Click here to load reader

SAP NetWeaver Identity Management Experiences Experience. Real Advantage. [ SAP NetWeaver Identity Management – Experiences from an Implementation at Colgate-Palmolive Company Sarah

  • View
    218

  • Download
    0

Embed Size (px)

Text of SAP NetWeaver Identity Management Experiences Experience. Real Advantage. [ SAP NetWeaver Identity...

  • Real Experience. Real Advantage.

    [

    SAP NetWeaver Identity Management Experiences from an

    Implementation at Colgate-Palmolive Company

    Sarah Henriquez Senior Manager IT Risk Management, Colgate-Palmolive

    Kristian Lehment Product Manager IDM & Security, SAP AG

    [

  • Real Experience. Real Advantage.

    [ Agenda

    Evolution at SAP towards the Solution

    Compliant Identity Management and Single Sign-On

    Introduction The Functionality Delivered with

    SAP NetWeaver Identity Management

    The COLGATE-PALMOLIVE Company

    Facts & Figures

    Implementation at COLGATE-PALMOLIVE Company

    Learning Points

    Business Challenges

    Benefits

    Plans Going Forward

    2

  • Real Experience. Real Advantage.

    [ Compliant Identity Management and Single Sign-On

    Compliance and

    Governance

    SAP Access Control

    Identity Management

    SAP NetWeaver Identity

    Management

    Authentication and

    Single Sign-On

    SAP NetWeaver Single

    Sign-On

    SAP offers a complete suite of compliance, governance, identity management, and single sign-on solutions

    Compliant Identity Management and Single Sign-On

  • Real Experience. Real Advantage.

    [ The Identity Lifecycle

    How long does it take for

    new employees to receive all

    permissions and become

    productive in their new job?

    Are permissions

    automatically adjusted if

    someone is promoted to a

    new position?

    Who has adequate

    permissions to fill in for a

    co-worker? How long does it take to remove

    ALL permissions of an employee?

    And how can you ensure that they

    were properly removed?

    How can you remove

    permissions automatically

    if employees change their

    position?

  • Real Experience. Real Advantage.

    [ SAP NetWeaver Identity Management Functionalities Holistic Approach

    e.g. on-boarding

    SAP HCM

    SAP NetWeaver

    Identity Management

    Password management

    Provisioning to SAP and non-SAP systems

    Reporting

    Rule-based assignment of business roles

    Identity virtualization and identity as service

    Central Identity Store

    Web-based Single Sign-On and Identity Federation

    SAP NetWeaver

    Identity Management

    Approval workflows

    SAP applications Non-SAP applications

    SAP Business Suite Integration

    SAP

    Access Control

    Compliance checks

  • Real Experience. Real Advantage.

    [ History of Compliant Identity Management and Single Sign-On

    SAP Access Control

    SAP NetWeaver Identity Management

    SAP NetWeaver Single Sign-On

    April 03, 2006

    SAP strengthens leadership in compliance solutions with acquisition of Virsa

    May 14, 2007

    SAP extends identity management capabilities in SAP NetWeaver

    with acquisition of MaXware

    June 15, 2007

    General availability of SAP NetWeaver Identity Management 7.0

    June 16, 2009

    General availability of SAP NetWeaver Identity Management 7.1

    January 12, 2011

    SAP acquires software security products and assets from SECUDE

    June 14, 2011

    General availability of SAP NetWeaver Single Sign-On 1.0

    August 09, 2011

    General availability of SAP Governance, Risk, and Compliance

    Solutions, Release 10.0

    October 31, 2011

    General availability of SAP NetWeaver Identity Management 7.2

  • Real Experience. Real Advantage.

    [ SAP offers Rapid Deployment Solution to meet specific business needs

    Service

    Software

    Enablement

    Content

    Software Quickly address the most urgent business

    processes

    Content SAP best practices, templates and tools

    make solution adoption easier

    Enablement Guides and educational material speed end

    user adoption

    Service Fixed scope and price provides maximum

    predictability and lowers risk

  • Real Experience. Real Advantage.

    [ which allow predictability, out-of-the-box integration and adoption choices as business demands

    Predictability Fast value in days/weeks

    Fixed cost and fixed best practice scope

    Integration Integrated start and growth options

    Immediate and future IT and business

    processes landscape integrity

    Choice Modular packages to meet specific business

    needs and allow individual adoption paths

    Flexible licensing and deployment options

  • Real Experience. Real Advantage.

