3.2 Using iManager to Create and Configure the Driver

The following sections provide steps for using iManager to create and configure a new SAP GRC Access Control driver. For information about using Designer to accomplish these tasks, see Section 3.1, Using Designer to Create and Configure the Driver.

3.2.1 Using iManager to Import the Driver Configuration File

Importing the SAP GRC Access Control driver configuration file creates the driver in the Identity Vault and adds the policies needed to make the driver work properly.

  1. In iManager, click Driver icon to display the Identity Manager Administration page.

  2. In the Administration list, click Utilities > Import Configuration to launch the Import Configuration Wizard.

  3. Use the following information to complete the wizard and create the driver.

    Prompt

    Description

    Where do you want to place the imported configuration?

    You can add the driver to an existing driver set, or you can create a new driver set and add the driver to the new set. If you choose to create a new driver set, you are prompted to specify the name, context, and server for the driver set.

    Import a configuration into this driver set

    Use the default option, Import a configuration from the server (.XML file).

    In the Show field, select Identity Manager 3.6 configurations.

    In the Configurations field, select the SAPGRCAC-CMP-IDM3_6_0-V1.xml file.

    Driver name

    Specify a name that is unique within the driver set.

    SAP GRC Web Service URL

    Specify the GRC Web Service URL on SAP NetWeaver. Leave this field blank when the Subscriber channel is not active.

    Authentication ID

    Specify an authentication ID for the SAP GRC Web service.

    Authentication Password

    Specify the password for the authentication ID.

    Requestor

    Specify the ID of the GRC user that is defined as the requestor id for all requests in GRC.

    First name

    Specify the first name of the GRC user that is defined as the requestor first name for all requests in GRC.

    Last name

    Specify the last name of the GRC user that is defined as the requestor last name for all requests in GRC.

    Email address

    Specify the e-mail address of the GRC user that is defined as the requestor email address for all requests in GRC.

    Driver is Local/Remote

    Select whether the driver is running locally or is using the Remote Loader. For more information, see the Identity Manager 3.6.1 Remote Loader Guide.

    Define Security Equivalences

    The driver requires rights to objects within the Identity Vault. The Admin user object is most often used to supply these rights. However, you might want to create a DriversUser (for example) and assign security equivalence to that user. Whatever rights that the driver needs to have on the server, the DriversUser object must have the same security rights.

    Exclude Administrative Roles

    You should exclude any administrative User objects (for example, Admin and DriversUser) from synchronization.

    When you finish providing the information required by the wizard, a Summary page similar to the following is displayed.

    Summary page

    At this point, the driver is created from the basic configuration file. To ensure that the driver works the way you want it to for your environment, you must review and modify (if necessary) the driver’s default configuration settings.

  4. To modify the default configuration settings, click the linked driver name, then continue with the next section, Using iManager to Configure the Driver Settings.

    or

    To skip the configuration settings at this time, click Finish. When you are ready to configure the settings, continue with the next section, Using iManager to Configure the Driver Settings.

    WARNING:Do not click Cancel on the Summary page. This removes the driver from the Identity Vault and results in the loss of your work.

3.2.2 Using iManager to Configure the Driver Settings

The information specified during the creation of the driver is the minimum information required to import the driver. However, the base configuration might not meet your needs.

  • You might need to change whether the driver is running locally or remotely.

  • You might need to change whether the driver is using the Role Mapping Administrator or not.

To configure the settings:

  1. Make sure the Modify Object page for the SAP GRC Access Control driver is displayed in iManager. If it is not:

    1. In iManager, click Summary page to display the Identity Manager Administration page.

    2. Click Identity Manager Overview.

    3. Browse to and select the driver set object that contains the new SAP GRC Access Control driver.

    4. Click the driver set name to access the Driver Set Overview page.

    5. Click the upper right corner of the driver, then click Edit properties.

      This displays the properties page of the driver.

  2. Review the settings for the driver parameters, global configuration values, or engine control values. The configuration settings are explained in Section A.0, Driver Properties.

  3. After modifying the settings, click OK to save the settings and close the Modify Object page.

3.2.3 Using iManager to Start the Driver

When a driver is created, you must start the driver. Identity Manager is an event-driven system, so after the driver is started, it processes events as they occur.

To start the driver after the additional configuration is completed:

  1. In iManager, click Summary page to display the Identity Manager Administration page.

  2. Click Identity Manager Overview.

  3. Browse to and select the driver object that contains the SAP GRC Access Control driver you want to start.

  4. Click the driver set name to access the Driver Set Overview page.

  5. Click the upper right corner of the driver, then click Start driver.

For information about management tasks with the driver, see Section 6.0, Managing the Driver.