access identity management Archives - InsideSAP Asia https://insidesap.asia/tag/access-identity-management/ The independent resource for SAP professionals in Asia Mon, 26 Jun 2023 06:07:02 +0000 en-US hourly 1 https://insidesap.asia/wp-content/uploads/2020/01/cropped-InsideSAP-Asia-logo-SQUARE-32x32.png access identity management Archives - InsideSAP Asia https://insidesap.asia/tag/access-identity-management/ 32 32 The Evolution of SAP Security, Access Control, and IAM https://insidesap.asia/the-evolution-of-sap-security-access-control-and-iam/ https://insidesap.asia/the-evolution-of-sap-security-access-control-and-iam/#respond Thu, 22 Jun 2023 06:00:00 +0000 https://insidesap.asia/?p=13773 To identify the most suitable SAP access provisioning choice for your organisation, it is important to understand the progression of SAP security, access control, and identity access management (IAM). Read the article below or download the PDF In the early days of SAP (R2), users were granted SAP access using SAP profiles. This later transformed […]

The post The Evolution of SAP Security, Access Control, and IAM appeared first on InsideSAP Asia.

]]>
To identify the most suitable SAP access provisioning choice for your organisation, it is important to understand the progression of SAP security, access control, and identity access management (IAM).

Read the article below or download the PDF


In the early days of SAP (R2), users were granted SAP access using SAP profiles. This later transformed into SAP roles through the Profile Generator (PFCG). To enhance the provisioning process and address the issue of SAP authorisation creep (users gradually being assigned additional access), SAP implemented the ability to assign SAP roles to the HR Organisation Structure. Whenever a user was assigned to an HR position within SAP, they would automatically be assigned the SAP roles associated with that HR position.

SAP Composite Roles were introduced to improve provisioning efficiency by grouping multiple single roles within a data container. When an SAP user is assigned an SAP Composite Role, they gain access to all the individual roles included in the Composite Role.

Over time, the significance of access risk management grew exponentially. The practice of granting SAP access without considering its potential risks became increasingly unsustainable. Consequently, this gave rise to the development and implementation of access control solutions, such as Governance, Risk, and Compliance (GRC) systems.

At first, access control solutions primarily assessed the SAP systems to detect access risk violations and conducted ‘What-If’ simulations to evaluate the potential risks of proposed role allocations. As access control solutions advanced, they incorporated additional features such as User Access Reviews and role provisioning. The introduction of the Business Role concept facilitated role provisioning. A Business Role functions similarly to an SAP Composite Role, serving as a data container for a group of roles (from multiple SAP systems). When a user is assigned a Business Role, they automatically inherit all the roles associated with that specific Business Role.

In most cases, a Business Role provides greater flexibility compared to an SAP Composite Role in access control solutions, allowing for partial assignment. For example, if an accounts payable clerk only needs 80% of the functionalities offered by the ACCOUNTS PAYABLE CLERK Business Role, it can be assigned partially. On the other hand, an SAP Composite Role is less flexible because once it is assigned, all the individual roles associated with it become available to the user. Business Roles can also include roles from multiple SAP systems, where Composite Roles are limited to roles from the one SAP system.

Identity and access management (IAM) solutions were implemented to effectively handle identity management throughout the IT environment and streamline the Joiner-Mover-Leaver procedure. By enabling access provisioning for various systems and solutions, it was anticipated that IAM solutions would overcome previous provisioning difficulties and greatly enhance the efficiency of onboarding and user provisioning. Moreover, IAM solutions also catered for the Business Roles, which surpassed the limitations of access control solution Business Roles restricted to SAP s ystems. IAM solution Business Roles encompass roles from diverse systems, including both SAP and non-SAP platforms.

Utopia? Almost, but not quite.

The integration of access control solutions and IAM solutions has posed significant challenges in practice, hindering organisations from reaping the benefits of a mutually beneficial relationship between risk management and provisioning. Consequently, organisations must decide which solution will handle the overlapping tasks and functions.

Outlined below are some of the functions that can be performed by both access control and IAM solutions:

Selection of the appropriate solution for each function is critical in attaining an organisation’s desired business objectives. Each solution presents its own set of advantages and disadvantages, influenced by factors such as business goals, system and application types, and the number of solutions involved.

For organisations with extensive SAP footprint, effectively managing access risk and maintaining a balance between provisioning efficiencies and access control are paramount. If an IAM solution is chosen to handle overlapping activities, the desired level of access risk management may not be attained. In such cases, utilising the access control solution for provisioning SAP access could yield the desired outcome.

Conversely, if an organisation has a limited SAP footprint and does not require comprehensive SAP access risk analysis, an IAM solution might be sufficient.

The choice of solution depends on the specific needs of the organisation.

Is opting for a hybrid model the right choice?

To achieve a balance between provisioning efficiencies and effective access risk management, one possible approach is to adopt a hybrid model.

For organisations with a significant SAP footprint and a strong focus on access risk management, an access control solution can be implemented to handle all overlapping activities within SAP systems. Simultaneously, an IAM solution can be utilised for all non-SAP systems.

An alternative approach involves utilising the access control solution for designing Business Roles and then replicating them in the IAM solution for provisioning purposes. By defining Business Roles in the access control solution, it becomes possible to leverage historical usage data and access risk information to create suitable Business Roles for specific user groups.

While implementing a hybrid model has certain drawbacks, such as requiring some business users to operate in two separate systems, it can effectively address the organisation’s need for managing SAP access risks while simultaneously improving the efficiency of SAP user provisioning to an acceptable extent.

