’re using the connector’s Modify Account feature, remember SAP only reflects those attribute changes after a Repository Sync Job, then you re-run aggregation (SailPoint calls this out for AC12 SP19+).