Identity Lifecycle Management

Manage roles, authorizations and users in a compliant manner − from the time a new employee joins the company to the time he or she leaves the company

Less administrative effort

Higher security

Fulfillment of compliance regulations

Establish connectivity between IdM solutions and SAP cloud products

What is Identity Lifecycle Management?

Speed and agility are becoming critical success factors for successful companies. This is often accompanied by employee growth and the flexible deployment of specialists in a wide variety of departments and projects. In this case, IT departments can reach their capacity limits, since the assignment of users, roles and authorizations in the relevant systems is still widely based on manual process steps.

Systems for mapping automated identity lifecycle management (or user lifecycle management) offer decisive approaches to solving this problem.

The components of the identity lifecycle

Identity Lifecycle Management is part of enterprise security and describes all processes for assigning roles and authorizations − from when an employee joins the company, through changing responsibilities or even department changes, to when he or she leaves.

Identity Lifecycle Management | IBsolution

SAP offers the following solutions for maintaining and managing access rights and users:

These solutions, individually or in combination, enable an efficient and compliant operation of target systems. This includes the detection and minimization of risks as well as the process-based provisioning and removal of users and accesses.

Click here for SAP Identity & Access Management solutions

SAP Identity & Access Management | IBsolution

Authorizations in SAP systems form the basis for identity & access management. They enable users to access the applications they need to perform their tasks. Since functional and organizational requirements are subject to change, SAP authorizations must be regularly checked and reworked. This is the only way to ensure that processes are mapped securely and completely correctly from a technical point of view.

In order to identify and minimize risks in authorizations and to assign them correctly via the SAP user lifecycle, the use of supporting solutions from identity & access management is recommended.

Click here for SAP Authorization Management

SAP Authorization Management | IBsolution

The tools of the SECMENDO product suite extend the capabilities of existing identity & access management (IAM) solutions. The goals are improved user experience, enhanced functionality and more efficient processes.

Click here for SECMENDO products

Produktreihe SECMENDO | IBsolution

 

Identity Lifecycle Management automates processes and reduces costs

New employees are usually first created in HR databases such as SAP SuccessFactors or SAP HCM. Information about their functions in the company is also maintained there, for example, date of entry and membership of teams and departments. Manually provisioning the corresponding roles and authorizations for entry generates a high level of administrative effort, which can be avoided with automated Identity Lifecycle Management (ILM) or User Lifecycle Management (ULM).

  • Automated approval processes

  • Automated administration of roles and authorizations in the event of function or department changes

  • Automated assignment of authorizations for work groups (temporary and cross-system)

  • Automatic deletion of user profiles

  • Extensive self-services (password reset, ordering system access, etc.)

Your contact person

Simon_Toepper_400x400px

Simon Toepper

simon.toepper@ibsolution.de

+49 7131 2711-3000

Identity Lifecycle Management across different systems

Given the triumph of cloud applications, it is no longer sufficient to manage digital identities in a single system. Authorizations and roles on the on-premise ERP system are supplemented, for example, with access to a cloud CRM system, connected project management systems such as Jira or mail services such as Gmail. Furthermore, human resources management systems such as SAP SuccessFactors must be integrated, which are often the source of all information for a digital identity.

All systems must be managed centrally and as automatically as possible, which is achieved via a central identity management system. From there, the automated provisioning of the correct roles and authorizations takes place via connectors in the connected systems, which greatly simplifies the cross-system management of identities.

 

Identity Lifecycle Management in the environment of enterprise security

Identity Lifecycle Management (ILM) or User Lifecycle Management (ULM) is part of enterprise security and describes all processes for assigning roles and authorizations − from the time an employee joins the company, through changing responsibilities or even department changes, to the time he or she leaves.

 

Data can only be protected effectively if authorizations are managed sensibly and documented in a traceable manner from the time an employee joins the company to the time he or she leaves. This, in turn, facilitates IT audits and is a basic prerequisite for meeting legal requirements (for example, ISO 27000, EU-GDPR, etc.).

This applies not only to the company’s own employees, but also to external staff, temporary workers, customers and suppliers.

What processes does Identity Lifecycle Management include?

The challenges of Identity Lifecycle Management or User Lifecycle Management can best be described using the concrete example of an employee.

Let’s assume that a new employee joins a company on a certain date. His digital identity should be created before he starts work so that he has full access to the systems and applications that are important for him and his job. This means that Identity Lifecycle Management or User Lifecycle Management begins well before the employee’s first day of work, namely when the employment contract is signed.