Conclusion

Every method has its advantages and disadvantages, and there isn’t a single solution that fits every situation perfectly. When deciding, it’s important to take into account your organisation’s requirements, business goals, SAP footprint, and priorities for managing risks.

For optimal decision-making, collaboration between the SAP security and cyber teams is essential. They should engage in discussions and debates for each specific scenario to determine the most suitable solution for the organisation.

A hybrid approach might be the most favourable option, striking a balance between efficient provisioning and effective management of access risks.

Soterion hosts a podcast called ‘SAP Security & GRC’, dedicated to helping organisations on their journey to effective access risk management in SAP.

Soterion’s CEO, Dudley Cartwright covers topics related to SAP security and GRC, providing insights and tips from industry experts as well as his experience over the decades. Episodes are available in audio and video formats and are between 15-40 minutes long. The podcast is available on all major platforms, such as Apple Podcasts, Spotify, Google Podcasts, etc.

Where to find the podcast:


This article is sponsored by Soterion

The post The Evolution of SAP Security, Access Control, and IAM appeared first on InsideSAP Asia.

]]>
https://insidesap.asia/the-evolution-of-sap-security-access-control-and-iam/feed/ 0
SAP Powers Access Identity Management Provider, One Identity https://insidesap.asia/sap-powers-access-identity-management-provider-one-identity/ https://insidesap.asia/sap-powers-access-identity-management-provider-one-identity/#respond Mon, 15 Jul 2019 21:39:00 +0000 https://insidesap.asia/?p=7675 One Identity, an access identity management solutions provider, attained two more certifications with SAP technologies for its One Identity Manager: the “powered by SAP NetWeaver” certification and the SAP Integration and Certification Center (SAP ICC) certification recognizing One Identity Manager capability to integrate with SAP S4/HANA using standard integration technologies. One Identity Manager provides comprehensive […]

The post SAP Powers Access Identity Management Provider, One Identity appeared first on InsideSAP Asia.

]]>
One Identity, an access identity management solutions provider, attained two more certifications with SAP technologies for its One Identity Manager: the “powered by SAP NetWeaver” certification and the SAP Integration and Certification Center (SAP ICC) certification recognizing One Identity Manager capability to integrate with SAP S4/HANA using standard integration technologies.

One Identity Manager provides comprehensive certified integration with SAP products through its identity and access management (IAM) solutions that keep up with the ever-expanding portfolio of SAP enterprise applications.

SAP Business Suite 4 SAP HANA, known as SAP S4/HANA, was launched on February 3, 2015, as SAP’s next-generation business suite and the company’s biggest innovation since SAP R/3.

The recent certifications alongside the company’s new features and integrations establish One Identity’s drive to support its customers’ digital transformation, helping companies seamlessly deploy cloud environments and achieve cost savings and operational efficiencies.

The IAM solutions provider boasts of its on-prem and cloud solutions, which enhance SAP compliance and governance with a cross-platform view that merges the SAP ecosystem with a comprehensive view of non-SAP resources. The solutions also simplify user provisioning and de-provisioning, and permissions management by consolidating tasks for all SAP applications to one solution.

 “Powered by SAP Netweaver”

Now certified as “powered by SAP NetWeaver”, One Identity solutions can be quickly and easily integrated into SAP solution environments. SAP Netweaver supports various SAP applications and provides usage types for analytics and integration. There is a large ecosystem of solutions that run on SAP NetWeaver, which benefits One Identity’s customers aside from improved interoperability with SAP applications.

Considering overall IT investment costs and risks factors, choosing an SAP-certified solution is the most cost-effective strategy.

Integration with SAP S4/HANA

The SAP Integration and Certification Center (SAP ICC) has certified that One Identity Manager integrates with SAP S4/HANA using standard integration technologies.

SAP S4/HANA is fully architected for the most advanced in-memory platform, SAP HANA, designed on the most modern design principles with the SAP Fiori user experience (UX). It is offered as a cloud, on-premise, and hybrid deployment option to provide maximum choice to customers.

The platform is designed to drive business innovation with simplicity by connecting people, devices, and business networks in real-time to support the development of new business models and accelerate the on-ramp to Internet of Things and Big Data. SAP S4HANA drives lower costs and delivers IT efficiency with its simplified data model.

Serkan Cetin, One Identity APJ Technology and Strategy Regional Manager said:

“Our customers in the Asia Pacific and Japan are embracing new IT infrastructures that enable employee productivity while reducing capital expenditure costs. Achieving certifications like these enable new product features and strengthen on-the-ground support.”

“Identity governance and administration (IGA) are crucial to the business efficiency and security of enterprises that rely on SAP technologies, and our SAP-certified solutions bring peace of mind, enhanced governance, and streamlined operations to customers that make SAP a foundation to their digital transformations,” Cetin added.

About One Identity

One Identity offers a comprehensive family of identity and access management (IAM) solutions designed to solve present and future business challenges. Its design and integration philosophy is to provide solutions that add agility and efficiency to an organization, regardless of size and market, while securing its digital assets.

The company promises to deliver identity governance, access management, and privileged account management solutions that facilitate and secure customers’ digital transformation.

The post SAP Powers Access Identity Management Provider, One Identity appeared first on InsideSAP Asia.

]]>
https://insidesap.asia/sap-powers-access-identity-management-provider-one-identity/feed/ 0