Integration of IDM with CUP workflow/

can CUP and IDM be integrated with to have same workflow?
Thanks,
derek

Hi Derek,
Access Control supports following three ntegrations with IDM.
- Using the IdM system as the leading provisioning system where requests are submitted to Access Control for SoD compliance and provisioning to one or more ERP systems.
- Using Access Control as the leading provisioning system where requests are submitted to the IdM system for provisioning to one or more non-ERP systems.
- Using Access Control as the leading provisioning system where requests are submitted to other supported systems via SPLM SOAP provisioning requests.
For more details on how to configure, please refer to "Configuration Guide" of AC 5.3 at the following location.
https://websmp103.sap-ag.de/~form/sapnet?_SHORTKEY=01100035870000718172&
Click on Access Control --> SAP GRC Access Control 5.3
Hope this helps.
Best Regards,
Sirish Gullapalli.

Similar Messages

  • Provisioning roles in UME with CUP workflow

    Hello,
    to give our users permission to approve requests in CUP we assign them to LDAP groups. These LDAP groups have different UME roles.
    Is there any possibility to request permnissions for UME roles via a CUP-workflow in general?
    We are using GRC 5.3 SP 8.1
    Thanks
    Manuel Kunkel

    There are some pre-requisites - you need portal content on your AS Java, the "plain" AS Java install won't do.
    Here's a detailed guide on how to set this up:
    http://www.sdn.sap.com/irj/bpx/grc?rid=/library/uuid/502a14db-6261-2c10-22b5-95117ab0e5ed
    Frank.

  • CAD login failure with CUPS integration

    OK so here we go,
    UCCX System version: 8.5.1.10000-37
    Cucm System version: 8.6.2.20000-2
    CUPS System version: 8.6.4.11900-1
    So we've integrated UCCX desktop with CUPs fine, CAD user goes to login gets error asking for Presence creds.
    CUPS and CUCM are Ldap authenticated integrated.
    I've manually tested logging users into Jabber desktop and Cups user (web login) and both login fine with the same ldap user ( CAD uses this login too)
    If I click cancel on CAD login agent logs in fine to CAD, however if I try login to chat gets rejected even though creds are the same.
    Have manually input creds into CAD when prompted for Presence login (still gets rejected)
    Weird how creds work for Jabber but not getting passed through, have restarted all servers in cluster.
    Any input welcome.
    Thanks in advance,
    Liam

    Hi Liam
    This is a particularly poorly implemented feature.
    Basically pre 9.0 I think it doesn't do any authentication to CUPS. What you need is an entry in the 'Incoming ACL' (in the system/security/incoming acl menu I think) for the IP address of each PC that will use this feature. My understanding is this basically bypasses authentication.
    In 9.0(2) that i upgraded to this week, it supports digest auth. The description from the admin guide is that you must set the digest creds on the CUCM end user to match the user's login password. Well... that's just great security isn't it? 'Please may I have your AD password so I can add a feature to your CAD? Oh, and tell me every time you change it so I can update it'....
    There are also a host of bugs I found - you can't search for contacts in Web CDA to add them to contact lists in larger ADs, it doesn't seem to show the status of any internal or external contacts properly, and upgrading to 9.0(2) only made it slightly better.
    I get the feeling not many people have used this, or there wouldn't be so many issues...
    Aaron

  • SPM integration with CUP 5.3

    All the issues regarding SPM integration with CUP is resolved, with the exception of one which is mentioned below:
    Any user can go and raise a request for the FF ID from CUP Super User Access workflow, and are created in the backend, but they do not get the access to FF ID when trying to Login.
    My query: is there any means to capture the user detail much in advance while the request is processed in the workflow and reject the request before it could be created and stored in backend.
    Ideally The user not having minimum privilege of u201C/VIRSA/Z_VFAT_FIREFIGHTERu201D should not Login with the FF ID, which is met here, but this is checked only after the user get the access to FF ID and try to LOG into FF ID using his Login detail.
    Please put some clarity on this.
    Thanks,
    Abhimanu Singh

