grc exercises workflow config
TRANSCRIPT
-
7/29/2019 GRC Exercises Workflow Config
1/31
SAP NETWEAVER IDENTI TY
MAN AGEMENT 7.1 - WORK FLOW
CONFIGURATION
SCI261Exercises / Solutions
Kre Indry, Product Expert, SAP NW IdMMatt Kangas, SAP Technology RIG AmericasNghia Nguyen, SAP Technology RIG AmericasOliver Nocon, SAP Technology RIG EMEA
-
7/29/2019 GRC Exercises Workflow Config
2/31
2
-
7/29/2019 GRC Exercises Workflow Config
3/31
3
Exercise 1: Configuring Search and Display Tasks
Configure Settings for Search and Display of Users
Open the Identity Management MMC
Browse to folder SAP NW IDM Identity stores Enterprise People Create new Folder SCI261
Browse to folder SAP NW IDM Identity stores Enterprise People SAP Provisioning Framework Web EnabledTasks Identity Management
-
7/29/2019 GRC Exercises Workflow Config
4/31
4
Copy task Change Own Data and store it in newly created folder SCI261 as Search User (hint: right-click to copyand paste)
Inspect the task Search User
Copy task Search User and store it as Display User
Inspect the task Display User and add attribute DESCRIPTION
-
7/29/2019 GRC Exercises Workflow Config
5/31
5
Save your settings
Browse to the entry type MX_PERSON
Open the properties of MX_PERSON
-
7/29/2019 GRC Exercises Workflow Config
6/31
6
Adapt the setting for Display task and Search task on the tab General
For Display task select the task Display User
For Search task select the task Search User
-
7/29/2019 GRC Exercises Workflow Config
7/31
7
Verify your settings
Save your settings:
-
7/29/2019 GRC Exercises Workflow Config
8/31
8
Inspect the Result in the End User Interface
Open the Identity Management UI in the browser by navigating to http://localhost:50000/idm
Log in with
User: Teched (xx = number 1-30)
Password: abcd1234
Browse to the tab Manage
Click on Advanced search this will show you the attributes as configured in your Search User task
Search for users
-
7/29/2019 GRC Exercises Workflow Config
9/31
9
Select any search result
Inspect the details screen below your search result this will show the attributes as configured in your DisplayUser task
-
7/29/2019 GRC Exercises Workflow Config
10/31
10
Ex erc ise 2: Cust omize Dat a for Search Resul t
Configure User Attributes to be Displayed in the Search Result Screen
Go back to your Identity Management MMC
Browse to the entry type MX_PERSON
Open the properties of MX_PERSON
Open tab Attributes
Change the settings of the column List for a selected set of attributes
Save your settings:
Inspect the Result in the End User User Interface
Open the Identity Management UI in the browser by navigating to http://localhost:50000/idm
-
7/29/2019 GRC Exercises Workflow Config
11/31
11
Log in with
User: Teched (xx = number 1-30)
Password: abcd1234
Browse to the tab Manage
Search for user
Inspect the set of attributes of the search result this will match the set of attributes where the list option has beenactivated (as configured above)Hint: Add the parameter NoCache to the url in order to invalidate the cache in case the changes do not take effectas expected:Example: http://localhost:50000/webdynpro/dispatcher/sap.com/tc~idm~wd~workflow/Idm?NoCache
-
7/29/2019 GRC Exercises Workflow Config
12/31
12
Ex erc ise 3: Creat e UI Task Change User Prof i le
Goal of this exercise
Create a Change User Profile task which looks as follows
Create a new display task Change User Profile
Go back to your Identity Management MMC
Browse to folder SAP NW IDM Identity stores Enterprise People SCI261
-
7/29/2019 GRC Exercises Workflow Config
13/31
13
Create a new Ordered task group and name it Change User Profile
Configure the layout of the task on tab Attributes
Select Entry type MX_PERSON
-
7/29/2019 GRC Exercises Workflow Config
14/31
14
Following attributes should be displayed (hint: after selecting attributes, pressing Apply moves them to the top of the
list) (hint: Attributes can be moved in the list by selecting them and pressing the Up or Down keys).
