Download pdf - 1004 SAP NetWeaver Identity Management - Experiences From an Implementation at Colgate-Palmolive Company

Real Experience. Real Advantage.

[

SAP NetWeaver Identity Management – Experiences from an

Implementation at Colgate-Palmolive Company

Sarah Henriquez – Senior Manager IT Risk Management, Colgate-Palmolive

Kristian Lehment – Product Manager IDM & Security, SAP AG

[


[ Agenda

Evolution at SAP towards the Solution

“Compliant Identity Management and Single Sign-On”

Introduction – The Functionality Delivered with

“SAP NetWeaver Identity Management”

The COLGATE-PALMOLIVE Company

Facts & Figures

Implementation at COLGATE-PALMOLIVE Company

Learning Points

Business Challenges

Benefits

Plans Going Forward

2


[ Compliant Identity Management and Single Sign-On

Compliance and

Governance

SAP Access Control

Identity Management

SAP NetWeaver Identity

Management

Authentication and

Single Sign-On

SAP NetWeaver Single

Sign-On

SAP offers a complete suite of compliance, governance, identity management, and single sign-on solutions

Compliant Identity Management and Single Sign-On


[ The Identity Lifecycle

How long does it take for

new employees to receive all

permissions and become

productive in their new job?

Are permissions

automatically adjusted if

someone is promoted to a

new position?

Who has adequate

permissions to fill in for a

co-worker? How long does it take to remove

ALL permissions of an employee?

And how can you ensure that they

were properly removed?

How can you remove

permissions automatically

if employees change their

position?


[ SAP NetWeaver Identity Management Functionalities Holistic Approach

e.g. on-boarding

SAP HCM

SAP NetWeaver

Identity Management

Password management

Provisioning to SAP and non-SAP systems

Reporting

Rule-based assignment of business roles

Identity virtualization and identity as service

Central Identity Store

Web-based Single Sign-On and Identity Federation

SAP NetWeaver

Identity Management

Approval workflows

SAP applications Non-SAP applications

SAP Business Suite Integration

SAP

Access Control

Compliance checks


[ History of Compliant Identity Management

and Single Sign-On

SAP Access Control

SAP NetWeaver Identity Management

SAP NetWeaver Single Sign-On

April 03, 2006

SAP strengthens leadership in compliance solutions with acquisition of Virsa

May 14, 2007

SAP extends identity management capabilities in SAP NetWeaver

with acquisition of MaXware

June 15, 2007

General availability of SAP NetWeaver Identity Management 7.0

June 16, 2009


January 12, 2011

SAP acquires software security products and assets from SECUDE

June 14, 2011

General availability of SAP NetWeaver Single Sign-On 1.0

August 09, 2011

General availability of SAP Governance, Risk, and Compliance

Solutions, Release 10.0

October 31, 2011



[ SAP offers Rapid Deployment Solution

to meet specific business needs…

Service

Software

Enablement

Content

Software Quickly address the most urgent business

processes

Content SAP best practices, templates and tools

make solution adoption easier

Enablement Guides and educational material speed end

user adoption

Service Fixed scope and price provides maximum

predictability and lowers risk


[ … which allow predictability, out-of-the-box integration

and adoption choices as business demands

Predictability Fast value in days/weeks

Fixed cost and fixed best practice scope

Integration Integrated start and growth options

Immediate and future IT and business

processes landscape integrity

Choice Modular packages to meet specific business

needs and allow individual adoption paths

Flexible licensing and deployment options


[ Predictability: Solution adoption made simple

Predictability

Implementations in a matter of days/weeks

Clear pricing, scope, timelines and outcomes

Proven best-practices from an extensive customer and qualified partner ecosystem


[ Agenda

10

The COLGATE-PALMOLIVE Company

- Facts & Figures

Implementation at COLGATE-PALMOLIVE Company

Learning Points

Business Challenges

Benefits

Plans Going Forward

Sales by Division Pet

13%

Europe/South

Pacific

21%

Latin America

28%

North

America

18%

Greater

Asia/Africa

20%

$16.7 + Billion in

Sales

39,200

Colgate People

Products Sold in

200 Countries &

Territories

ORAL CARE PERSONAL CARE

HOME CARE PET NUTRITION


[ Learning Points

Pre-implementation insights that were important for the

project:

SAP NetWeaver Identity Management is a framework

and it is highly customizable

Understand the current business processes in use

at Colgate-Palmolive Company

13


[ Overview of Identity Management at Colgate

Colgate uses the application to centralize and synchronize

user accounts for E-mail, SAP user IDs and Network access

(MS-Active Directory)

Standardize identities using Human Capital Management

(HCM) global personnel number as a unique identifier

User accounts mapped to the global personnel number

Automatically creates and terminates accounts based on

HCM action types

14


[ Business Challenges

Addresses current business challenges:

Users need accounts in multiple applications

Multiple organizations support account creation /

termination

Manual process requiring complex reconciliation

Decentralized account administration processes for

different applications

15


[ Benefits

One single source of truth

Automates creation of user accounts

Automates compliance and timeliness of terminations

Improves employee experience

16


[ Best Practices

Automation of manual process

Global centralized process

17


[

HR

18 of 22

HCM Integration with IdM

Create

employee

record

Update employee

record with

SAP Id + Email

(Infotype 105)

Identity Management

Receive

HR

Data

Calculate

SAP Id

and

Email address

HR to enter data

for employees

RFC

Web Service

1 2

3 4


[ Lessons Learned: HCM Integration with IDM

Data entered in the global HCM system

The timeliness of the data entered

Understand the data needed

Use of employee information for account creation

Accuracy of user address information

19


[

20

Where are We Now?

Jun

2010

Jul

2010

Aug

2010

Sep

2010

Oct

2010

Nov

2010

Dec

2010

Jan

2011

Feb

2011

Mar

2011

Apr

2011

May

2011

Jun

2011

Jul

2011

Aug

2011

Sep

2011

Oct

2011

Nov

2011

SAP User Id Account v 7.1

Network account

automation v 7.1

Email account v 7.1


[ Identity Management Account Automation

21

HR

Create

employee

record

HR to enter data

for employees

SAP CUA

New SAP User Id

Role provisioning

to target systems

Network account

Provision

Active Directory

account

Email

Provision

Lotus Notes

account

Identity Management

Create

user account


[ Long Term Strategy

22

Fully automate creation/termination

• SAP, Email, Network Id

Upgrade 7.2

Integrate GRC

Migrate CUA managed systems to IdM

Self-service

• Password resets

• Lock/unlock

Single Sign-On


[ Plans Going Forward

Increase scope on IDM to manage all employees

Upgrade SAP NetWeaver Identity Management

to version 7.2

Integrate Governance, Risk, and Compliance (GRC)

process (SAP Access Control)

Automate role assignments were possible

Implement SAP NetWeaver Single Sign-On

23


[ Key Lessons Learned

Alignment with HR is key

Change Management

Understand changes and impact to current “business processes”

What is changing

What is centralized

Understand the data coming from HCM into IDM

Identify key technical and business process expertise

Communication is key

24


[

25

[

] Thank you for participating.

SESSION CODE: 1004

Please remember to complete and return your

evaluation form following this session.

For ongoing education on this area of focus, visit the

Year-Round Community page at www.asug.com/yrc