Hi. My name's Todd Peterson. I'm on the team here at One Identity. And today we're going to talk about identity and access management, specifically for SAP systems. So let's turn to the board and see what we got.
So the bottom line is, most organizations that have SAP really rely on it heavily. It's the most important application or set of applications in their environment. And it's critical that they get the governance of SAP correct.
They also have other things, Active Directory, other applications, mainframes, Unix and Linux systems. They have a bunch of other stuff that they need to also govern. But typically, it works in two different worlds. And that's a challenge. So let's talk specifically about identity and access management, what it is, and then why it's a challenge for SAP organizations, and hopefully some ways that we can overcome those challenges.
So the bottom line is identity and access management comes down to four things. Who has access to what? That's called provisioning typically. What can that person do with that access? That's called authorization. How does that person get to the stuff they need, so the stuff that they are authorized to get to? That's called authentication. And then can you prove that they are doing it correctly? That's called governance. So the workloads are provisioning, authorization, authentication, and governance.
SAP has some idiosyncrasies with every single one of those IAM workloads. For provisioning, typically it's done by the SAP team. Most organizations have an IT organization that does the setting up user accounts, setting up authorizations, managing authentication, making sure people are happy across all their environments, except SAP.
Normally there's an SAP team that does that same stuff for the SAP systems. And often that is done separately for each SAP module. It's not like a single provisioning action done on SAP works across the GRC, or the ERP, or whatever other modules that you've got. Typically it's done separately.
So that means you've got a disjointed approach to provisioning. One way you're doing it for everything else. And another way you're doing it for SAP, and maybe a couple of ways you're doing it for SAP.
So for authorization, SAP uses things called profiles, something called t-codes, and roles, whereas the rest of the enterprise uses things like groups. It also has roles, but they're not a one-to-one correlation with your SAP roles and especially with your t-codes. So you've got a complex authorization environment.
How do the people get to this stuff? For authentication, SAP has a couple of options. There's thick client options as well as the NetWeaver or thin client options. And some of those are non-secure. And you may end up with multiple authentication scenarios across SAP, and especially SAP combined with everything else.
And then for governance, how do you prove it? SAP normally does the governance activities, the attestations, the making sure people are doing things the right way, that they have the correct access, separately for each module and each type of user. So that means that governance in an enterprise is difficult and incomplete.
You may be able to govern some stuff on your enterprise side fairly well. But it might be more difficult on the SAP side. Or you may have SAP governance taken care of very well. But it's not so well on the other side. So the bottom line is you have a disjoint, a break between the rest of IAM in your enterprise and your SAP environment. So let's talk about how we can fix that problem.
So here at One Identity, we have a couple of SAP-certified solutions that really overcome most of those challenges that we talked about earlier. So remember, the challenges we had were provisioning, authorization, authentication, and governance. Our identity manager solution unifies those activities across your entire environment. So the same automation, the same workflow, the same unification, and the same consistency that you use for your other applications, your cloud applications, Active Directory, Unix and Linux systems, is the same paradigm, the same workflows, the same processes, the same technologies that you use across all of your SAP things. So you end up with a very unified, single source of the truth across everything.
And because our solution understands SAP so well, it takes into account things like the t-codes, the profiles, the idiosyncrasies of each SAP module, to ensure that what you do, you're doing actually the right way and that it happens the way that you need to. And as I mentioned earlier, it is an SAP-certified solution. So SAP's looked at it, said, yes, this works great for SAP. And we have dozens, if not hundreds, of customers across the world that are happily using this for their SAP provisioning and governance approach.
Now, if we turn to the single sign-on and two-factor authentication approach, we have authentication services and we also have cloud Access manager that are both SAP certified to give you the authentication and overcome that disjointed multiple password approach that is so typical of SAP in an enterprise. It gives you a unified experience. It gives you an enhanced user experience, meaning that users log on once. They're no longer writing down passwords, remembering multiple passwords for multiple systems.
Security is heightened. It overcomes some of the authentication shortcomings of native SAP authentication. And it dramatically reduces IT workloads, because now users don't need to reset passwords as often. IT doesn't have to get involved so often. It also allows you to implement two-factor authentication on top of your SAP environment for even stronger security as people are logging in.
So from this IRM workload standpoint, your provisioning, which was previously disjointed, different teams doing different things, fairly inconsistent, now becomes fully unified across the entire enterprise. Your authorizations, which again, was one paradigm for other stuff and another one for SAP and maybe a couple for S&P, is optimized for S&P. It takes