Professional Documents
Culture Documents
Active Directory As Usar Data Source in SAP GRC Inprosec
Active Directory As Usar Data Source in SAP GRC Inprosec
www.inprosec.com
C/ Uruguay, 8 4ª planta, Of. 1-5 36201 pág. 1 info@inprosec.com
Vigo, España .Tlfn: (+34) 886113106
Active Directory
i.e à SAPGRC00_GRP_00
www.inprosec.com
C/ Uruguay, 8 4ª planta, Of. 1-5 36201 pág. 2 info@inprosec.com
Vigo, España .Tlfn: (+34) 886113106
Active Directory
ACTIVE DIRECTORY as the MAIN i.e (SAP Field à Active Directory Field)
USER DATA SOURCE
v USERIDàSAMACCOUNTNAME
The previous steps details How to v LASTNAME àSN
connect Active Directory to SAP GRC but v FIRSTNAMEà givenName
this section will describe the strategy to v FUNCTIONà title
have Active Directory as the Main User v DEPARTMENT à Department
Data Source. It is required to Setup v TELEPHONE à telephoneNumber
Active Directory as GRC User Data v TELNUMBER à mobile
Source using “SPRO” Transaction: v EMAILàMAIL
v PERSONNEL_NUMBERà
v Maintain Data Sources
employeeID
Configuration.
The following field could be required for
Then, include Active Directory as:
the provisioning process:
v User Search Data Source.
v MANAGERIDà MANAGER
v User Detail Data Source.
The following fields could be required
After that, it is required to perform the
for the definition of User Defaults:
mapping of the fields that are going to
be used from the Active Directory to the v LOCATIONà country
SAP fields. This mapping is performed v COMPANYàcompany
using SPRO Transaction:
The Usage of User Defaults functionality
v Maintain Mapping for avoid to include manually the following
Actions and Connector fields:
Groups
v Logon Language
The recommendation is to map as much v Decimal Notation
relevant fields as possible. The v Date Format
recommendation will be to map the
If you have a requirement to use a
following fields that matches the fields
specific field from the Active Directory
inside “SU01” Transaction:
inside SAP GRC, you need to create a
Custom Field and perform the mapping
also inside:
v Maintain Mapping for Actions
and Connector
Groups.
Finally, and in order to avoid changes,
it is required to restrict manual
changes of those fields that are being
pulled from Active Directory. This
configuration is performed through
“SPRO” Transaction:
www.inprosec.com
C/ Uruguay, 8 4ª planta, Of. 1-5 36201 pág. 3 info@inprosec.com
Vigo, España .Tlfn: (+34) 886113106