How to manage SAP user accounts and access rights with Identity Manager

Does your company run SAP applications? If you do, you know how difficult it can be to manage identities. Most of the time, SAP applications are siloed and run completely independently of the rest your IT environment. This makes provisioning users across your SAP and non-SAP platforms a challenge at minimum and at worst, an impossible task.

One Identity Manager provides comprehensive certified integration with SAP products. Our unified identity security solutions keep up with the ever-expanding portfolio of SAP enterprise applications. You won’t find this level of integration with any other single vendor.

Identity Manager streamlines user administration for the SAP ecosystem, including SAP on-premises and cloud-based offerings, such as HANA DB, R/3, S/4HANA, SAP Cloud Platform, SAP Concur and SuccessFactors. It integrates with SAP/HR and SAP/OM or SuccessFactors Employee Central to provide a trusted and authoritative source for valuable organizational information. Identity Manager helps you set up and manage user accounts, groups, roles, profiles and transactions. All the attributes of those objects are synchronized with the central database through connectors, enabling Identity Manager to access other target systems. In addition to its valuable user administration capabilities, Identity Manager helps you achieve your security and compliance goals. It can be used to define rules that maintain and monitor compliance with regulatory requirements and automatically handle rule violations. Plus, Identity Manager helps ensure separation of duty (SoD) and provides full auditing.

Identity Manager synchronizes SAP bi-directionally. Only RFC elements provided by SAP need to be activated in the connected SAP systems. Thus, only the elements provided by SAP are used for communicating with the SAP systems. The exchange of data between the Identity Manager repository and the SAP systems is agentless; only a routing server operates as a secure transaction server by http, ftp or over an OLE-DB provider toward the Identity Manager and over RFC toward SAP. The synchronization can be either time-driven or event-driven.

Benefits include:

  • Automatic creation of an SAP user account for an employee
  • Automatic creation of an SAP user account for an employee through enabling a request or assigning a resource, or through membership of a structural unit
  • Automatic deletion after a grace period when an employee leaves the company
  • Automatic changes to the SAP user account for change of name, location or transfer of assignment within the organization
  • Full synchronization of the objects described above, including manual or automatic resolution of conflicts. Full synchronization means that equal status exists in Identity Manager and SAP regarding the objects managed in Identity Manager

For more information, read the full whitepaper today.

Blog Post CTA Image

Related Content