Skip to Content
Technical Articles
Author's profile photo Nidhi Kumari

Process Orchestration(PO) Integration with SAP GRC 12.0

Process Orchestration is Java based system and this can be integrated with GRC Access Control to use Access Request Management (ARM) functionality.

Below is the step-by-step configuration required for the integration:

Step 1 :

Required Components in Java System –

Please refer below note to get list of components to be installed in Java System

Step 2 :

Deploy the AC 12.0 web service and you will find the following in WS Navigator.

Copy shortcut. (It will be used in later stages.)

Step 3 :

Set up Access to the SPML Service on AS Java

  1. Create Technical User in PO system with Group Administrators.
  2. Create a role with Read/Write access to the SPML service: Spml_Read_Action and Spml_Write_Action and assign it to created technical user.

(Refer 1647157 – How to Set up Access to the SPML Service on AS Java – SAP ONE Support Launchpad for more information)

Step 4 :

Create a G type SM59 connector in GRC system. This will connect to the web service created in Step2 for AUTH extraction and password generation.

Step 5 :

Create a G type connector in SM59 for connecting EP’s SPML interface for PROV.

Add Technical user created in Step3 in Logon & Security tab as below.

Step 6 :

Maintain the Logical port for WS connector in tcode SOAMANAGER in GRC system

  1. Execute Tcode SOAMANAGER
  2. Click on Web Service Configuration
  3. Search for object name CO_GRAC_AD_AUTH_MGM_WEBSERVICE consumer proxy and click on it.
  4. Provide logical port name and other required details (Refer 2371225 – ESI – Logical Port configuration for Consumer Proxy in transaction SOAMANAGER [Video] – SAP ONE Support Launchpad for more details)

Step 7 :

Maintain Connector and Connection Types in tcode SPRO.

WS will be attached to the LPCONFIG end point (created in step 6). SPML1 logical port will be same as Target Connector.

Step 8 :

Define the EP Group (this will be used in field mapping)

Step 9 :

Attach both the connectors (WS and SPML) to AUTH scenario.Make sure that the following classes are attached to the scenario:Step 10 :

Repeat same for PROV scenario.

Step 11 :

And for ROLMG scenario

Step 12 :

Maintain Connector Settings:

Step 13 :

Maintain Mapping of Actions and Connector Groups

Default connector is the one which will make a runtime call to get the F4 for system field names in figure below.

Define the field mapping for the group applicable to all the system in that group (F4 from default connector)

Step 14 :

Synchronize EP SPML Schema

Connector is the one for SPML we earlier created. This activity updates table GRACIDMSCHEMABUF.

Step 14 :

Now sync data from EP.

This is from WS connector.


The above mentioned steps will help you in integrating PO system with GRC Access Control for Access Request Management.

Quick check: For web service configuration, check Wsnavigator status. It should not be in stopped status.

Reference Note-

2577245 – Portal Integration and configuration with SAP GRC | SAP Knowledge Base Article

1647157 – How to Set up Access to the SPML Service on AS Java – SAP ONE Support Launchpad

1607232 – GRC 10.0 Enterprise Portal Configuration and Par Files no longer supported – SAP ONE Support Launchpad

1762514 – Group provisioning fails for portal with error message ‘Cannot find a SPML request’.


Note : Please share your feedback or thoughts in a comment below.


Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Uppdeep Singh Mann
      Uppdeep Singh Mann

      Well detailed blog Nidhi .

      It will definitely help  those who want to  implement this scenario.




      Author's profile photo Karthik J
      Karthik J

      Thank you, Nidhi. It is a neat and detailed blog regarding PO Integration. Highly helpful.


      Karthik J