on 2019 Mar 07 1:06 PM
I have searched but have found no solution. We are looking to activate the Access Request portion of GRC 10.1 and I have been working on that configuration. Our current day is CUA based, so our helpdesk signs on to CUA and changes passwords for users when requested. Our future looks like CUA might go away, unless I can find a way to make it only for password resets, and we are not ready to give users the options for self service. Is there any way that the helpdesk can utilize GRC like they would CUA, one stop to do a password reset for systems connected to it? Any advice would be greatly appreciated. Thank you.
Hi Tamara,
I can suggest you one idea. Please try and let me know if it addresses your requirement.
1. Create a Request Type - Password Reset
2. You can submit "Access Request" using the request type "Password Reset" to update the password. You may need to key in the password manually while submitting the request.
3. Define a workflow path with No Stages when request type is "Password Reset" so that request gets auto approved and the password of the user in the request gets reset immediately
4. In provisioning settings set option "Send Password" as YES
5. Email notification with password details will be sent to User
By following the steps mentioned above, Security administrators can reset other user's passwords using GRC.
Regards,
Madhu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
OK, after i through a temper tantrum, I figured it out. Thanks so much.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I am all set, thank you.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
As I am very new to this, it is not as easy and straightforward as you think, but thanks for the help. I have created the rule, had one instance that worked as intended, so I tried to test create\change, which failed. I made an adjustment that I thought would fix it, and broke everything in it. Regardless of what request type I try, I get the below message. I understand if you don't want to help anymore. I am learning as I go and get bits and pieces from every BLOG I visit.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi. Tamar,
Create a workflow path with no stages in your MSMP workflow configuration and Route the requests with request type as PASSWORD RESET to the path with no stages using initiator rule decision table.
This will be straightforward and simple.
Let me know if you face any issue.
Regards,
Madhu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I am having some issues with step 3. I have been researching but have not found a solution yet. Any advice for how to set that decision? I have created the request type and the path, but am struggling with the decision.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
That is actually what I was thinking yesterday. I will have to try it but I think this will meet my needs. I will let you know how it goes.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
14 | |
4 | |
3 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.