on 11-04-2013 9:23 AM
Hi All,
Our GRC 10 system is connected to ECC and CRM systems. End users should have access to raise access requests and for PSS. When i provide them with NWBC link, do all the users from ECC and CRM should be available in GRC box to login to NWBC or is there any other way of doing this?
Kindly suggest
Regards,
Madhu.
Hi Madhu
If you are using the end user login functionality the ECC and CRM users do not actually login to NWBC (GRC component) via a SU01 user Id and password. They will user a URL that you give them for the End User Login Page and authenticate with ECC/CRM credentials
Have a look at the SCN post below. It will not give you most of your solution. You need to configure the End User Webdynpros and use a system user to authenticate in SICF. You then need to configure Datasources configuration for authentication, search, details, etc (you link the ECC and CRM systems in here), unless you have a different authentication source (e.g. LDAP).
http://scn.sap.com/thread/3326257
Note: NWBC is a user interface not a system. It can be installed on the user machine or launched in HTML form via transaction NWBC.
Regards
Colleen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Colleen,
My question is different from this one, i have configured End user logon and its working fine.
All the approvers are getting email notification with Approve/reject link. My question is whenever they click on the link they require to authenticate themselves for the GRC system to approve the request, is there anyway where this can authenticated via LDAP.
Approver knows there GRC user details, point is why would the approver require to remember separate user login details for the GRC system, if the approver authentication can be authenticated via LDAP, this would provide a great solution.
Thanks and Regards
Ankit sharma
HI Ankit
Approvers needs to have a GRC account as it is the POWL inbox. They need to use their GRC credentials to authenticate
If your SAP ID (GRC) and AD Ids are the same you would look at SSO to negate password. Alternatively with SSO, you could have a custom attribute in AD that is the SAP Id to link the accounts. Talk to your Basis or search the other forums and SAP help on what to do.
Using GRC does requires a clear approach to identify management and User Ids across the system.
Regards
Colleen
HI Madhu
That's exactly what I did as my solution. I had my SAP Id = Network Id (samAccountName I think). That they could authenticate with LDAP to get to all their SAP accounts.
You will need to configure Authentication Data Source against LDAP as well.
The link I sent you shows all the steps to get PSS working. I wrote my comments ages ago but I think if you read it in its entirety you will get the necessary information to configuration the scenario you want to use.
Regards
Colleen
SSO and trusted systems isn't a strength of mine
You would need to discuss with your portal administrator if you can embed POWL GRC link into portal and have trusted-systems for authentication. I have managed similiar through mapping system alias User Id in the UME of the user (there is a tab) in the portal. This can link their account so they do not get the request for password.
Regards
Colleen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.