    Hi Sabita,
    Thanks for the reply but this do not answer my question. Let me come in detail on this topic:
    SAP Backend:
    We have FF ID Owner, FF ID Controller, FF ID and Firefighters in the Backend.
    FF ID owner has the minimun role required for becoimng the owner is /VIRSA/Z_VFAT_ID_OWNER.
    FF ID Controller created with the minimum role /VIRSA/Z_VFAT_ID_OWNER for the monitoring purpose of all the reports.
    FF ID is defined with the defined task in the role being assigned to it.
    Firefighter is created with the minimum role /VIRSA/Z_VFAT_FIREFIGHTER to get the access to FF ID for the limited period as defined by the FF ID Owner.
    For example:
    FF ID Owner: User ID is FFO
    FF ID Controller: User ID is FFC
    FF ID: User ID is FID
    Firefighter: User ID is FFS
    Now the Question is from
    SAP Frontend Java stack
    I can see that the users(other than FFS) who are not defined as firefighter in the backend can still go and put a request for the FF ID access and gets provisioned.
    When you go and check in the backend with the firefighter Owner ID/FF Administrator ID you can see the requested user listed there with the limited time period in the firefighter list.
    Now comes the real picture: when this user(other than FFS) tries to login using his user ID he will not get the FF ID Login link on the page which is ideally correct. This is because any user not defined as firefighter in the backend with the minimum role /VIRSA/Z_VFAT_FIREFIGHTER should not get the access to FF ID.
    My question comes here:
    Is there any option in the frontend which could inform the user (other than FFS) much in advance and stop him requesting for the FF ID which has no meaning since it is finally not going to get the access in the backend to the FF ID.
    Please get back to me if you require some more information.
    Thanks,
    Abhimanu Singh

  • Facing problem in integrating my custom jsp with the workflow engine

    Hi,
    I am using Jdeveloper 11.1.1.6.0 for BPM 11g implementation on my Application.I have Weblogic Server 10.3 Installed and configured the domain. Also the server is up and running.
    I am trying to create workflow and wants to integrate it with my custom jsp but i am facing problem in integrating my custom jsp with the workflow engine.Can you please answer the following questions:
    1)how to link BPM human task with my custom jsp (Requester jsp).
    2)how my custom jsp data(Requester data) will be stored in workflow engine and how the same data will be visible to the next custom jsp(Reviewer jsp).
    This is urgent .Any early reply will be great help.
    Thanks in advance.
    Edited by: 990133 on Mar 24, 2013 5:31 AM

    you forgot to add the usage dependency in the DC metadata section in your DC, you have to add the XSS~utils and fpm as a used DC's as part of your DC, try to add those, if you already done that, so check where missed the adding of used webdynpro components in any of the VAC's or FC's,
    Cheer,
    Appa

  • Need help with a CUP workflow scenario

    Dear Experts,
    I'm sure it is not just me encountered this required scenario (or something similar).  I would like some pointers how to transcript it to a CUP workflow:
    Application admin logs a provisioning request.
    Security creates a user account and provisioning the roles on QA.
    Application admin ensures that the user undergoes training on QA.
    Upon passing the training, security replicates the user account and role assignment on PRD.
    The esoteric solution would be one request, two paths, two provisions. Is it somehow possible?
    Client doesn't use CUA.
    The security requirements are higher on PRD, where SoD handling will be required.
    Kind Regards,
    Vit Vesely
    Edited by: Vit Vesely on Apr 29, 2010 3:29 PM

    Hii Vit,
    If you want to have two paths for a single request than only possible solution will be to create role based initiator's.
    Role Based Initiatator's can be created by following Configuration -> Workflow-> Initiator-> create.
    Here Select the attibute as roles.
    For example create two Initiator
    Intiator1 -> having Role1 attribute -> Path1
    Intiator2 -> having Role2 attribute -> Path2
    Now in the request if u select Role 1 & Role 2, than request will follow the parallel path ( path1 & path 2)
    Else it is not possible to have parrallel workflow path for any other attribute.
    In Case you can have provisioning at end of the paths as well as end of the request.
    Kind Regards,
    Srinivasan

  • Integrating a jsp application with oracle workflow

    Hi,
    I would like to integrate a jsp application with oracle workflow.
    My jsp application use BC4J, and if i want to use the java
    interface of workflow i need to have the java.Sql.Connection of
    my application.
    There are a way of getting this Connection in the BC4J?
    thanks
    rjc

    You can check the source code at:
    http://otn.oracle.com/docs/products/oracle9i/doc_library/release2/text.920/a96517/acase.htm#632511
    You can also use the JDeveloper wizards that can generate JSP code. You can download them from: http://otn.oracle.com/products/text/
    and then click on software (left frame).

