Due to the shutdown of the SAP NetWeaver Java platform in 2030, SAP Identity Management (IdM) and some other SAP solutions are being phased out of maintenance. Mainstream maintenance for SAP IdM ends in 2027, but can be extended until 2030 as extended maintenance at additional cost. In contrast to other SAP NetWeaver products, SAP Identity Management – as has been known for almost a year now – will not have a successor. As a result, SAP IdM customers are in most cases forced to find a replacement and carry out a migration – which is no easy task given the time remaining.
Some people were surprised when SAP made a recommendation for Microsoft Entra as the strategic successor to SAP IdM in the keynote speech by Jürgen Müller, Chief Technology Officer (CTO) at SAP, and Sebastian Westphal, Chief Technology Officer at the German-speaking SAP User Group (DSAG) at the DSAG Technology Days in Hamburg at the beginning of February. As we now know, this is more than just a recommendation: Microsoft and SAP are already working together on concrete work packages to close deltas and adapt APIs. However, there is still a need for clarification for a standardized user lifecycle with SAP and Microsoft without SAP IdM.
Microsoft Entra is a cloud-based solution for managing identities and access in the company. The IAM tool was formerly known as Microsoft Azure Active Directory (Azure AD). Similar to SAP IdM, Microsoft Entra enables companies to automate the entire identity lifecycle.
Based on the company’s requirements, Microsoft Entra controls access to local and cloud-based applications from a central location. Resources and data are protected using strong authentication and customizable risk-based access policies without restricting the user experience. This allows users to remain productive and complete their tasks efficiently. Microsoft Entra also covers scenarios such as multi-factor authentication (MFA) and single sign-on (SSO).
Are there still questions remaining after SAP’s recommendation to Microsoft Entra? Definitely. The management now has a duty to follow up on this announcement. In our view, it is a good step to give all SAP IdM customers a direction – with a solution from a manufacturer that probably 99% of SAP IdM customers are already using. Everyone who is affected must now deal with the questions “What is already working?” and “What is not yet working and is this known?”.
It must be clear that the recommended path cannot work equally for all companies. After all, time is pressing for companies to varying degrees and not every company has enough leeway to implement a roadmap. There will therefore be different paths to the goal of SAP IdM replacement and no SAP IdM customer should ignore the time factor.
We at IBsolution provide assistance by regularly updating the available information on the topic of “Successor for SAP IdM” in further blog posts and answering key questions about the user lifecycle. For example: Where would I get to today if I were to switch off my SAP IdM system now? In addition, we are available as an experienced and competent partner for the design and implementation of the SAP IdM replacement and identify the successor solution that best suits the company’s requirements.
The overriding goal of companies must be to ensure smooth IdM operations even after the end of maintenance of SAP Identity Management. Microsoft and SAP are working together to develop corresponding orientation and guidelines to help companies migrate their identity management from SAP IdM to Microsoft Entra.
In view of distributed system and application landscapes, seamless integration is becoming increasingly important for identity & access management. For this reason, SAP is placing a strong focus on improving and simplifying integration with third-party solutions for identity management such as Microsoft Entra in the further development of SAP Cloud Identity Services and SAP Cloud Identity Access Governance. The aim behind this is to promote a comprehensive approach to company-wide identity and access scenarios.