Click here to load reader

SAP Identity Management Overview - a248.g. · PDF fileSAP Identity Management Overview Public ... SAP Identity Management 1 SAP ERP HCM 2 3 SAP ERP HCM SAP ERP SAP CRM SAP Portal Provisioning

  • View
    259

  • Download
    10

Embed Size (px)

Text of SAP Identity Management Overview - a248.g. · PDF fileSAP Identity Management Overview Public...

  • January 2017

    SAP Identity Management

    Overview

    Public

  • 2017 SAP SE or an SAP affiliate company. All rights reserved. 2Public

    Agenda

    Introduction to SAP Identity Management

    Role Management and Workflows

    Business-Driven Identity Management

    Compliant Identity Management

    Reporting

    Password Management

    Connectivity

    Architecture

    Identity Virtualization

    Whats New in Release 8.0

    Summary & Additional Information

    Appendices

  • Introduction to

    SAP Identity Management

  • 2017 SAP SE or an SAP affiliate company. All rights reserved. 4Public

    SAP Identity Management

    SAP Identity ManagementIn the SAP security product portfolio

    SAPBusiness

    Suite

    SAP HANA Cloud Platform

    SAP NetWeaver Application Server

    SAP Access Control

    SAP Identity Management

    Make it simple for users to do what they are allowed to do

    Know your users and what they can do

    SAP Single Sign-On

    Ensure corporate compliance to

    regulatory requirements

    Platform Security

    Make sure that SAP solutions run securely

    SAP Enterprise Threat Detection

    Counter possible threats and identify attacks

    Add-On for Code Vulnerability

    Analysis

    Find and correctvulnerabilities in customer

    code

    SAP HANA Cloud Platform Identity

    Authentication

    SAP HANA Cloud Platform Identity

    Provisioning

    SAP Cloud Identity Access

    Governance, access analysis

    service

    Manage access,

    users and

    compliance in the

    cloud

    SAP HANA

    3rd Party Systems

    SAP S/4HANA

    SAP Cloud Applications

  • 2017 SAP SE or an SAP affiliate company. All rights reserved. 5Public

    Key capabilities

    Enables the

    efficient,

    secure and

    compliantexecution of business

    processes

    Manage identities and

    permissions

    SAP Identity

    Management

    Ensures that the right

    users have the right

    access to the right systems at the

    right time

    Consistent user

    roles and

    privileges

    Across

    all systems and applications

    Holistic approach

  • 2017 SAP SE or an SAP affiliate company. All rights reserved. 6Public

    Business drivers for identity management

    Compliance

    challenges

    Changing

    business

    processes

    Operational

    costs

    Multiple sources of identity data

    Manual user provisioning

    Labor-intensive, paper-based approval systems

    Manual password reset processes

    Transactions involve multiple enterprises

    Partners participate in business processes

    Company-specific requirements for user provisioning solutions

    No record of who has access to which IT resources

    Inability to deprovision user access rights upon termination

    No complete audit trail available

    Prevention of unauthorized access in multi-enterprise environments

  • 2017 SAP SE or an SAP affiliate company. All rights reserved. 7Public

    Identity lifecycle

    How long does it take for new

    employees to receive all permissions

    and become productive in their new

    job?

    Are permissions automatically

    adjusted if someone is promoted

    to a new position?

    Who has adequate permissions

    to fill in for a co-worker?How long does it take to remove ALL

    permissions of an employee? And how

    can you ensure that they were properly

    removed?

    How can you remove permissions

    automatically if employees

    change their position?

