The following sections provide steps for using iManager to create and configure a new SAP GRC Access Control driver. For information about using Designer to accomplish these tasks, see Section 3.1, Using Designer to Create and Configure the Driver.
Importing the SAP GRC Access Control driver configuration file creates the driver in the Identity Vault and adds the policies needed to make the driver work properly.
In iManager, click to display the Identity Manager Administration page.
In the Administration list, click
to launch the Import Configuration Wizard.Use the following information to complete the wizard and create the driver.
Prompt |
Description |
---|---|
Where do you want to place the imported configuration? |
You can add the driver to an existing driver set, or you can create a new driver set and add the driver to the new set. If you choose to create a new driver set, you are prompted to specify the name, context, and server for the driver set. |
Import a configuration into this driver set |
Use the default option, .In the field, select .In the SAPGRCAC-CMP-IDM3_6_0-V1.xml file. field, select the |
Driver name |
Specify a name that is unique within the driver set. |
SAP GRC Web Service URL |
Specify the GRC Web Service URL on SAP NetWeaver. Leave this field blank when the Subscriber channel is not active. |
Authentication ID |
Specify an authentication ID for the SAP GRC Web service. |
Authentication Password |
Specify the password for the authentication ID. |
Requestor |
Specify the ID of the GRC user that is defined as the for all requests in GRC. |
First name |
Specify the first name of the GRC user that is defined as the for all requests in GRC. |
Last name |
Specify the last name of the GRC user that is defined as the for all requests in GRC. |
Email address |
Specify the e-mail address of the GRC user that is defined as the for all requests in GRC. |
Driver is Local/Remote |
Select whether the driver is running locally or is using the Remote Loader. For more information, see the Identity Manager 3.6.1 Remote Loader Guide. |
Define Security Equivalences |
The driver requires rights to objects within the Identity Vault. The Admin user object is most often used to supply these rights. However, you might want to create a DriversUser (for example) and assign security equivalence to that user. Whatever rights that the driver needs to have on the server, the DriversUser object must have the same security rights. |
Exclude Administrative Roles |
You should exclude any administrative User objects (for example, Admin and DriversUser) from synchronization. |
When you finish providing the information required by the wizard, a Summary page similar to the following is displayed.
At this point, the driver is created from the basic configuration file. To ensure that the driver works the way you want it to for your environment, you must review and modify (if necessary) the driver’s default configuration settings.
To modify the default configuration settings, click the linked driver name, then continue with the next section, Using iManager to Configure the Driver Settings.
or
To skip the configuration settings at this time, click Using iManager to Configure the Driver Settings.
. When you are ready to configure the settings, continue with the next section,WARNING:Do not click
on the Summary page. This removes the driver from the Identity Vault and results in the loss of your work.The information specified during the creation of the driver is the minimum information required to import the driver. However, the base configuration might not meet your needs.
You might need to change whether the driver is running locally or remotely.
You might need to change whether the driver is using the Role Mapping Administrator or not.
To configure the settings:
Make sure the Modify Object page for the SAP GRC Access Control driver is displayed in iManager. If it is not:
In iManager, click to display the Identity Manager Administration page.
Click
.Browse to and select the driver set object that contains the new SAP GRC Access Control driver.
Click the driver set name to access the Driver Set Overview page.
Click the upper right corner of the driver, then click
.This displays the properties page of the driver.
Review the settings for the driver parameters, global configuration values, or engine control values. The configuration settings are explained in Section A.0, Driver Properties.
After modifying the settings, click
to save the settings and close the Modify Object page.When a driver is created, you must start the driver. Identity Manager is an event-driven system, so after the driver is started, it processes events as they occur.
To start the driver after the additional configuration is completed:
In iManager, click to display the Identity Manager Administration page.
Click
.Browse to and select the driver object that contains the SAP GRC Access Control driver you want to start.
Click the driver set name to access the Driver Set Overview page.
Click the upper right corner of the driver, then click
.For information about management tasks with the driver, see Section 6.0, Managing the Driver.