  • GRC -IdM integration (HCM IdM GRC IdM)

    Hi IdM & GRC Gurus,
    We want to implement a scenario where IdM (7.1) gets user data from HCM, followed by Workflow and SoD analysis in GRC (5.3) and Finally IdM performing the Provisioning (HCM > IdM > GRC > IdM), however I donu2019t see any documentation for this exact scenario. If SAP's direction is for IdM being provisioning solution and not GRC (CUP), the above scenario should be implemented. SAP documentation "SAP IdM Compliant Provisioning using GRC Access Control Configuration Guide. PDF" is similar but here GRC (CUP) is doing the final provisioning.
    I have following questions
    1     Which Framework should be imported in IdM to implement IdM - GRC integration, where IdM gets user data from HCM, followed by Workflow and SoD analysis in GRC and Finally IdM performing the Provisioning (HCM > IdM > GRC > IdM)?
    2     GRC Provisioning Framework (GRC 53 Provisioning Framework_Folder.mcc) that is available on SDN, is based on HCM to IdM followed by GRC conducting SoD analysis and provisioning. Can the same framework be used for a scenario where IdM does the provisioning in the last step (same as question 1)?
    3     "If answer to question 2 is yes? What are the changes/customization required to GRC Provisioning Framework (GRC 53 Provisioning Framework_Folder.mcc)? As per the limitations (page 37) mentioned in the document SAP IdM Compliant Provisioning using GRC Access Control Configuration Guide. PDF, ""It is not possible to only carry out a check for Segregation of Duties, without having the
    request provisioned to the GRC Access Control back-ends. It means that the Identity Center
    cannot just ask if a certain entitlement assignment is valid.
    If the request is approved, the accounts and role assignments will always be performed in
    the GRC Access Control back-end systems."" If this is true, how can we impliment HCM > IdM > GRC > IdM (IdM doing provisioning in the end)?"
    4     If GRC Provisioning Framework (GRC 53 Provisioning Framework_Folder.mcc) is implemented along with HCM framework (SAP Provisioning Framework_Folder.mcc) and HCM_Staging_Area_Identity store.mcc, which Identity Store should GRC Provisioning Framework be imported (HCM_Staging_Area OR SAP_Master)?
    Regards,
    Anurag

    Hi Joel,
    within the VDS you create a local user ('HR_USER') and you choose some password. Later while configuring the HCM system you use these credentials to define the connection from HCM to the VDS.
    Kind regards
    Frank

  • How to send the 3rd email in the MSMSP CUP workflow?

    Hello GRC community,
    at first thank you all for your great support during the last months. Four month ago I started the implementation of AC in our department without any GRC experience. But now, four months later we are just about to implement the AC 10.0. Thank you all.
    Now we are working on the following issue, where we need your help. Let me explain what the issue is:
    After the finishing the last step in CUP workflow (WS76300056) the workflow sends out 2 emails: (method CL_GRFN_MSMP_WF_TEMPLATE_BASE --> UPDATE_PATH_FINISHED sends out these 2 emails)
    1.to the USER
    2.to the REQUESTER
    But due to our presystem which is a part of the Access request workflow we want to send out a 3rd email to a 3rd recipient. Getting the 3rd recipient is not the issue. The issue is: where do we have to implement the sending of the notification? Our own Investigation comes up to an enhancement point which seems to be the right place to add ABAP code which sends out the 3rd email.
    Has anybody similar issue or the experience with the following enhancement and could help us? Or maybe there is an alternative solution? Any hints are welcome.
    Package: GRFN_MSMP_WORKFLOW
    Enhancement: GRFN_MSMP_END_OF_PATH_NOTIF
    Thanks, and best regards
    Sabrina

