PUBLIC
Kristian Lehment, SAP SE
Christian Cohrs, SAP SE
July 2017
SAP Identity Management & Provisioning Service Roadmap
2PUBLIC 2017 SAP SE or an SAP affiliate company. All rights reserved.
The information in this presentation is confidential and proprietary to SAP and may not be disclosed without the
permission of SAP. This presentation is not subject to your license agreement or any other service or subscription
agreement with SAP. SAP has no obligation to pursue any course of business outlined in this document or any related
presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation
and SAP's strategy and possible future developments, products and or platforms directions and functionality are all
subject to change and may be changed by SAP at any time for any reason without notice. The information in this
document is not a commitment, promise or legal obligation to deliver any material, code or functionality. This document
is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties
of merchantability, fitness for a particular purpose, or non-infringement. This document is for informational purposes
and may not be incorporated into a contract. SAP assumes no responsibility for errors or omissions in this document,
except if such damages were caused by SAPs willful misconduct or gross negligence.
All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ
materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements,
which speak only as of their dates, and they should not be relied upon in making purchasing decisions.
Legal disclaimer
3PUBLIC 2017 SAP SE or an SAP affiliate company. All rights reserved.
What data is critical to you?
Risk based security investments
Do you also protect your data or only the underlying infrastructure?
Customer data
Employee data
Processes
ContractFinancial data Leads
Marketing results
Production process
Product composition
Vendor information
Specifications
Where is that data mainly stored?
SAP systems
Mails
Cloud drives
Files
Infrastructure
SAP systemSecurity measures on infrastructure level are mandatory. But the threat
landscapes changed and for most companies the SAP systems are a
black box related to security.
The paradox: the black box contains often the most critical data
4PUBLIC 2017 SAP SE or an SAP affiliate company. All rights reserved.
SAP helps protect your digital business
Transactions and data must be secured throughout the entire end-2-end business process
Cybersecurity is a critical element in the Digital Transformation journey
1. Customers and employees are hyper-connected, always on, with seamless access anywhere and anytime
2. Cloud and hybrid cloud environments have become the norm, challenging traditional Protect the 4 walls security approaches
3. Digitally connected supply chains are based on high trust and availability of all parties
4. The Internet of Things and Big Data bring unprecedented data streams and volumes
5. Confidentiality, integrity, and availability of data is the basis for secure operations and trusted relationships
5PUBLIC 2017 SAP SE or an SAP affiliate company. All rights reserved.
SAP Identity Management
SAP Identity Management and Access Control
In the SAP security product portfolio
SAPBusiness
Suite
SAP Cloud PlatformSAP NetWeaver
Application Server
SAP Access Control
SAP Identity Management
Make it simple for users to do what they are allowed to do
Know your users and what they can do
SAP Single Sign-On
Ensure corporate compliance to
regulatory requirements
Platform Security
Make sure that SAP solutions run securely
SAP Enterprise Threat Detection
Counter possible threats and identify attacks
Add-On for Code Vulnerability
Analysis
Find and correct vulnerabilities in customer
code
SAP Cloud Platform Identity
Authentication
SAP Cloud Identity Access
Governance, access analysis
service
Manage access,
users and
compliance in the
cloud
SAP HANA
3rd Party Systems
SAP S/4HANA
SAP Cloud Applications SAP Cloud
Platform Identity Provisioning
SAP Cloud Platform Identity
Provisioning
SAP Identity Management
7PUBLIC 2017 SAP SE or an SAP affiliate company. All rights reserved.
Use centralized software to lower risk and manage the full identity lifecycle of users. Keep operations running efficiently and
affordably, while protecting applications and data. Provide user access according to current business roles. Workflows and
user interface are highly flexible and configurable without the need for development skills
Lower IT support costs and reduce risk with centralized user identity
management across SAP, non-SAP, various IT and cloud solutions
Improve productivity with self-services such as automatic password resets
and rules-driven workflows
Improve insight and compliance with centralized, integrated logging and
reporting
Boost flexibility with standards-based functionality that integrates fully with
company processes
SAP Identity ManagementProduct description
8PUBLIC 2017 SAP SE or an SAP affiliate company. All rights reserved.
Enables the
efficient,
secure and
compliantexecution of business
processes
Key capabilities
Manage identities and
permissions
SAP Identity
Management
Ensures that the
right users have the
right access to the
right systems at the
right time
Consistent user
roles and
privileges
Across
all systems and applications
Holistic approach
9PUBLIC 2017 SAP SE or an SAP affiliate company. All rights reserved.
Use cases in the identity lifecycle
How long does it take for new
employees to receive all permissions
and become productive in their new
job?
Are permissions automatically
adjusted if someone is promoted
to a new position?
Who has adequate permissions
to fill in for a co-worker?How long does it take to remove ALL
permissions of an employee? And how
can you ensure that they were properly
removed?
How can you remove permissions
automatically if employees
change their position?
10PUBLIC 2017 SAP SE or an SAP affiliate company. All rights reserved.
Strengths of SAP Identity Management (1/2)
Centralized Identity Management and provisioning of user data and related permissions for the entire
heterogeneous company landscape both for SAP and non-SAP applications
Fully automated synchronization and lifecycle of
employee identities integrated with SAP HCM and
SuccessFactors
Integration with SAP Business Suite
Optional integration with SAP Access Control for
exemplary compliancy and auditability
IT systems connectivity and IT user provisioning
Many SAP and non-SAP connectors from SAP at no extra
cost and exemplary support for business applications
Additional non-SAP connectors are available via partners
(separate pricing by partner)
Connector Development Kit and Virtual Directory Server
SAP SCM
SAP ERP HCM
SAP ERP
Java Database
Legacy
OS
Lotus Notes
MS Exchange
SAP applications Non-SAP applications
SAP Identity Management
SAP Access
Control
SAP SuccessFactors
Web Apps
SAP HANA
Portal
Active Directory
11PUBLIC 2017 SAP SE or an SAP affiliate company. All rights reserved.
Strengths of SAP Identity Management (2/2)
SAP IdM offers flexible and highly configurable
comprehensive workflows including a visual designer tool
As a highly functional central place for access request it
supports all the most important scenarios
Self-service capabilities for user related data and fully
automated user provisioning with no manual steps lowers
the burden on IT and the call center and increases the
ROI
It manages multiple and complex hierarchies of business
roles
SAP IdM is equipped with strong capabilities for reporting
SAP IdM is built on highly scalable platforms
SAP is a strategic software partner
12PUBLIC 2017 SAP SE or an SAP affiliate company. All rights reserved.
SAP Identity Management Connectivity Overview
Technical
Other + Partner
Business Applications
Directory Servers
Databases
SAP HANA Database
SAP ASE (Sybase)
Microsoft SQL Server
Microsoft Access
Oracle database
IBM UDB (DB2)
MySQL
Microsoft Active Directory
IBM Tivoli Directory
Nov
