Skip to Content
avatar image
Former Member

GRC, CUA and IDM

We are in process of installing GRC 10.0 in our landscape. We have following questions?

1. Can I run my CUA from GRC box instead of say Solman?

2. Can I hook GRC with LDAP so I import the users from active directory?

3. Do we need IDM, if active directory is hooked up to the system where we have the CUA?

Regards,

Kedar

Edited by: Kedar Joshi on Aug 8, 2011 5:57 PM

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Aug 08, 2011 at 04:28 PM

    Hi Kedar,

    The easy answer to your question is yes to all of them!

    1. It is technically possible to run CUA from the GRC box as it is an ABAP based environment.

    Depending on your user provisioning processes though, you may want to consider the scope of using CUA.

    For example, you may want to retain CUA for pre-production access but may want to have automated Access Request Management (CUP) for the production environments. Alternatively, if you are going down the full IDM route, you may wish to have everything provisioned via GRC rather than having the additional manual assignments through CUA.

    2. Yes, you can still connect to LDAP Active Directory from GRC. There is a technical change in setting up the connection as it uses an RFC destination rather than a JCo but it's still possible and actually advisable for creating a single user master source.

    3. This is slightly more difficult to say without further knowledge of your organisation. Generally, IDM is focussed on a more holistic view of User Access across the enterprise estate. IDM is still of use when managing SAP and Non SAP applications and managing the roles from a business perspective. Whilst GRC is able to offer the business role concept inherently, it is still slanted towards the management of risk rather than pure Identify Management and therefore the tools do perform a separate yet integrated function.

    I hope this helps.

    Simon

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Kedar,

      Yes, your assumption is correct. Within IDM, the Role is often a more generic business role or Job function rather than technical role.

      It will be similar to the GRC Business role concept whereby it is a mixture of technical functions and organisational responsibilities e.g

      Purchasing Manager =

      LAN access

      email access

      SAP access to approve POs

      SAP Access to approve team member's expenses, timesheets

      SAP BI access to view reports / KPIs

      Bespoke application access for ...

      You should be able to achieve your key requirements without IDM but if you want a cross system repository to act as the job to role and user to job database then that might still be on the wish list.

  • avatar image
    Former Member
    Aug 09, 2011 at 04:06 AM

    Hi Kedar

    1. Can I run my CUA from GRC box instead of say Solman?

    Yes ,very much .You can connect your CUA directly to SAP GRC .

    2. Can I hook GRC with LDAP so I import the users from active directory?

    Yes ,for sure .

    3. Do we need IDM, if active directory is hooked up to the system where we have the CUA?

    It depends for what all purpose you want to use IDM .IDM can be very well integrated with GRC.

    In your case , i feel you already have a user repository (LDAP) so if only for user data source you want to use IDM it is not required as you already have LDAP . But if you planning to use other features of of IDM ,you can go ahead it is supported by GRC .

    Thanks & Regards

    Asheesh

    Add comment
    10|10000 characters needed characters exceeded