Process Orchestration(PO) Integration with SAP GRC 12.0
Process Orchestration is Java based system and this can be integrated with GRC Access Control to use Access Request Management (ARM) functionality.
Below is the step-by-step configuration required for the integration:
Step 1 :
Required Components in Java System –
Please refer below note to get list of components to be installed in Java System
Step 2 :
Deploy the AC 12.0 web service and you will find the following in WS Navigator.
Copy shortcut. (It will be used in later stages.)
Step 3 :
Set up Access to the SPML Service on AS Java
- Create Technical User in PO system with Group Administrators.
- Create a role with Read/Write access to the SPML service: Spml_Read_Action and Spml_Write_Action and assign it to created technical user.
(Refer 1647157 – How to Set up Access to the SPML Service on AS Java – SAP ONE Support Launchpad for more information)
Step 4 :
Create a G type SM59 connector in GRC system. This will connect to the web service created in Step2 for AUTH extraction and password generation.
Step 5 :
Create a G type connector in SM59 for connecting EP’s SPML interface for PROV.
Add Technical user created in Step3 in Logon & Security tab as below.
Step 6 :
Maintain the Logical port for WS connector in tcode SOAMANAGER in GRC system
- Execute Tcode SOAMANAGER
- Click on Web Service Configuration
- Search for object name CO_GRAC_AD_AUTH_MGM_WEBSERVICE consumer proxy and click on it.
- Provide logical port name and other required details (Refer 2371225 – ESI – Logical Port configuration for Consumer Proxy in transaction SOAMANAGER [Video] – SAP ONE Support Launchpad for more details)
Step 7 :
Maintain Connector and Connection Types in tcode SPRO.
WS will be attached to the LPCONFIG end point (created in step 6). SPML1 logical port will be same as Target Connector.
Step 8 :
Step 9 :
Attach both the connectors (WS and SPML) to AUTH scenario.Make sure that the following classes are attached to the scenario:Step 10 :
Repeat same for PROV scenario.
Step 11 :
And for ROLMG scenario
Step 12 :
Maintain Connector Settings:
Step 13 :
Maintain Mapping of Actions and Connector Groups
Default connector is the one which will make a runtime call to get the F4 for system field names in figure below.
Define the field mapping for the group applicable to all the system in that group (F4 from default connector)
Step 14 :
Synchronize EP SPML Schema
Step 14 :
Now sync data from EP.
This is from WS connector.
The above mentioned steps will help you in integrating PO system with GRC Access Control for Access Request Management.
Quick check: For web service configuration, check Wsnavigator status. It should not be in stopped status.
Note : Please share your feedback or thoughts in a comment below.