Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Connector: User Provisioning from Saviynt after approval in GRC for SOD Evaluations

raghuraghav
New Contributor
New Contributor

‎06/23/2023 05:42 AM

We have went through the documentation for configuring SAP connector for external SOD Evaluations -- https://docs.saviyntcloud.com/bundle/SAP-v23x/page/Content/Configuring-the-Integration-for-External-...

As per this documentation --> The SOD evaluation call (External SOD) happens after the request is submitted. This response that SAP GRC sends after evaluation (Step 4) is displayed in the approval workflow. The SOD results from SAP GRC are not shown to the requester.

What we are looking for is does the integration support the scenario of when there are SOD Violations, can the approvals for those violations happens in SAP GRC system and based on the approval, Saviynt provisions the access. This integration path is not clear.

Please advise.

Labels:
0 Kudos
6 REPLIES 6

rushikeshvartak
All-Star
All-Star

‎06/25/2023 06:18 AM

Yes it does support. Since given number on step 4 is temporary. After sod is evaluated request id is generated and you can perform workflow routing based on sod violation status 

 

Following vvariables can be used in workflows
 
externalSODViolation.CRITICAL > 0
sodevaluationstatus == 5  
 
value of  sodevaluationstatus  can be one of the following
 
 INTERNALSOD_NOTEVALUATED__EXTERNALSOD_NOTEVALUATED=0

INTERNALSOD_NOTEVALUATED__EXTERNALSOD_EVALUATIONFAILED=1
INTERNALSOD_NOTEVALUATED__EXTERNALSOD_EVALUATIONDONE_NOSODFOUND=2
INTERNALSOD_NOTEVALUATED__EXTERNALSOD_EVALUATIONDONE_SODFOUND=3

INTERNALSOD_EVALUATIONFAILED__EXTERNALSOD_NOTEVALUATED=4
INTERNALSOD_EVALUATIONFAILED__EXTERNALSOD_EVALUATIONFAILED=5
INTERNALSOD_EVALUATIONFAILED__EXTERNALSOD_EVALUATIONDONE_NOSODFOUND=6
INTERNALSOD_EVALUATIONFAILED__EXTERNALSOD_EVALUATIONDONE_SODFOUND=7

INTERNALSOD_EVALUATIONDONE_NOSODFOUND__EXTERNALSOD_NOTEVALUATED=8
INTERNALSOD_EVALUATIONDONE_NOSODFOUND__EXTERNALSOD_EVALUATIONFAILED=9
INTERNALSOD_EVALUATIONDONE_NOSODFOUND__EXTERNALSOD_EVALUATIONDONE_NOSODFOUND=10
INTERNALSOD_EVALUATIONDONE_NOSODFOUND__EXTERNALSOD_EVALUATIONDONE_SODFOUND=11

INTERNALSOD_EVALUATIONDONE_SODFOUND__EXTERNALSOD_NOTEVALUATED=12
INTERNALSOD_EVALUATIONDONE_SODFOUND__EXTERNALSOD_EVALUATIONFAILED=13
INTERNALSOD_EVALUATIONDONE_SODFOUND__EXTERNALSOD_EVALUATIONDONE_NOSODFOUND=14
INTERNALSOD_EVALUATIONDONE_SODFOUND__EXTERNALSOD_EVALUATIONDONE_SODFOUND=15

https://docs.saviyntcloud.com/bundle/EIC-Database-Schema-Reference/page/Content/Database-Schema-Refe...

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

raghuraghav
New Contributor
New Contributor

‎06/26/2023 06:31 AM

We are not looking for workflow routing withing Saviynt for approval. We are looking for the approval in GRC system and after the approval from GRC, Saviynt initiates the provisioning.

Flow is as follows:

1. Saviynt submits the requests to SPA GRC system (External SoD Violation)

2. No SoD Violations, Saviynt provisions the access. If an SoD Violation, the user logs into SAP GRC system to approve the request

3. Once the request is approved in SAP GRC, saviynt polls this data and then provisions the access.

Hope this clarifies.

0 Kudos

sai_sp
Saviynt Employee
Saviynt Employee
In response to raghuraghav

‎06/27/2023 12:01 PM

@raghuraghav 

What you are looking for is not supported in Saviynt. When a request is submitted to GRC, Saviynt waits for a response from GRC and then the violation data is populated in the Saviynt UI. There is no way to configure Saviynt to wait/hold for the approval in the GRC. However, if there are any configs at the SAP level, that can be leveraged because Saviynt waits for the response and if there is a wait/hold at SAP for approvals to be completed, then it might help the use case.

0 Kudos

raghuraghav
New Contributor
New Contributor

‎06/28/2023 05:58 AM

Thanks for update. Is there a way we can do an hybrid where we submit the request using the SAP Integration Type A and then use the Integration Type B to get an update on the SOD Violation request and process the request if approved?

0 Kudos

sai_sp
Saviynt Employee
Saviynt Employee
In response to raghuraghav

‎07/18/2023 12:00 PM

@raghuraghav That might be tricky because Saviynt would still need a ARS request to make a call to SAP GRC for risk evaluation and approvals. You cannot use the standard SAP connector. You would have to use the SOAP connector and see if it solves the purpose. 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to raghuraghav

‎07/18/2023 08:26 PM

  1. Raise request outside Saviynt 
  2. Do GRC Calculation.
  3. Then Submit Request in Saviynt

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC