Embed Size (px)
Solution Details
SAP NetWeaver® Identity Management rapid-deployment solution
© 2012 SAP AG. All rights reserved. 2
Contents
Introduction to SAP Rapid Deployment Solutions
Overview of the Solution
Solution in Detail Rule engine for rule-based role and privilege assignments Multi-step approval framework Support for replacement of central user administration Predefined HTML-based reporting Support for mass user administration
Service Delivery
Technical Details
Introduction to SAP Rapid Deployment Solutions
© 2012 SAP AG. All rights reserved. 4
Today’s reality…
“
“
Statistics state that up to 70% of IT projects run late, over-budget, or do not meet planned goals…Consequently, implementation risk is a critical factor…From “Introducing Packaged Solutions” by Michael Krigsman
Now when companies think about implementing an application, they really want to implement an integrated solution. Henry D. Morris, Senior Vice President of Worldwide Software and Services, IDC
Customers today want choices in how they scope, configure, and deploy business software. Peter M. Russo, Managing Director of Pierre Audoin Consultants
© 2012 SAP AG. All rights reserved. 5
You want to…
… ensure the most predictable and fastest time to business value
… deliver the integration the business demands to start and grow without compromises
… choose from a modular ready to use portfolio of solution, deployment and pricing options
© 2012 SAP AG. All rights reserved. 6
SAP and a global partner ecosystem offer Rapid Deployment Solutions to meet specific business needs…
Software
Quickly address the most urgent business processes
Content
SAP best practices, templates and tools make solution adoption easier
Enablement
Guides and educational material speed end user adoption
Service
Fixed scope and price provides maximum predictability and lowers risk
SAP Rapid Deployment Solutions
Service
Software
Enablement
Content
RAPID DEPLOYMENT
SOLUTIONS
© 2012 SAP AG. All rights reserved. 7
… which allow predictability, out-of-the-box integration and adoption choices as business demands
Predictability Fast value in days/weeks Fixed cost and fixed best practice scope
Integration Integrated start and growth options Immediate and future IT and business processes
landscape integrity
Choice Modular packages to meet specific business needs
and allow individual adoption paths Flexible licensing and deployment options
SAP Rapid Deployment Solutions
© 2012 SAP AG. All rights reserved. 8
Why have customers chosen SAP Rapid Deployment Solutions?
8
Weeksto go-live
15%
Reduction in project costs
4
Week implementation
© 2012 SAP AG. All rights reserved. 9
Delivered by SAP or qualified partners
Large Global Partner Ecosystem maximizes availability of and choice within the Rapid Deployment Solutions portfolio
System integrators and value-added resellers provide industry and LoB specific capabilities and expertise
Cloud partners provide the deployment options to match your business needs
© 2012 SAP AG. All rights reserved. 10
SAP Rapid Deployment Solutions define a new standard for business solution adoption across the SAP Portfolio
On demand
On premise
On device
Deployment
Business Solutions
Analytics
Technology
Solution Portfolio Industry & LoB
HANA
Mobility
Innovations
© 2012 SAP AG. All rights reserved. 11
SAP Rapid Deployment Solutions support all use cases along your adoption path
From zero to ERP baseline in one goIndustry & geography-ready
New business and user capabilities – that fit with your existing footprint
LoB or industry-specific, mobile, business analytics, collaboration
Start
Grow, extend, innovate
Predictability Integration Choice
© 2012 SAP AG. All rights reserved. 12
Get the most out of your business – NOW!
Quickly meeting your most pressing business needs on unprecedented predictability to adopt and manage business solutions
Enabling strategic business adoption paths with out-of-the-box integration for start and grow options as your business demands
Giving choice by providing a modular and well defined portfolio of solution options together with a Global Partner Ecosystem
Overview of the solution
© 2011 SAP AG. All rights reserved. 14
Business challenges There is a solution
SAP NetWeaver Identity Management rapid-deployment solution This solution reduces total cost of ownership by
simplifying assignment of roles and privileges to users and reduces risk through compliance checks and remediation. With its predefined content, customers are able to implement the SAP NetWeaver® Identity Management in a short timeframe.
Get essential SAP NetWeaver Identity Management Functionality quickly and affordably
SAP NetWeaver Identity Management: The cost for user management, including user
master data, assigning privileges, and creating reports, is rising significantly.
Requesting permissions can be very time-consuming via manual workflows.
There is a need for reports on permissions and data access for internal and external audits. (Why does a user have a specific permission? Who approved the permission? Which users have the same critical permissions?)
IT systems have to be integrated into the security concept, and new employees need fast access to business applications.