ATTRIBUTENAME MANDATORY
MSKEYVALUE yes
DISPLAYNAME yes
MX_FIRSTNAME
MX_LASTNAME
MX_ADDRESS_STREETADDRESS
MX_ADDRESS_CITY
MX_ADDRESS_COUNTRY
MX_MAIL_PRIMARY
MX_MAIL_ADDITIONAL
MX_PHONE_PRIMARY
MX_PHONE_ADDITIONAL
-
7/29/2019 GRC Exercises Workflow Config
15/31
15
Add a tab before MSKEYVALUE and after MX_PHONE_ADDITIONAL by using the context menu
Name the first tab Personal Data
Name the second tab Account Information
Add a section before MX_MAIL_PRIMARY by using the context menu and name it Communication Data
-
7/29/2019 GRC Exercises Workflow Config
16/31
16
Save your configuration
Your end result should look as follows:
-
7/29/2019 GRC Exercises Workflow Config
17/31
17
Configure the access control settings of the task Change User Profile
Navigate to the tab Access control of your task
Allow a user Teched (xx = number 1-30) to maintain data of every user in the system
-
7/29/2019 GRC Exercises Workflow Config
18/31
18
Allow all users to maintain the profile for themselves (self-service)
The result should look as follows:
Save your task settings
Execute the Change User Profile Task
Open the Identity Management UI in the browser by navigating to http://localhost:50000/idm
-
7/29/2019 GRC Exercises Workflow Config
19/31
19
Log in with
User: Teched (xx = number 1-30)
Password: abcd1234
On the Self Services tab select your task, verify the layout and change some user information
Ex erc ise 4: Role Ow ner Approval
Workflow ApprovalFirst, a role must be created and assigned a workflow for approval.
-
7/29/2019 GRC Exercises Workflow Config
20/31
20
Go back to the Identity Management MMC. Navigate to Identity Stores Enterprise People SCI262 CreateBusiness Role (new) Set Approval Framework Task Set Approval Framework Task Set Approval FrameworkTask
On the Destination tab change the Identity Store to Self
Press Apply to save
Open the Identity Management UI in the browser by navigating to http://localhost:50000/idm
Log in with
User: Teched (xx = number 1-30)Password: abcd1234
Navigate to the Manage tab.
-
7/29/2019 GRC Exercises Workflow Config
21/31
21
Create new role. Change type to Role and select Create...
Navigate to Create Business Role and select Choose Task
Give your role a name (Role ID and Display Name) and set the Workflow type for assignment to Owner Approval
Assign an owner to the role. The role owner will be the approver in this workflow. In the Entry Owner sectionsearch for users
Select a user as the Role Owner (Teched (xx = number 1-30)) and press Add
-
7/29/2019 GRC Exercises Workflow Config
22/31
22
Press Create to save your entry
Now the role needs to be added to a user. Browse to the tab Manage
Search for user
Select a user (Teched (xx = number 1-30)) and press Choose Task
-
7/29/2019 GRC Exercises Workflow Config
23/31
23
Select Web Enabled Tasks Identity Management Change Identity and press Choose Task
Give the user a last name. In the Assigned Roles section press Search to find your newly created role
Select the role and press Add to assign it to your user
Save your entry
-
7/29/2019 GRC Exercises Workflow Config
24/31
24
Log out your current user and log in with the user assigned as the role owner. Navigate to the To Do tab. Selectthe request awaiting approval and press Show Request
Approve the request
You can now verify the status of the role assignment. Browse to the tab Manage
-
7/29/2019 GRC Exercises Workflow Config
25/31
25
Search for user
Select the user you assigned the role to and press Choose Task
Select Web Enabled Tasks Identity Management Change Identity and press Choose Task
By clicking on the status OK you will get further details about the approval flow of the request:
-
7/29/2019 GRC Exercises Workflow Config
26/31
26
-
7/29/2019 GRC Exercises Workflow Config
27/31
27
OPTIONAL
Ex erc ise 5: Cust omize the Present at ion Set t ings of Change
User Prof i le Task
Adapt the Presentation of your Task
Go back to your Identity Management MMC
Open the task Change User Profile
Go to tab Presentation
-
7/29/2019 GRC Exercises Workflow Config
28/31
28
Change the display name
Add a help url pointing to e.g. http://help.sap.com
Add a task header
Add a task description
http://help.sap.com/http://help.sap.com/ -
7/29/2019 GRC Exercises Workflow Config
29/31
29
Add a text for the submit button
Add a text for the confirmation message
Save your task settings
Execute the Change User Profile Task Again
Open the Identity Management UI in the browser by navigating to http://localhost:50000/idm
Hint: Add the parameter NoCache to the url in order to invalidate the cache in case the changes do not take effectas expected:Example: http://localhost:50000/webdynpro/dispatcher/sap.com/tc~idm~wd~workflow/Idm?NoCache
Log in with
User: Teched ( = number 1-30)
Password: abcd1234
On the Self Services tab select your task, verify the presentation settings of your task
-
7/29/2019 GRC Exercises Workflow Config
30/31
30
-
7/29/2019 GRC Exercises Workflow Config
31/31
2010 SAP AG. All rights reserved.SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, and other SAP products and servicesmentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and othercountries.
Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius,and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registeredtrademarks of Business Objects Software Ltd. in the United States and in other countries.
All other product and service names mentioned are the trademarks of their respective companies. Data contained in this documentserves informational purposes only. National product specifications may vary.
These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAPGroup") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errorsor omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth inthe express warranty statements accompanying such products and services, if any. Nothing herein should be construed asconstituting an additional warranty.