  • 2017 SAP SE or an SAP affiliate company. All rights reserved. 8Public

    Solution in a nutshell

    Central management of identities throughout the

    system landscape

    Rule-driven workflow and approval process

    Extensive audit trail, logging, and reporting

    functionality

    Governance through centralized and auditable

    identity data

    Compliance through integration with

    SAP Access Control

    Compliant and integrated identity management

    solution to mitigate segregation-of-duties risks

    SAP SCM

    SAP ERP HCM

    SAP ERP

    Java Database

    Legacy

    OS

    Lotus Notes

    MS Exchange

    SAP applications Non-SAP applications

    SAP Identity Management

    SAP Access

    Control

    SuccessFactors

    Web Apps

    SAP HANA

    Portal

    Active Directory

  • 2017 SAP SE or an SAP affiliate company. All rights reserved. 9Public

    A holistic approach to compliant identity management

    Example: On-boarding

    SAP ERP

    HCM

    PasswordmanagementProvisioning to SAP

    and non-SAP systems

    Reporting Rule-based assignment of business roles

    Identity virtualization and identity as a serviceCentral

    identity store

    SAP BusinessObjects

    Access Control (GRC)SAP Identity Management

    Approval workflows

    Integration with SAP Business Suite and

    SuccessFactors

    SAP Access Control

    Compliance checks

    Success

    Factors

  • Solution in detail Role management and workflows

  • 2017 SAP SE or an SAP affiliate company. All rights reserved. 11Public

    Role definition and provisioning

    Role definition (design, one-time task)

    Read system access information (roles,

    groups, authorizations, etc.) from target

    systems

    Define a business role hierarchy

    Assign technical roles to business roles

    Develop rules for role assignments

    Provisioning (regularly)

    Assign or remove roles to/from people

    Through request/approval workflow

    Manually (administrator)

    Automatically, e.g. HR-driven

    Automatic adjustment of master data and

    assignments of technical authorizations in

    target systems

    Portal roleAccounting

    (ABAP role)

    HR manager

    (ABAP role)E-mail

    Manager

    Employee Accounting

    AD

    user

    E-mail

    systemActive

    Directory

    SAP

    PortalSAP

    FISAP

    HRB

    us

    ine

    ss

    ro

    les

    Te

    ch

    nic

    al ro

    les

  • 2017 SAP SE or an SAP affiliate company. All rights reserved. 12Public

    SAP NetWeaver Identity Management

    Context-based role management: reducing complexity

    Business Role

    Technical role A Technical role C

    Technical role B

    User

    Position

    Location

    Managed SystemUser

    Technical role A

    Technical role B

    Context-based role management simplifies

    the structure of roles through dynamic

    role assignment based on user context information

    Benefits

    Reduced number of roles

    Reduced complexity

    Sufficient granularity

    Improved data consistency

    and governance

    Example:

    20 roles in 1000 factories

    Conventional method: 20.000 entries (roles)

    Context-based: 1.020 entries (roles + contexts)

    SAP Identity Management

    Managed System

  • 2017 SAP SE or an SAP affiliate company. All rights reserved. 13Public

    Workflows

    Approval

    Identity Center sends a

    notification to user/manager

    Notification

    Identity Center provisions new

    roles and privileges to

    respective systems

    Provisioning

    User sends a

    role request

    Request

    Identity Center

    processes request

    Sends alert to manager /

    administrator

    Processing

    Manager checks request and

    approves/denies

  • Solution in detail Business-driven identity management

  • 2017 SAP SE or an SAP affiliate company. All rights reserved. 15Public

    Integration with SAP business applications

    SAP Identity

    Management

    Success

    Factors

    Employee Central

    SAP ERP

    Financials

    SAP

    Transportation

    Management

    SAP Product

    Lifecycle

    Management

    SAP HANA

    SAP Supplier

    Relationship

    Management

    SAP Customer

    Relationship

    Management

    SAP Extended

    Warehouse

    Management

    SAP Service

    Parts Planning

    SAP ERP

    Human Capital

    Management

    SAP Portfolio

    and Product

    Management

    SAP Supply

    Network

    Collaboration

  • 2017 SAP SE or an SAP affiliate company. All rights reserved. 16Public

    Business process driven identity managementOn-boarding

    Line Manager

    HR ensures that all necessary

    employee data for Kim is available,

    such as position and entry date

    Pre-hire phase

    Event-based extraction

    of personnel data

    First day at work

    Based on the position in

    HCM, IDM automatically

    assigns the business role

    Marketing Specialist

    Kims manager

    approves the

    assignment

    HR Operations

    Business Partner created

    User created Marketing

    Professional

    User created

    Employee

    User created

    Access to SAP ESS

    Access to SAP CRM

    SAP Identity Management

    1

    SAP

    ERP

    HCM

    2 3 4

    SAP

    ERP

    HCM

    SAP

    ERP

    SAP

    CRM

    SAP

    Portal

    Provisioning of role and

    authorization information to relevant

    target systems

    5

    Success

    Factors

    Kim Perkins joins the company as a marketing specialist.

    From the first day with her new company, she is able to log on to all relevant systems, including access to the employee

    self-s

Search related