© 2011 SAP AG. All rights reserved. 15
Business process scope covered
SAP ERP Human Capital Management solution
SAP NetWeaver Identity Management component
SAP Access Control application (not part of this RDS)
Line manager Landscape
Yes
No
Calculate entitlementsbased on position
Compliance checkRemediation
Approve assignments
New hire
Reduce total cost of ownership by simplifying assignment of roles and privileges to users, triggered by human capital management events
Reduce risk through compliance checks and remediation
Automate manual processes through integration with SAP® Business Suite applications
Reduce total cost of ownership by simplifying assignment of roles and privileges to users, triggered by human capital management events
Reduce risk through compliance checks and remediation
Automate manual processes through integration with SAP® Business Suite applications
Create userAssign roles
Create userAssign roles
Requirement: Provide automated, position-based role management while ensuring compliance
Requirement: Provide automated, position-based role management while ensuring compliance
Create userAssign privileges
© 2011 SAP AG. All rights reserved. 16
Base Solution Overview - Provisioning and Reading Employee Master Data
Integration with one of the following source systems for employee master data: CSV or text file SAP NetWeaver AS Java und AS ABAP
based systems * Microsoft Active Directory Server SAP ERP Human Capital Management
(SAP ERP 6.0 EhP 4 or SP37)
Connection of 2 systems: SAP systems based on SAP NetWeaver AS
Java und AS ABAP* non SAP system: Microsoft Active Directory
Server (ADS) (2003/2008 )**
Identity Management
User master data Identity Management
UserRoles
* SAP ERP 4.6 system and older are out of scope
** If User password provisioning to ADS will be used SSL configuration on AS Java and on Microsoft Active Directory Server is needed
© 2011 SAP AG. All rights reserved. 17
Business benefits
Benefits for you
This rapid-deployment solution will help your customer to ... Reduce total cost of ownership by simplifying the
assignment of roles and privileges to users, triggered by human capital management events
Reduce risk through compliance checks and remediation
Automate manual processes through integration with SAP Business Suite applications
Rule Engine for rule-based Role and Privilege Assignments
© 2012 SAP AG. All rights reserved. 19
What’s included Business benefits Lower role and privilege assignment efforts based
on rules Reduction of manual user administration efforts Minimized error rate
Rule engine for rule-based role and privilege assignments: scope and benefits
This function provides rule-based assignments of business roles and privileges. The rules are based on user attributes and will apply assignment changes (add/remove) based on changes of the user attributes. The main functions in detail includes the following: Rule engine applied once user attributes are
updated Rule-based assignment or removal of roles or
privileges Maintenance of rules based on an upload file or
alternatively in the Web user interface
Multi-step approval framework
© 2012 SAP AG. All rights reserved. 21
What’s included Business benefits
This function supports approval workflows with multiple steps. It also includes Web-based mechanisms to change the approval behavior.
Multi-step approval framework: scope and benefits
The multi-step approval framework supports approval workflows with multiple steps. In detail, the following functions are supported: Different approval mechanisms included for role
or privilege approval Manager approval Manager and role owner approval Manager, role owner, and security department
approval Web user interface task to modify the approval
mechanism
© 2012 SAP AG. All rights reserved. 22
Approval workflows with multiple steps 1 Step: Manager Approval 2 Step: Manager & Role Approver 2 Step: Manager & Role Member Approval 3 Step: Manager & Role Approver & Role Member Approval
Escalation of approvals
Exemplary workflow:
Base Solution Overview -Approval Workflows
Identity Management
1. Access Request
2. Manager approval
3. Role owner approval
4. Assignment of . authorizations
Support for replacement of central user administration
© 2012 SAP AG. All rights reserved. 24
What’s included Business benefits Simpler replacement of the central user
administration feature by the SAP NetWeaver Identity Management (SAP NetWeaver ID Management) component by keeping key features and user administration processes
For replacing a running Central User Administration with SAP NetWeaver ID Management, the rapid-deployment solution provides the most requested basic configuration in SAP NetWeaver ID Management.
Pre-configurations and step-by-step documentation to help run a project smoothly
Especially important for customers focused on provisioning for SAP software systems
Minimized implementation costs in a replacement project and faster implementation times
Support for replacement of central user administration: scope and benefits
This function supports the replacement of the central user administration feature, enhanced functionality is delivered (for example, jobs, tasks, Web UI tasks). In detail, the following support functions are provided: System-specific attribute provisioning License data provisioning (ABAP programming
language for the SAP NetWeaver Application Server component)
Reconciliation report to compare data between the back-end system and the internal database
Additional Web UI tasks (copy identity, lock/unlock identity, reset password, and more)
Provisioning of valid to dates for role assignments (ABAP for SAP NetWeaver Application Server)
Handling of provisioning failures and option for retry
Enhanced privilege information, such as single role, composite role, and members of composite role (ABAP for SAP NetWeaver Application Server)
Predefined HTML-based reporting
© 2012 SAP AG. All rights reserved. 26
What’s included Business benefits Simplified reporting without additional
implementation efforts No integration efforts for integration with SAP
NetWeaver Business Warehouse component Ad-hoc reporting in an easier and simpler
reporting format Able to more easily adapt reporting to custom
Web user interface or design requirements Easier creation of new custom reports Proven reporting functionality known from central
user administration
Predefined HTML-based reporting: scope and benefits
The solution provides HTML-based reports to analyze user and assignments data in the system. The reports can be viewed and executed via the Web user interface; additionally, the administrator is able to receive the report results via e-mail. The following reports are available: User details report User authorizations report User history report User list per business role User list per business role historical User list per privilege User list per privilege historical
© 2012 SAP AG. All rights reserved. 27
Base Solution Overview – Additional user interface (1/2)
Additional user interface (UI) tasks Some of the screens are shown here: Extended UI task for changes of identity attributes Advanced UI tasks for changes of business roles
© 2012 SAP AG. All rights reserved. 28
Base Solution Overview –Additional user interface (2/2)
Additional user interface (UI) tasksSome of the screens are shown here: Password reset (per backend system) Copy identity / copy assignments of identity
Support for mass user administration
© 2012 SAP AG. All rights reserved. 30
What’s included Business benefits Easier handling of mass user administration More efficient and faster user administration Mass user administration functionality that
customers of central user administration are used to
Support for mass user administration: scope and benefits
This function supports mass user administration activities based on .csv upload files. This simplifies the administrative processes of, for example, role assignments, creation of roles, creation of identities, and resetting password.
Via a Web user interface, the mass user administration tasks can be executed and the file(s) can be uploaded
Service Delivery
© 2011 SAP AG. All rights reserved. 32
Implementation Testing Key User Training
Successful rollout and adoption Configuration documentation
<Solution/Headline for go live in weeks>
Start RunDeploy
Expectations
1 3
Project management Kick-off workshop participation Preparing technical
infrastructure
Mutually-approved scope document
Working SAP system
User-acceptance testing Onsite and remote support
Superior support to ensure smooth functioning
2
Note: This slide represents a typical deployment. Exact details may differ according to solution.
Results
© 2011 SAP AG. All rights reserved. 33
Pre-defined Services for Rapid Deployment Solutions
Your path to Go-Live: fast, efficiently and at predictable cost Fixed-price Implementation Services Pre-defined Project Methodology Ready-to-use Accelerators
Start RunDeploy1 32
Project management Kick-off workshop participation Preparing technical infrastructure
Accelerators / Deliverables Consulting Delivery Guide Project schedule WBS Service Delivery Model, roles and
responsibilities Request for consultants template Process descriptions Process-flow-documents Kick-off presentation Consumption Guide Pre-delivery requirements and
checklist
Note: This slide represents a typical deployment. Exact details may differ according to solution.
Solution Realization Master Data Load Refinement Workshop &
Refinement Realization Knowledge Transfer to Key Users
Accelerators / Deliverables Installation guide Solution Documentation Solution Manager content Best-Practices content
(pre-configuration) Configuration activities Consulting Delivery Guide Implementation Content
Performance Tests End User Training Sign off of solution Go-Live Preparation Go-Live Post go-live support and activities Improvements and road map
workshop
Accelerators / Deliverables Test cases Deliverable acceptance forms Training Materials –
Process-flow recordings etc. Go-Live Checklist
© 2011 SAP AG. All rights reserved. 34
Configuration Guide
Scoping Questionnaire
Kickoff Workshop
Project Schedule
Support PortalCheck Lists
Implementation methodology
Start RunDeploy1 32
Note: This slide represents a typical deployment. Exact details may differ according to solution.
© 2011 SAP AG. All rights reserved. 35
Project plan and timelines
Prepare Project
Kick off workshop
Select Options
Check Installation
SAP involvement Customer involvement
Start RunDeploy1 32
Activate Solution
Confirm Solution
Acceptance Testing
Train Key Users
Set up Customer Data
Transport
End-user Training and Organisation Change Management
Prepare Production
Project Sign-off &Support
Note: This slide represents a typical deployment. Exact details may differ according to solution.
