en
Identity Lifecycle Management is part of enterprise security and describes all processes for assigning roles and authorizations − from when an employee joins the company, through changing responsibilities or even department changes, to when he or she leaves.
SAP offers the following solutions for maintaining and managing access rights and users:
These solutions, individually or in combination, enable an efficient and compliant operation of target systems. This includes the detection and minimization of risks as well as the process-based provisioning and removal of users and accesses.
Authorizations in SAP systems form the basis for identity & access management. They enable users to access the applications they need to perform their tasks. Since functional and organizational requirements are subject to change, SAP authorizations must be regularly checked and reworked. This is the only way to ensure that processes are mapped securely and completely correctly from a technical point of view.
In order to identify and minimize risks in authorizations and to assign them correctly via the SAP user lifecycle, the use of supporting solutions from identity & access management is recommended.
The tools of the SECMENDO product suite extend the capabilities of existing identity & access management (IAM) solutions. The goals are improved user experience, enhanced functionality and more efficient processes.
New employees are usually first created in HR databases such as SAP SuccessFactors or SAP HCM. Information about their functions in the company is also maintained there, for example, date of entry and membership of teams and departments. Manually provisioning the corresponding roles and authorizations for entry generates a high level of administrative effort, which can be avoided with automated Identity Lifecycle Management (ILM) or User Lifecycle Management (ULM).
Automated approval processes
Automated administration of roles and authorizations in the event of function or department changes
Automated assignment of authorizations for work groups (temporary and cross-system)
Automatic deletion of user profiles
Extensive self-services (password reset, ordering system access, etc.)
Identity Lifecycle Management (ILM) or User Lifecycle Management (ULM) is part of enterprise security and describes all processes for assigning roles and authorizations − from the time an employee joins the company, through changing responsibilities or even department changes, to the time he or she leaves.
The challenges of Identity Lifecycle Management or User Lifecycle Management can best be described using the concrete example of an employee.
Let’s assume that a new employee joins a company on a certain date. His digital identity should be created before he starts work so that he has full access to the systems and applications that are important for him and his job. This means that Identity Lifecycle Management or User Lifecycle Management begins well before the employee’s first day of work, namely when the employment contract is signed.
The signing triggers the creation of a corresponding user in the user directory (LDAP, ZBV or other) and the assignment of roles and authorizations to him according to his function in the company. The roles and authorizations are then transported to the systems on the entry date (provisioning). During this step, authorizations are also granted for special project rooms in systems such as Sharepoint, Jira, Confluence, SAP Jam or other collaboration platforms.
After the employee has worked successfully in the company for some time, new opportunities arise for him through a change of department with new responsibilities. Identity Lifecycle Management or User Lifecycle Management also describes this process. New authorizations are added, access rights that are no longer necessary are withdrawn − an important part of adhering to compliance guidelines. It makes sense here to use tools that help check roles and authorizations at the push of a button and answer the question of what the employee really needs.
The employee goes through this process several times until he or she leaves the company. Now it is important to ensure that all access to systems and applications is revoked as of the effective date and that the now former employee can no longer access internal data and systems of his or her former employer.
It is advisable not to blindly rely on the correct execution of de-provisioning processes, but to carefully check their results.
The documentation of authorization assignment and the associated reporting to support audits are highly important as disciplines of Identity & Access Governance for compliance reasons. They are greatly simplified by fully automated Identity Lifecycle Management and User Lifecycle Management.
Break up grown structures and clean up your roles and authorizations in preparation for SAP S/4HANA.
Customize authorization roles based on authorization traces.
Build your perfect self-service offering for SAP Identity Management. Enable employees and managers to request and manage authorizations themselves through easy-to-use self-services.
Create a UI5 interface for your SAP Identity Management system in just 5 minutes that will delight your users − usable even on the go with your mobile device.
Satisfy your users and free yourself from unnecessary process runtimes by handling authorization requests, access rights, role assignments and much more in Fiori style.
Avoid economic damage to your business with 24/7 visibility and monitoring of your SAP IdM landscape and provisioning processes.
Make life easier for yourself and the auditor. Prepare optimally for every audit with reports at the push of a button from SAP Identity Management.
Grant authorizations automatically in the right systems and applications and use the easiest way to manage authorizations with SAP Identity Management (IdM).
Identity & Access Management solutions, individually or in combination, enable efficient and compliant operation of target systems. This includes the detection and minimization of risks as well as the process-based provisioning and removal of users and accesses.
Authorizations in SAP systems grant users access to the applications they need to perform their activities. In order to map the processes securely and correctly, SAP authorizations must be subject to regular control and post-processing.
The tools of the SECMENDO product suite extend the capabilities of existing SAP Identity & Access Management (IAM) solutions. The goals are an improved user experience, enhanced functionality and more efficient processes.
A selection of our customers