    The send mail function will send mail to the users and or alias in the workflow step where you invoke it. The IDOC script guide will help you with implementing these kinds of things.
    http://download.oracle.com/docs/cd/E10316_01/cs/cs_doc_10/sdk/idoc_script_reference/wwhelp/wwhimpl/js/html/wwhelp.htm
    IDOC script by usage / Workflow
    wfNotify is the one you want to look at specifically.
    Workflow
    The following Idoc Script variables and functions are related to workflows.
    Configuration Variables
    isRepromptLogin
    IsSavedWfCompanionFile
    PrimaryWorkQueueTimeout
    WorkflowDir
    WorkflowIntervalHours
    Global Functions
    getValueForSpecifiedUser
    Workflow Functions
    wfAddActionHistoryEvent
    wfAddUser
    wfComputeStepUserList
    wfCurrentGet
    wfCurrentSet
    wfCurrentStep
    wfDisplayCondition
    wfExit
    wfGet
    wfGetStepTypeLabel
    wfIsFinishedDocConversion
    wfIsNotifyingUsers
    wfIsReleasable
    wfLoadDesign
    wfNotify
    wfReleaseDocument
    wfSet
    wfSetIsNotifyingUsers
    wfUpdateMetaData
    Other Variables
    AllowReview
    dWfName
    dWfStepName
    entryCount
    IsEditRev
    IsWorkflow
    lastEntryTs
    SingleGroup
    wfAction
    wfAdditionalExitCondition
    wfJumpEntryNotifyOff
    wfJumpMessage
    wfJumpName
    wfJumpReturnStep
    wfJumpTargetStep
    wfMailSubject
    wfMessage
    wfParentList
    WfStart

  • Integration process communicating with guided procedure

    Hi everybody,
    I read that it is possible to exchange messages between Integration Processes and SAP Business Workflow. Is it also possible to trigger and communicate to a guided procedure in a Integration process?
    Thanks,
    Mane

    Integration processes can integrate with anything which uses one of the protocols supported by XI adapters (and you could even enhance this, by creating your own custom adapters).
    E.g., to integrate with SAP Workflow, you could call a standard BAPI or a Z RFC that executes the desired workflow (or feed some step of a already in-process workflow).
    For Guided Procedures, you could basically use anything that the UI frameworks within SAP portfolio support. For example, if you develop a WebDynpro-based GP, you could make the WebDynpro consume a Web Service that, for instance, triggers a BPM execution (you expose the 1st receiver step of the BPM, which should be a open sync/async bridge, as a web service through a sender soap adapter).
    That's just one example.
    Regards,
    Henrique.

  • Accessing SPML Object class variable on SUN IDM Form or workflow

    Hi All,
    Can anyone suggest me how we can access the SPML variable on SUN IDM Form and workflow?
    e.g
    I have object class deffination in SPML configuration with schema deffination as below
    <Configuration name='SPML'>
    <Extension>
    <Object> <Attribute name='classes'>
    <List>
    <Object name='person'>
    <Attribute name='type' value='User'/>
    <Attribute name='form' value='SPMLPerson'/>
    <Attribute name='default' value='true'/>
    <Attribute name='identifier' value='uid'/>
    </Object>
    </List>
    </Attribute>
    <Attribute name='schemas'>
    <List>
    <String>
    <![CDATA[
                       <schema xmlns="urn:oasis:names:tc:SPML:1:0"
                      ...SPML standard schema...
                      </schema>
                       ]]>
    </String>
    <String>
    <![CDATA[
                       <schema xmlns="urn:oasis:names:tc:SPML:1:0"
                       ...Waveset custom schema...
                       </schema>
                       ]]>
    </String>
    </List>
    </Attribute>
    </Object>
    </Extension>
    </Configuration>
    Where I deffine my custom schema with all attributes that I want to view on SUN IDM custom form.
    I am able to set value from ModifyRequest for the variable but not able to get it on the Form or workflow.
    I did try with below expression to get the variable but no luck.
    <ref>attribute_name</ref>
    <ref>SPML.attribute_name</ref>
    <ref>SPML.Object_name.attribute_name</ref>
    Please suggest how we can access the variable?
    Any information will be appricated.
    Regards,
    vinash