© 2011 SAP AG. All rights reserved. 36
What’s included – Service scope
Rapid deployment of SAP NetWeaver Identity Management for go live in 5 weeks
The SAP NetWeaver Identity Management rapid-deployment solution offers customers pre-configured identity management functionality from SAP NetWeaver Identity Management. The customers can choose from several source and target systems that will be connected during implementation. The rapid-deployment solution delivers the most important and common scenarios, such as provisioning, approval workflows, and automatic authorization assignment, mass user operation jobs and e-mail notification framework out of the box. This service dramatically reduces the necessary time for an implementation. In addition, the customer can choose two different additional options: “Add-on 1” to connect to an additional target system (2 targets systems are included in the base RDS service), “Add-on 2” to get support for Go-Live.
A special step-by-step guide describes each activity during the deployment
© 2011 SAP AG. All rights reserved. 37
The service offers customers a pre-configured identity management functionality of SAP NetWeaver Identity Management 7.2 in a development system.
The service is delivered as an implementation of best practice processes with a fixed scope including a defined set of customer specific configuration, connection of source- and target-systems and most important and common scenarios such as provisioning, approval workflows, and automatic authorization assignment, mass user administration jobs and e-mail notification framework out of the box.
The solution can be extended with additional add-on services:
Add-On 1: Connection to one additional SAP target system – multiple Add-Ons 1 for multiple additional SAP target systems
Add-On 2: Go-live support
SAP NetWeaver Identity Management rapid-deployment solutionSolution Components and Service Approach
Base Solution - Rapid deployment of SAP NetWeaver Identity Management in Development system
Add-On 1: Connection of 1 additional SAP system
Add-On 2: Additional Go-Live Support
Add-On 1: Connection of 1 additional SAP system
Add-On 1: Connection of 1 additional SAP system
Connection of 1 source- and 2 target systems
Approval workflows
Automatic authorization assignment
Mass user administration jobs
E-mail notification framework
Support of system specific attributes
New Web UI tasks
Predefined HTML based reports
© 2011 SAP AG. All rights reserved. 38
What does SAP deliver? What do you have to do? Provide resources for SAP NetWeaver Identity
Management 7.20 system setup (including operating system, database, AS Java, ID store, Web user interface).
Have source and target system ready for connection to identity management system, and have user with administrative authorization in place.
Provide administrative access to the Windows server and ID management console.
Manage overall project. Perform data migration and cleansing. Perform acceptance and performance testing. Conduct end-user training. Prepare for go-live. Deploy to production. Provide post go-live support.
Key deliverables
Installation check Workshop to confirm the predefined requirements Project documents: work breakdown structure,
including a project schedule, test scripts, and scoping questionnaire
Activation and unit test of chosen packages for the SAP NetWeaver Identity Management rapid-deployment solution in the development system
Knowledge transfer to key users on configured SAP NetWeaver Identity Management rapid-deployment solution system
Support for going live (for service add-on only)
Rapid deployment of SAP NetWeaver Identity Management
© 2011 SAP AG. All rights reserved. 39
Project team: SAP
SAP Project Manager Serves as a central contact person, from project
initiation to going live and support On the SAP side, responsible for functional project
management, coordination, support and coaching of the customer’s project manager, and so on
SAP Consultants Responsible for implementation of the agreed upon
scope for the rapid-deployment solution
© 2011 SAP AG. All rights reserved. 40
Project team: customer
Leading Project Manager Serves as a central contact person, from project initiation
to going live and support On your side: responsible for functional and commercial
project management, coordination, overall project controlling, preparation of steering committees, and so on
Basis staff Especially responsible for the installation and administration
of the development and productive system landscapes
Functional department staff / key user Responsible for workshops, questions from SAP,
end-user training, and possibly as a power user for simple configurations
Specialized Staff (Optional) Responsible for further specialized areas such as customization and configuration
Technical Details
© 2011 SAP AG. All rights reserved. 42
System requirements
SAP NetWeaver AS Java Releases: See current PAM of SAP Netweaver Identity Management 7.20
SAP NetWeaver Identity Management 7.20 SP04 Patch1• Imported standard SAP provisioning framework
• Pre-configured customer identity store
• Deployed web UI on AS Java with configured JDBC-URL to the identity center
Source System• File
• SAP NetWeaver AS Java und AS ABAP
• Microsoft Active Directory Server
• SAP ERP HCM SAP ERP 6.0 EhP 4 or SP37
Target System• SAP NetWeaver AS Java und AS ABAP - SAP ERP 4.6 system and older are out of scope.
• Microsoft Active Directory Server (2003/2008) (For password provisioning SSL configuration is needed, Customer to install and provide Certificate on Active Directory Server)
<Solution/Link to demo>
SAP Rapid-Deployment solutionsThe fastest way to run your business better