The signing triggers the creation of a corresponding user in the user directory (LDAP, ZBV or other) and the assignment of roles and authorizations to him according to his function in the company. The roles and authorizations are then transported to the systems on the entry date (provisioning). During this step, authorizations are also granted for special project rooms in systems such as Sharepoint, Jira, Confluence, SAP Jam or other collaboration platforms.

Identity Lifecycle Management | Entry | IBsolution

After the employee has worked successfully in the company for some time, new opportunities arise for him through a change of department with new responsibilities. Identity Lifecycle Management or User Lifecycle Management also describes this process. New authorizations are added, access rights that are no longer necessary are withdrawn − an important part of adhering to compliance guidelines. It makes sense here to use tools that help check roles and authorizations at the push of a button and answer the question of what the employee really needs.

Identity Lifecycle Management | Change | IBsolution

The employee goes through this process several times until he or she leaves the company. Now it is important to ensure that all access to systems and applications is revoked as of the effective date and that the now former employee can no longer access internal data and systems of his or her former employer.

It is advisable not to blindly rely on the correct execution of de-provisioning processes, but to carefully check their results.

Identity Lifecycle Management | Exit | IBsolution

The documentation of authorization assignment and the associated reporting to support audits are highly important as disciplines of Identity & Access Governance for compliance reasons. They are greatly simplified by fully automated Identity Lifecycle Management and User Lifecycle Management.

Identity Lifecycle Management | Documentation | IBsolution

Learn about the latest developments in Identity Lifecycle Management

Event

3. SECMENDO Online Conference

Learn how SAP Cloud Identity, Okta and One Identity can help you provision your users and authorizations to SAP and non-SAP systems compared to SAP Identity Management. Watch the 3rd SECMENDO Online Conference.

Watch now (in German)
Event

2. SECMENDO Online Conference

In October 2020, we reported on User Lifecycle Management processes in hybrid SAP landscapes at our 2nd SECMENDO Online Conference.

Watch now with Englisch subtitle
Event

1. SECMENDO Online Conference

With the 1st SECMENDO Online Conference we have created an event that focuses on Identity & Access Management in SAP landscapes and shows participants how to increase security and productivity in their systems.

Watch now with English Subtitle

SECMENDO products to complement your SAP systems

SECMENDO.audit

Break up grown structures and clean up your roles and authorizations in preparation for SAP S/4HANA.

Learn more

SECMENDO.authority_generator

Customize authorization roles based on authorization traces.

Learn more

SECMENDO.selfservice

Build your perfect self-service offering for SAP Identity Management. Enable employees and managers to request and manage authorizations themselves through easy-to-use self-services.

Learn more

SECMENDO.ui_generator

Create a UI5 interface for your SAP Identity Management system in just 5 minutes that will delight your users − usable even on the go with your mobile device.

Learn more

SECMENDO.selfservice_inbox

Satisfy your users and free yourself from unnecessary process runtimes by handling authorization requests, access rights, role assignments and much more in Fiori style.

Learn more

SECMENDO.monitor

Avoid economic damage to your business with 24/7 visibility and monitoring of your SAP IdM landscape and provisioning processes.

Learn more

SECMENDO.report

Make life easier for yourself and the auditor. Prepare optimally for every audit with reports at the push of a button from SAP Identity Management.

Learn more

SECMENDO.connect

Grant authorizations automatically in the right systems and applications and use the easiest way to manage authorizations with SAP Identity Management (IdM).

Learn more

SECMENDO-Produkte | IBsolution

Discover the full range of our SAP security portfolio

SAP Identity & Access Management | IBsolution

SAP Identity & Access Management

Identity & Access Management solutions, individually or in combination, enable efficient and compliant operation of target systems. This includes the detection and minimization of risks as well as the process-based provisioning and removal of users and accesses.

Learn more
SAP Authorization Management | IBsolution

SAP Authorization Management

Authorizations in SAP systems grant users access to the applications they need to perform their activities. In order to map the processes securely and correctly, SAP authorizations must be subject to regular control and post-processing.

Learn more
SECMENDO product suite | IBsolution

SECMENDO product suite

The tools of the SECMENDO product suite extend the capabilities of existing SAP Identity & Access Management (IAM) solutions. The goals are an improved user experience, enhanced functionality and more efficient processes.

Learn more

Want to learn more about how you can benefit from automated Identity Lifecycle Management?

Complete the form to arrange an initial informational meeting with our experts. 

We look forward to receiving your inquiry.