Working with SAP IAG Workflow

Working with SAP IAG Workflow

The operational backbone of SAP IAG lies in its sophisticated Workflow system.
Fueled by the robust SAP Business Rules and grounded in the foundational logic
MSMP & BRF+ workflow in SAP Access Control, this cloud-based solution on the
Business Technology Platform (BTP) empowers organizations to create, optimize,
and manage various services such as Access Request, Role Designer seamlessly.
This learning blog provides valuable information on SAP IAG Workflow.

1) How does the Workflow function in SAP IAG?

IAG workflow is integrated with the SAP Cloud Platform Business Rules Service.
This integration allows the definition of stages, paths, and other workflow rules,
enabling the Requests to progress through the various approval stages.

2) How to setup Workflow?

Setting up Workflow in SAP IAG is carried out in 2 stages:

1. Creating new workflow templates
2. Updating Business Rule

Creating New Workflow Templates:

1. Login to SAP IAG
2. From the Administration group, execute Maintain Workflow Template app
3. Click + sign to create a new template
4. Provide Name and Description for the new template
5. Click + sign for stages and add the relevant stages

NOTE: Currently SAP IAG support only 4 pre-defined stages, i.e., Security, Risk Owner, Role Owner and Manager. No additional stages can be created.

6. Change the sequence as needed using the up/down arrows.
7. Click Save You can notice the template created as a User defined template in the list.

Updating Business Rule:

Once the template is created, the next step is to update the Business rule. Follow the steps highlighted below:

1. Login to SAP IAG
2. Under Administration group, execute Configuration app
3. Launch Business Rule

4. Click (open) “IAG Workflow Business Rule”
5. Click Edit
6. Navigate to Rulesets tab
7. Click (open) “PathRulset”
8. Click (open) “RequestTypeRule”
9. Maintain the Decision Table, i.e., Request Type (pre-defined values) and
PathName (created in Maintain Workflow Template)

10. Click Validate
11. Go to previous screen, click Deploy to deploy the updated workflow on Cloud Runtime and Activate.

Now the requests that are getting created will utilize the new PathName which is mapped against the RequestType

3) What are the limitations of Workflow in SAP IAG?

Unlike SAP GRC Access Control, the Workflow in SAP IAG has less flexibility. It
accommodates only a maximum of four predefined stages, namely Security,
Manager, Role Owner, and Risk Owner. These stages are fixed and cannot be
extended or customized. SAP IAG does not permit the creation of new agents,
limiting the adaptability of its workflow structure compared to SAP GRC Access
Control.

4) Can I use BRF+ Rules in SAP IAG?

SAP IAG has limitations regarding the utilization of BRF+ rules. It does not support the integration of BRF+ rules; instead, it exclusively relies on a single Decision Table, which is already provided within the Business Rule configuration. This underscores the system’s constraints in accommodating additional decision logic through BRF+ rules within SAP IAG.

Receive updates on upcoming webinars, the latest case studies, and more directly in your inbox. Stay informed and connected by subscribing to our newsletter.

Subscribe to our newsletter

Raghu Boddu

Meet Raghu Boddu an expert in SAP Security and Governance, Risk, and Compliance (GRC). With over 20+ years of experience in the field, Raghu has a deep understanding of the nuances and complexities of SAP systems and how to keep them secure. Raghu has worked with various clients across different industries, helping them implement effective security and GRC strategies to protect their sensitive data and meet regulatory compliance requirements. Raghu is a respected thought leader in the SAP security and GRC community, regularly sharing insights and best practices through presentations and publications. Whether you’re looking to improve the security of your SAP system or ensure compliance with relevant regulations, Raghu can provide the guidance and expertise you need to succeed.

Explore our success stories

A case study on analyzing Custom Transaction codes and updating the Risk Ruleset

In today’s dynamic business landscape, many SAP customers leverage custom transaction codes to streamline operations and enhance efficiency. However, with customization comes responsibility, as it introduces risks such as segregation…

Learn more

How we helped businesses succeed by providing them with innovative and effective solutions to manage risks

In today’s business landscape, managing SAP systems can be challenging. Many companies struggle with Segregation of Duties (SoD) conflicts and irrelevant transaction codes, making audits cumbersome and increasing the risk…

Learn more

Case study on SAP Licensing Optimization

Today’s business environment requires the efficient management of SAP licensing, though it can be challenging. This problem can be resolved by Optimus for SAP Applications, developed by ToggleNow, by offering…

Learn more

Learn how we can help you and your enterprise through the GRC transformation journey. Choose the appropriate option and fill out the form. Let’s get started!

Product demo

Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Schedule Demo

Detailed Discussion

Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Schedule Demo

Partnership Discussions

Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Schedule Demo