[
[
SAP NetWeaver Identity Management Experiences from an
Implementation at Colgate-Palmolive Company
Sarah Henriquez Senior Manager IT Risk Management,
Colgate-Palmolive Kristian Lehment Product Manager IDM &
Security, SAP AGReal Experience. Real Advantage.
[ Agenda Evolution at SAP towards the Solution Compliant
Identity Management and Single Sign-On
Introduction The Functionality Delivered with SAP NetWeaver
Identity Management The COLGATE-PALMOLIVE Company Facts &
Figures
Implementation at COLGATE-PALMOLIVE Company Learning Points
Business Challenges Benefits Plans Going Forward
Real Experience. Real Advantage.
2
[ Compliant Identity Management and Single Sign-OnCompliant
Identity Management and Single Sign-On
Compliance and Governance
Authentication and Single Sign-On
Identity Management
SAP Access Control
SAP NetWeaver Single Sign-On
SAP NetWeaver Identity Management
SAP offers a complete suite of compliance, governance, identity
management, and single sign-on solutions
Real Experience. Real Advantage.
[ The Identity LifecycleHow long does it take for new employees
to receive all permissions and become productive in their new
job?
How can you remove permissions automatically if employees change
their position?
Are permissions automatically adjusted if someone is promoted to
a new position?
How long does it take to remove ALL permissions of an employee?
And how can you ensure that they were properly removed?
Who has adequate permissions to fill in for a co-worker?
Real Experience. Real Advantage.
[ SAP NetWeaver Identity Management FunctionalitiesHolistic
ApproachSAP HCM e.g. on-boarding SAP Business Suite Integration
Compliance checks SAP Access Control Identity virtualization and
identity as service
Approval workflows
SAP NetWeaver SAP NetWeaver Identity Identity Management
Management
Central Identity Store
Reporting
Password management
SAP applicationsRule-based assignment of business roles
Non-SAP applicationsWeb-based Single Sign-On and Identity
Federation
Provisioning to SAP and non-SAP systems
Real Experience. Real Advantage.
[ History of Compliant Identity Managementand Single Sign-On
October 31, 2011of SAP NetWeaver Identity Management 7.2 General
availability 09, 2011 August availability of SAP Governance, Risk,
and Compliance GeneralSolutions, Release 10.0 2011 June
14,availability of SAP NetWeaver Single Sign-On 1.0 General January
12, 2011 security products and assets from SECUDE SAP acquires
software 2009 June 16,availability of SAP NetWeaver Identity
Management 7.1 General 2007 June 15,availability of SAP NetWeaver
Identity Management 7.0 General 14, 2007 Mayextends identity
management capabilities in SAP NetWeaver SAP with acquisition of
MaXware
April 03, 2006 leadership in compliance solutions with
acquisition of Virsa SAP strengthens
SAP Access Control SAP NetWeaver Identity Management SAP
NetWeaver Single Sign-On
Real Experience. Real Advantage.
[ SAP offers Rapid Deployment Solutionto meet specific business
needsSoftwareQuickly address the most urgent business processes
ContentSAP best practices, templates and tools make solution
adoption easierSoftware Service Content Enablement
EnablementGuides and educational material speed end user
adoption
ServiceFixed scope and price provides maximum predictability and
lowers risk
Real Experience. Real Advantage.
[ which allow predictability, out-of-the-box integrationand
adoption choices as business demandsPredictability Fast value in
days/weeks Fixed cost and fixed best practice scope
Integration Integrated start and growth options Immediate and
future IT and business processes landscape integrity
Choice Modular packages to meet specific business needs and
allow individual adoption paths Flexible licensing and deployment
options
Real Experience. Real Advantage.
[ Predictability: Solution adoption made
simplePredictability
Implementations in a matter of days/weeks Clear pricing, scope,
timelines and outcomes Proven best-practices from an extensive
customer and qualified partner ecosystemReal Experience. Real
Advantage.