    [ Predictability: Solution adoption made simple

    Predictability

    Implementations in a matter of days/weeks

    Clear pricing, scope, timelines and outcomes

    Proven best-practices from an extensive customer and qualified partner ecosystem

  • Real Experience. Real Advantage.

    [ Agenda

    10

    The COLGATE-PALMOLIVE Company

    - Facts & Figures

    Implementation at COLGATE-PALMOLIVE Company

    Learning Points

    Business Challenges

    Benefits

    Plans Going Forward

  • Sales by Division Pet

    13%

    Europe/South

    Pacific

    21%

    Latin America

    28%

    North

    America

    18%

    Greater

    Asia/Africa

    20%

    $16.7 + Billion in

    Sales

    39,200

    Colgate People

    Products Sold in

    200 Countries &

    Territories

  • ORAL CARE PERSONAL CARE

    HOME CARE PET NUTRITION

  • Real Experience. Real Advantage.

    [ Learning Points

    Pre-implementation insights that were important for the

    project:

    SAP NetWeaver Identity Management is a framework

    and it is highly customizable

    Understand the current business processes in use

    at Colgate-Palmolive Company

    13

  • Real Experience. Real Advantage.

    [ Overview of Identity Management at Colgate

    Colgate uses the application to centralize and synchronize

    user accounts for E-mail, SAP user IDs and Network access

    (MS-Active Directory)

    Standardize identities using Human Capital Management

    (HCM) global personnel number as a unique identifier

    User accounts mapped to the global personnel number

    Automatically creates and terminates accounts based on

    HCM action types

    14

  • Real Experience. Real Advantage.

    [ Business Challenges

    Addresses current business challenges:

    Users need accounts in multiple applications

    Multiple organizations support account creation /

    termination

    Manual process requiring complex reconciliation

    Decentralized account administration processes for

    different applications

    15

  • Real Experience. Real Advantage.

    [ Benefits

    One single source of truth

    Automates creation of user accounts

    Automates compliance and timeliness of terminations

    Improves employee experience

    16

  • Real Experience. Real Advantage.

    [ Best Practices

    Automation of manual process

    Global centralized process

    17

  • Real Experience. Real Advantage.

    [

    HR

    18 of 22

    HCM Integration with IdM

    Create

    employee

    record

    Update employee

    record with

    SAP Id + Email

    (Infotype 105)

    Identity Management

    Receive

    HR

    Data

    Calculate

    SAP Id

    and

    Email address

    HR to enter data

    for employees

    RFC

    Web Service

    1 2

    3 4

  • Real Experience. Real Advantage.

    [ Lessons Learned: HCM Integration with IDM

    Data entered in the global HCM system

    The timeliness of the data entered

    Understand the data needed

    Use of employee information for account creation

    Accuracy of user address information

    19

  • Real Experience. Real Advantage.

    [

    20

    Where are We Now?

    Jun

    2010

    Jul

    2010

    Aug

    2010

    Sep

    2010

    Oct

    2010

    Nov

    2010

    Dec

    2010

    Jan

    2011

    Feb

    2011

    Mar

    2011

    Apr

    2011

    May

    2011

    Jun

    2011

    Jul

    2011

    Aug

    2011

    Sep

    2011

    Oct

    2011

    Nov

    2011

    SAP User Id Account v 7.1

    Network account

    automation v 7.1

    Email account v 7.1

  • Real Experience. Real Advantage.

    [ Identity Management Account Automation

    21

    HR

    Create

    employee

    record

    HR to enter data

    for employees

    SAP CUA

    New SAP User Id

    Role provisioning

    to target systems

    Network account

    Provision

    Active Directory

    account

    Email

    Provision

    Lotus Notes

    account

    Identity Management

    Create

    user account

  • Real Experience. Real Advantage.

    [ Long Term Strategy

    22

    Fully automate creation/termination

    SAP, Email, Network Id

    Upgrade 7.2

    Integrate GRC

    Migrate CUA managed systems to IdM

    Self-service

    Password resets

    Lock/unlock

    Single Sign-On

  • Real Experience. Real Advantage.

    [ Plans Going Forward

    Increase scope on IDM to manage all employees

    Upgrade SAP NetWeaver Identity

Search related