    Hi All,
    Can anyone suggest me how we can access the SPML variable on SUN IDM Form and workflow?
    e.g
    I have object class deffination in SPML configuration with schema deffination as below
    <Configuration name='SPML'>
    <Extension>
    <Object> <Attribute name='classes'>
    <List>
    <Object name='person'>
    <Attribute name='type' value='User'/>
    <Attribute name='form' value='SPMLPerson'/>
    <Attribute name='default' value='true'/>
    <Attribute name='identifier' value='uid'/>
    </Object>
    </List>
    </Attribute>
    <Attribute name='schemas'>
    <List>
    <String>
    <![CDATA[
                       <schema xmlns="urn:oasis:names:tc:SPML:1:0"
                      ...SPML standard schema...
                      </schema>
                       ]]>
    </String>
    <String>
    <![CDATA[
                       <schema xmlns="urn:oasis:names:tc:SPML:1:0"
                       ...Waveset custom schema...
                       </schema>
                       ]]>
    </String>
    </List>
    </Attribute>
    </Object>
    </Extension>
    </Configuration>
    Where I deffine my custom schema with all attributes that I want to view on SUN IDM custom form.
    I am able to set value from ModifyRequest for the variable but not able to get it on the Form or workflow.
    I did try with below expression to get the variable but no luck.
    <ref>attribute_name</ref>
    <ref>SPML.attribute_name</ref>
    <ref>SPML.Object_name.attribute_name</ref>
    Please suggest how we can access the variable?
    Any information will be appricated.
    Regards,
    vinash

  • Unable to see integration of IDM in mozilla 4.0

    up to the 3.6 version of Firefox it shows the integration of IDM [Internet Download Manager] in the form of right click menu,
    after clicking right click it shows options like-download with IDM,
    download all files with IDM.
    But in Firefox 4.0 i unable to see that option.
    Waiting for positive reply.
    Regards,
    Chetan S. Joshi
    [email protected]
    +91-9730675308

    Make sure you have the latest version of IDM, versions 6.9.8 and older are blocked in Firefox 4 as they were causing crashes.

  • Integrating Custom page with Standard Page

    Hi
    My Doubt is,
    i m working on iRec Module.
    i m integrating Custom page with Standard Page , Is it will affect the Background running Workflow.
    Thanx

    Hi 781261,
    It seems you are familiar with OTN forums, based on your profile.
    165 posts, 50+ questions and 15 unresolved.
    I hope you know forum etiquettes(you can refer http://forums.oracle.com/forums/ann.jspa?annID=914).
    Close your previous threads if they are answered/you got out of the issue yourself.
    One of your unclosed threads is:
    Re: Can we Fire PPR on DFF?
    regards,
    Anand

  • CUP Workflow issue

    Hi guys,
    First - this isn't my issue but an issue that my colleague is having. 
    Their workflows have been setup and they've been working for sometime now.  I wasn't involved in their setup.  However last week, their BASIS team did some change (details aren't available to me as yet) and now, their CUP workflows are having a specific issue.
    The path that I've examined is as follows:
    Start > Manager > Role Owner > Security > Finish
    The only custom approver is under Security.  The rest are as delivered in CUP.
    What used to happen would be that the manager would get an email with a link that, upon clicking, would go directly into the request.  Now, that link takes them to a login box.  My colleague said that the tool hasn't been reconfigured by him and that the only major change has been some BASIS changes.
    I'm not sure where to tell him to start looking, since everywhere I've looked seems to be ok.
    Thanks,
    Santosh

    Hi Alpesh,
    That's what I had also said, that perhaps the SSO config was broken.  However, my colleague insists that SSO wasn't enabled.  I have my doubts about this but I have no way to validate that it was working prior to this issue.
    I know that when I look at the stages, the email templates for Approved, Rejected, etc., don't have any URL in the template, only the message.  As far as I know, this is how it should be.  Do you agree?
    Thanks,
    Santosh

  • IDM with WebCenter Portal Application

    Can anybody point me on the basics of using IDM with my WebCenter Portal Application. What are the steps I need for authentication and authorization?

    Hi.
    Is the following documentation helpful?
    Integrating an Enterprise Deployment with Oracle Identity Management - 11g Release 1 (11.1.1.8.0)
    Regards.

Maybe you are looking for