[ Agenda The COLGATE-PALMOLIVE Company - Facts & Figures
Implementation at COLGATE-PALMOLIVE Company Learning Points
Business Challenges Benefits Plans Going Forward
Real Experience. Real Advantage.
10
$16.7 + Billion in Sales
Products Sold in 200 Countries & Territories
Sales by DivisionPet
39,200 Colgate People
13% Greater Asia/Africa 20%
North America 18% Latin America
Europe/South Pacific 21%
28%
ORAL CARE
PERSONAL CARE
HOME CARE
PET NUTRITION
[ Learning PointsPre-implementation insights that were important
for the project: SAP NetWeaver Identity Management is a framework
and it is highly customizable Understand the current business
processes in use at Colgate-Palmolive Company
Real Experience. Real Advantage.
13
[ Overview of Identity Management at ColgateColgate uses the
application to centralize and synchronize user accounts for E-mail,
SAP user IDs and Network access (MS-Active Directory) Standardize
identities using Human Capital Management (HCM) global personnel
number as a unique identifier
User accounts mapped to the global personnel number
Automatically creates and terminates accounts based on HCM action
types
Real Experience. Real Advantage.
14
[ Business ChallengesAddresses current business challenges:
Users need accounts in multiple applications Multiple organizations
support account creation / termination
Manual process requiring complex reconciliation Decentralized
account administration processes for different applications
Real Experience. Real Advantage.
15
[ Benefits One single source of truth
Automates creation of user accounts Automates compliance and
timeliness of terminations Improves employee experience
Real Experience. Real Advantage.
16
[ Best Practices Automation of manual process
Global centralized process
Real Experience. Real Advantage.
17
[ HCM Integration with IdMHR to enter data for employees
HR1
Identity Management2RFC
Create employee record
Receive HR Data
4
Update employee record with SAP Id + Email (Infotype 105)
3Web Service
Calculate SAP Id and Email address
Real Experience. Real Advantage.
18 of 22
[ Lessons Learned: HCM Integration with IDM Data entered in the
global HCM system The timeliness of the data entered Understand the
data needed Use of employee information for account creation
Accuracy of user address information
Real Experience. Real Advantage.
19
[ Where are We Now?Jun 2010 Jul 2010 Aug 2010 Sep 2010 Oct 2010
Nov 2010 Dec 2010 Jan 2011 Feb 2011 Mar 2011 Apr 2011 May 2011 Jun
2011 Jul 2011 Aug 2011 Sep 2011 Oct 2011 Nov 2011
Email account v 7.1
SAP User Id Account v 7.1
Network account automation v 7.1
Real Experience. Real Advantage.
20
[ Identity Management Account AutomationHR to enter data for
employees
HRCreate employee record
Identity ManagementCreate user account
Network accountProvision Active Directory accountReal
Experience. Real Advantage.
EmailProvision Lotus Notes account
SAP CUANew SAP User IdRole provisioning to target systems21
[ Long Term Strategy
Single Sign-On Self-service Integrate GRC Migrate CUA managed
systems to IdM Upgrade 7.2 Password resets Lock/unlock
Fully automate creation/termination SAP, Email, Network Id
Real Experience. Real Advantage.
22
[ Plans Going Forward Increase scope on IDM to manage all
employees
Upgrade SAP NetWeaver Identity Management to version 7.2
Integrate Governance, Risk, and Compliance (GRC) process (SAP
Access Control) Automate role assignments were possible Implement
SAP NetWeaver Single Sign-OnReal Experience. Real Advantage.23
[ Key Lessons Learned Alignment with HR is key
Change Management Understand changes and impact to current
business processes What is changing What is centralized
Understand the data coming from HCM into IDM Identify key
technical and business process expertise Communication is keyReal
Experience. Real Advantage.24
[
Thank you for participating.Please remember to complete and
return your evaluation form following this session. For ongoing
education on this area of focus, visit the Year-Round Community
page at www.asug.com/yrc
]25
[
SESSION CODE:
1004
Real Experience. Real Advantage.
