After upgrading from IGA v14.5 to v15, SAP R3 endpoint provisioning fails to assign roles inherited from account templates.

• When assigning an account template that should grant a specific SAP role, the role is not assigned to the user.
• Provisioning Manager logs show "Info" level messages with the "Unchanged" category.
• The log entry typically states: ETA_S_0096, SAP R3 Account '[UserID]' on '[Endpoint]' was already synchronized with its account templates.
• Active Directory accounts and other endpoint types synchronize successfully; the issue is isolated to SAP R3.
• Manually assigning the role in Identity Manager works, but template-based inheritance fails.

This issue is caused by a defect in the SAP metadata file (sappase.ptt) within the Provisioning Server. The server incorrectly determines that the account is already in sync with its templates, preventing the necessary updates from being pushed to the SAP endpoint.

Defect ID: DE669372

A fix for this issue is scheduled to be included in Identity Suite v15.0 Fix Pack 6.

Workaround / Hotfix

If you require an immediate resolution before the release of Fix Pack 6, please contact Broadcom Support to request the imps_patch.tar.gz hotfix from DE669372.

To apply the hotfix:

1. Copy the imps_patch.tar.gz file to the following directory on the Provisioning Server: /opt/brcm/iga/patches/imps/
2. Restart the Provisioning Server (IMPS) service.
3. The patch will be applied automatically during the service startup.
4. Verify the fix by performing a "Synchronize User with Roles" or "Synchronize Account with Templates" task for an affected SAP account.