Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

MSMP Workflow

Go to solution
Former Member

on ‎2013 Apr 03 7:33 AM

0 Likes
1,307

Hi Experts

I need to ask a question.

We are running GRC10 with Access Risk Analysis and Emergency Access Management working good.

Now we want to implement following component below in order as below

  1. Password Reset functionality (comes with GRC10)
  2. Access Request
  3. User Provisiong
  4. Role Management (may not required)

For Access Request, User Provisiong and Role Management, I understand that MSMP Workflow is required. When I read guides in this site it says Activate following BC Sets (using transaction SCPR20).

GRAC_ACCESS_REQUEST_REQ_TYPE
GRAC_ACCESS_REQUEST_EUP
GRAC_ACCESS_REQUEST_APPL_MAPPING
GRAC_ACCESS_REQUEST_PRIORITY
GRAC_ROLE_MGMT_SENTIVITY
GRAC_ROLE_MGMT_METHODOLOGY
GRAC_ROLE_MGMT_ROLE_STATUS
GRAC_ROLE_MGMT_PRE_REQ_TYPE
GRAC_SPM_CRITICALITY_LEVEL
GRC_MSMP_CONFIGURATION

If I Activate these will it have any impact on our already implemented Access Risk Analysis and Emergency Access Management component.

Once activated above BC Sets, can they be deactivated again.

Can some one please advise if order above is correct or not.

Thanks in advance for your patience and help.

Regards

Masood

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
Former Member
‎2013 Apr 03 7:45 AM
0 Likes

Hi Masood,

I think you can activate all of above BC sets except GRAC_SPM_CRITICALITY_LEVEL as you are already using SPM.

I dont think it is possible to deactivate BC set once activated .

Best Regards,

Aman

Show replies
Show replies
Former Member
‎2013 Apr 03 8:16 AM
0 Likes

Hi Aman

Thanks very much for you quick help.

I did not find any documentation anywhere regarding Password Self Service. Can you please point towards some direction where I can find some instructions.


Regards

Masood

Colleen
Product and Topic Expert
Product and Topic Expert
‎2013 Apr 03 8:59 AM
0 Likes

Hi Masood

Here's some steps I posted in SCN recently for PSS

http://scn.sap.com/thread/3326257

Former Member
‎2013 Apr 03 12:45 PM
0 Likes

Hi Colleen

Thanks a lot for very helpful information.

I configured most of the settings and now system successfully reset the password and gives me following infomration:

Password reset successfully in all the selected systems.

For successful resets, Email has been sent to your mail box containing the password details.

Password reset successfully in : DAACLNT001

Only two things left to sort out:

  1. It did not ask me secret question and answer, which i registered
  2. I did not receive Email. Do I need to confirgure Workflow before I receive Email. Could you please help with minimum settings required to configure email. When I click on My Profile, I can see my email address which was setup in SU01 in the backend system. I tried to log on to DAACLNT001 and looks like password has been changed successfully.

Once again thanks a lot for you help.

Regards

Masood

Colleen
Product and Topic Expert
Product and Topic Expert
‎2013 Apr 03 1:02 PM
0 Likes

Hi

For point 1 you will need to modify settings in the instruction I gave

Maintain Password Self Service

PSS Global Configuration Values – Choose Challenge Response, Set Verification to Password Self Service; enter number of questions you want them to answer and number of attempts they receive

Challenge Response Questions – you can define a set of Global Template Questions for them to answer

PSS HR System – no action unless you happen to be using HR system for Authentication Source

I set my value to 0 for challenge response as I didnt want questions. There will be a drop down of some type (sorry not on system to check)

For part 2 you need SOST/SCOT CONFIGURED - user master needs valid email address. User WF-batch also needs email. SOST should show errors

Former Member
‎2013 Apr 10 8:28 AM
0 Likes

Hi Colleen

Thanks a lot for guidance. My email and password reset working well now.

Can you or someone please advise on below

Now I want to try only questions and answers - no email. I think I have configured as you mentioned but when I go to reset link it still does not ask me for question/answer. My configurations are as below. Please advise if anything wrong. (We are not using PSS HR System)

I will greatly appreciate your help.

Regards

Masood

Colleen
Product and Topic Expert
Product and Topic Expert
‎2013 Apr 11 1:51 AM
0 Likes

Hi Masood

The SAP standard functionality is for the workflow user to email the user their password:

"When a user creates a request for password reset, the application verifies the user based on the information they maintained for their password self-service settings. Once the application verifies the user, it resets the password and sends an e-mail to the user's configured e-mail address.

After the user resets their password, the application e-mails the new password to them."

The User Id would be the account for which they request a password. The email address would belong to that account.

The user will need to register for self-service to complete questions as well

Former Member
‎2013 Apr 11 3:24 AM
0 Likes

Hi Colleen

Once again thanks very much for your helpful response.

One last concern and I have read your reply to other users that user does not have to be in GRC system, which is very good. Then how user will get to the link of password reset. We are using NWBC either 3 or 3.5. When user enter command NWBC in SAP GUI it launches NWBC in browser. I mean how do we provide user access to the links Reset Password and Register Secruity Questions etc.

Once again I appreciate your valuable help.

Regards

Masood

Colleen
Product and Topic Expert
Product and Topic Expert
‎2013 Apr 11 5:51 AM
0 Likes

Hi Masood

They use the End User Login as per the link instructions I posted

The HTTP Service in SICF will need a service user to perform the authentication to GRC System. Therefore, the end user does not require a SAP GRC account.

You could consider publishing the link to access via Internet Explorer or on your intranet page, etc. They click the link and the End User Log-in Screen will appear.

Former Member
‎2013 Apr 15 11:27 PM
0 Likes

Hi Colleen

Thanks very much for your help. Web service and password reset working very well now.

Only one last hurdle left to resolve. It is still not asking for questions. When I enter user id and select system, it resets password and send email. Even though I registered questions and answers. I want to find out why it is not asking for questions. My configuration setting are as shown in screenshots above.

Please advise what I am missing. Also thanks a lot for your help.

Regards

Masood

Colleen
Product and Topic Expert
Product and Topic Expert
‎2013 Apr 19 2:42 AM
0 Likes

Hi Masood

In your screen shot you have PSS Disable Verification selected in the drop down. Set this to none so the questions appear.

Former Member
‎2013 May 01 7:46 AM
0 Likes

Hi Colleen

Thanks very much for all your help. All working well now. Only had issue with one of the service. When user go on to End User Login screen, enter user Id, and register for secret questions, system was not going to next screen. It was saying questions saved but would not go to screen where we can add system for password reset. I raised OSS Message and SAP advised to implement 1747265 and after applying the note it all works fine.

Once again thanks very much.

Regards

Masood

Colleen
Product and Topic Expert
Product and Topic Expert
‎2013 May 01 9:13 AM
0 Likes

glad to hear it's working for you now. I'm on a higher SP so did not have that issue. Good luck with your implementation.

Ask a Question