Total Pageviews

Thursday 19 June 2014

Configure Password Self Service in GRC System



Part 1: Configuration in SPRO

1. Run transaction SPRO.
2. Click the SAP Reference IMG button.
3. Navigate the menu path
    -> Governance, Risk & Compliance
    -> Access Control
    -> User Provisioning
4. Click the Execute button for Maintain Password Self Service.
5. On the left panel, under Dialog Structure, click PSS Global
Configuration Values folder
6. Click New Entries button.
7. Under the PSS Global Configuration Values, enter the following:
    Authentication Source = Challenge Response
    PSS Disable Verification = None
    Number of Questions = 2 (Minimum should be 1)
    Number of Attempts  = 3 (For Example)
8. Click Save button.
9. On the left panel, click the Challenge Response Questions folder.
10. Click New Entries button.
11. In the Challenge Response Questions, enter a Question in the field
provided.
12. Check the Active box.
13. Click Save.

Part 2: Configuration in CUP screens

1. Open your browser and enter your portal URL:
http://<hostname>:<port>/irj/portal ( NWBC transaction)
   where <hostname> is a fully qualified host name
         <port> is the port number
   check with your Basis team for these information.
                                                                
2. Click on My Home tab.

3. Under the My Profile section, click on Register Security Questions.
   Here register at least one security question and the answer.
Once this step is done then go to 'Reset Password' screen and complete the task.

4. Maintain Connector Settings – for each applicable system tick the PSS System Box

5.Maintain Data Sources Configuration – choose which system you check for User Id to login
  • User Authentication Data Sources
  •  Maintain Data Sources Configuration – Choose NO to remove the need to enter a password on logon screen GRAC_UIBB_END_USER_LOGIN***
  • User Search Data Sources
  • User Detail Data Source    
6. Maintain Password Self Service using SPRO 
  • PSS Global Configuration Values – Choose Challenge Response, Set Verification to Password Self Service; enter number of questions you want them to answer and number of attempts they receive
  • Challenge Response Questions – you can define a set of Global Template Questions for them to answe
  • HR System – no action unless you happen to be using HR system for Authentication Source
7.Activate following Webservices and ensure you have a system user to complete the authentication for the web service login (transaction SICF)
  •  GRAC_UIBB_END_USER_LOGIN 
  • GRAC_GAF_PWD_SELFSERVICE_EU
  • GRAC_OIF_USER_REGISTER_EU
Activate End User Logon (you completed most of this with SICF), however the help documentation explains how you can configure the screens to remove links, etc from logon and launch pad (e.g. remove User Request Form, etc).











2 comments:

  1. Hi, i'm having same problem on this one, https://answers.sap.com/questions/10571042/grc-10---reset-password-service.html, however config seems correct. and client wanted even they use client id, the sap it will be automatically show in user changed password. is there a way to fix it? appreciate any help.

    ReplyDelete