ROI iAM

Appearance

GRC Setup

Connections

TIP

Open SAP Log On.

  • Enter transaction SPRO.
  • Expand Integration Framework.
  • Select Create Connectors.

Diagram

  • Click Create New.

Diagram

1. Technical Settings

  • RFC Destination: TargetApp
  • Connection Type: HTTP Connection to External Server
  • Description: SalesForce Connector

TIP

Host: Details will be provided separately.

  • Port: 443
  • Path Prefix: /roiam/riskanalysis

Diagram

2. Logon & Security

A. Basic Authentication

Diagram

TIP

User & Password: These will be provided separately.

B. OAuth Authentication

If OAuth is being used as a form of authentication, update accordingly with the correct profile you have set up.

TIP

If using OAuth, update accordingly with the correct profile you have set up.

Diagram

  • SSL Certificate: Default – Active

Diagram

Logical Ports Configuration

Basic Authentication

INFO

Open SAP Log On.

  • Enter transaction SOAMANAGER.
  • SOA Management opens.

Diagram

  • Select Web Service Configuration.
  • Filter on Object Name - GRAC*.

Diagram

  • Open the top item.
  • Click Create.

Diagram

  • Select Manual Configuration.

Diagram

Web Service Configuration Steps

1. Logical Port Name

  • Logical Port Name: Enter a logical port name (e.g., ROI_IAM_PRD).
  • Description: Provide a description (e.g., ROI iAM Production).

Diagram

2. Consumer Security

Diagram

TIP

User & Password: These will be provided separately.

3. HTTP Settings

Diagram

TIP

URL: This will be provided separately.

4. SOAP Protocol

No changes are required; use default selections.

Diagram

5. Identifiable Business Context

Leave blank.

Diagram

6. Operation Settings

No changes are required.

Diagram

7. Ping Web Service

Click the Ping icon to test the connection.

Diagram

A pop-up appears confirming that the connection is successful.

Diagram

OAuth2 Authentication

1. Setup OAuth Client

Enter transaction OA2C_CONFIG.

  • The OAuth2 Clients screen opens.
  • Click Create.
  • Select as Client Profile: GRCOAUTHCLIENT2.
  • Enter a Configuration Name: ZROI_IAM_PRD.
  • Enter Client ID.

TIP

Client ID: This will be provided separately.

Diagram

Click OK.

IDs and Secret are available in the CUSTOMIZING.

Diagram

  • Authorization Endpoint: ROI iAM URL & "/oauth/auth"
  • Token Endpoint: ROI iAM URL & "/oauth/token"
  • Enter Client ID, Client Internal, and Client Secret.

TIP

Client credentials are environment specific.

Diagram

  • Redirection URI Server: Relevant S/4 and GRC URL
  • SAML 2.0 Recipient: URL with "/oauth/token"

Diagram

  • Scopes

Diagram

  • Enhancement Settings

Diagram

2. OAuth Authorizations

To ensure that the system works effectively with OAuth2, assign the following roles based on the segregation of duties.

Three standard roles must be added to relevant users based on their activities, and one custom role must be created.

Standard Roles

  • SAP_BC_WEBSERVICE_CONFIGURATOR – Enables setup, configuration, and successful ping in SOA Manager.
  • SAP_GRAC_SETUP – Enables GRC setup and ability to run sync jobs.
  • SAP_IWXBE_RT_XBE_ADM – Enables the setup of OAuth clients.

Diagram

Custom Roles

  • ZROIAM_OAUTH – This role enables OAuth on a call and must contain the following authorization objects:
    • S_START
    • S_OA2C_USE

Diagram

WARNING

The OAuth 2.0 Client Profile should be the profile used in SOA Manager logical port.

3. Setup SOA Manager

  • SOA Management opens.
  • Select Web Service Configuration.

Diagram

  • Filter on Object Name - GRAC*.
  • Open the top item.

Diagram

  • Click Create.
  • Select Manual Configuration.

A. Logical Port Name

  • Logical Port Name: ROI_IAM_PRD (use your logical port).
  • Description: ROI iAM Production (enter description based on your preference).

B. Consumer Security

  • Select OAuth 2.0.
  • Enter the OAuth Profile and OAuth Configuration created in the previous step (Setup OAuth Client).

C. Messaging

Use default settings.

D. Transport Settings

Enter the URL.

Diagram

Diagram

E. Message Attachments

Diagram

F. Identifiable Business Context

Diagram

G. Operation Settings

Diagram

H. Ping Web Service

Diagram

Create a Logical Connection

TIP

Open SAP Log On.

  • Enter transaction SPRO.
  • Expand Integration Framework.
  • Select Create Connectors.

Diagram

Diagram

  • Click New Entries.

Diagram

  • Click Save.

Diagram

Maintain Connections

Maintain Connectors and Connection Types

WARNING

The logical port should match the logical port in SOA Manager configuration.

Define Connector Groups

Create all relevant connector groups for each ROI iAM enabled system and assign Z_ROIAM as the connection type. Connector groups must also be maintained in the ZROI_CUSTOMISING transaction. Follow that section for more information on setup.

Diagram

  • Assign Connector Groups to Group.
  • Click New – Entry – Logical Group.

Diagram

Diagram

Maintain Connection Settings

Work Area Configuration:

Diagram

AUTH

Diagram

PROV

Diagram

ROLMG

Diagram

1. AUTH Connection Settings

Diagram

Diagram

Diagram

Highlight WS and click Scenario-Connector Link.

Diagram

  • Click Save.
  • Add to Transport Request.

Diagram

2. PROV Connection Settings

Diagram

Diagram

Diagram

  • Select the relevant target connector.

Diagram

  • Press Enter.

Diagram

  • Click Save.

3. ROLMG Connection Settings

Diagram

Diagram

  • Select the relevant target connector.
  • Press Enter and click Save.

Diagram

Maintain Connector Settings

Diagram

  • Click New Entries.

Diagram

Diagram

  • Click Save.

Maintain Mapping for Actions and Connector Groups

Click New Entries.

Diagram

Create the relevant Connector Group with the required naming convention. Ensure that the connector group is enabled in Customising parameters in the ROI iAM CUSTOMIZING section of this document.

Diagram

Diagram

Assign Default Connector to Connector Group

Diagram

Diagram

Maintain Data Sources Configuration

Diagram

Diagram

Click New Entries.

Diagram

Click Save.

Diagram

Click New Entries.

Diagram

Click Save.

Diagram

Diagram