How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions



Similar documents
First-hand Information about the Enhanced Functionality and Integration Options Within SAP NetWeaver Identity Management 7.2

Business-Driven, Compliant Identity Management

BUSINESS-DRIVEN, COMPLIANT IDENTITY MANAGEMENT USING SAP NetWeaver IDENTITY MANAGEMENT

SAP Solution in Detail SAP NetWeaver SAP NetWeaver Identity Management. Business-Driven, Compliant Identity Management

Business-Driven, Compliant Identity Management

Minimize Access Risk and Prevent Fraud With SAP Access Control

Identity Management Basics. OWASP May 9, The OWASP Foundation. Derek Browne, CISSP, ISSAP

SAP Identity Management Overview

Oracle Role Manager. An Oracle White Paper Updated June 2009

IDENTITY MANAGEMENT AND WEB SECURITY. A Customer s Pragmatic Approach

SAP Identity Management Overview

How Accenture is taking SAP NetWeaver Identity Management to the next level. Kristian Lehment, SAP AG Matthew Pecorelli, Accenture

The Unique Alternative to the Big Four. Identity and Access Management

SAP NetWeaver Identity

Oracle Identity Management: Integration with Windows. An Oracle White Paper December. 2004

Identity Management with midpoint. Radovan Semančík FOSDEM, January 2016

Identity Management with SAP NetWeaver IdM

DirX Identity V8.5. Secure and flexible Password Management. Technical Data Sheet

DirX Identity V8.4. Secure and flexible Password Management. Technical Data Sheet

Identity Governance Evolution

Enterprise Identity Management Reference Architecture

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007

OracleAS Identity Management Solving Real World Problems

ADAPTABLE IDENTITY GOVERNANCE AND MANAGEMENT

SAP NetWeaver Identity Management Experiences from an Implementation at Colgate-Palmolive Company

Dell One Identity Manager Scalability and Performance

Oracle Identity Management Concepts and Architecture. An Oracle White Paper December 2003

By Makesh Kannaiyan 8/27/2011 1

Quest One Identity Solution. Simplifying Identity and Access Management

Security management White paper. Develop effective user management to demonstrate compliance efforts and achieve business value.

SAP Change Control - One Integrated Process to Manage Software Solution Deployments SAP AG

SAP Certified Technology Professional - Security with SAP NetWeaver 7.0. Title : Version : Demo. The safer, easier way to help you pass any IT exams.

Securing your business

SAP BusinessObjects GRC Access Control 10.0 New Feature Highlights and Initial Lessons Learned

Compliance & SAP Security. Secure SAP applications based on state-of-the-art user & system concepts. Driving value with IT

Key New Capabilities Complete, Open, Integrated. Oracle Identity Analytics 11g: Identity Intelligence and Governance

The Top 5 Federated Single Sign-On Scenarios

1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

Security and Your SAP System When Working with Winshuttle Products

SAP NetWeaver Single Sign-On. Product Management SAP NetWeaver Identity Management & Security June 2011

Strategic Identity Management for Industrial Control Systems

Simplify Identity Management with the CA Identity Suite

Unlock the Value of Your Microsoft and SAP Software Investments

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Understanding ERP Architectures, Security and Risk Brandon Sprankle PwC Partner March 2015

Role Based Identity and Access Management Basic Infrastructure for New Citizen Services and Lean Internal Administration

SAP User and Access Management with Microsoft Identity Integration Server

PingFederate. SSO Integration Overview

Enabling Federation and Web-Single Sign-On in Heterogeneous Landscapes with the Identity Provider and Security Token Service Supplied by SAP NetWeaver

IBM Tivoli Identity Manager

Governance, Risk & Compliance for Public Sector

Oracle Privileged Account Manager 11gR2. Karsten Müller-Corbach

Identity and Access Management

Research. Identity and Access Management Defined

SAP NetWeaver Information Lifecycle Management

Oracle Identity Analytics Architecture. An Oracle White Paper July 2010

Government of Canada Directory Services Architecture. Presentation to the Architecture Framework Advisory Committee November 4, 2013

Approaches to Enterprise Identity Management: Best of Breed vs. Suites

Achieving HIPAA Compliance with Identity and Access Management

CA SiteMinder SSO Agents for ERP Systems

<Insert Picture Here> Oracle Identity And Access Management

Frequently Asked Questions

WHITEPAPER OpenIDM. Identity lifecycle management for users, devices, & things

SAP Secure Operations Map. SAP Active Global Support Security Services May 2015

RSA Identity Management & Governance (Aveksa)

Extend and Enhance AD FS

Cisco Intelligent Automation for SAP

Oracle Identity Manager, Oracle Internet Directory

Identity Management Overview. Bill Nelson Vice President of Professional Services

Oracle Database 12c: Administration Workshop NEW

Oracle Access Manager. An Oracle White Paper

The Four "A's" of Information Security

Provisioning and Deprovisioning 1 Provisioning/De-provisiong replacement 1

Addressing the SAP Data Migration Challenges with SAP Netweaver XI

Identity & Access Management new complex so don t start?

SailPoint IdentityIQ Managing the Business of Identity

Introduction to Identity and Access Management for the engineers. Radovan Semančík April 2014

Application Monitoring for SAP

Stephen Hess. Jim Livingston. Program Name. IAM Executive Sponsors. Identity & Access Management Program Charter Dated 3 Jun 15

Compliant, Business-Driven Identity Management using. SAP NetWeaver Identity Management and SBOP Access Control. February 2010

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

Building an identity repository is at the heart of identity and access management.

Automated User Provisioning

Open Source Identity Management

Select the right solution for identity and access governance

SailPoint IdentityIQ Managing the Business of Identity

A HIGH-LEVEL GUIDE TO EFFECTIVE IDENTITY MANAGEMENT IN THE CLOUD

EXECUTIVE VIEW. EmpowerID KuppingerCole Report. By Peter Cummings October By Peter Cummings

How to best protect Active Directory in your organization. Alistair Holmes. Senior Systems Consultant

White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution

Transcription:

How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions Introduction This paper provides an overview of the integrated solution and a summary of implementation options for deploying a combined solution based on SAP Access Control and NetWeaver Identity Management. This solution combines access governance and identity management capabilities to support automation of identity and access processes and compliance requirements. SAP Access Control solution is based on ABAP technology and integrates with the native SAP ERP, Oracle, PeopleSoft, and JDE interfaces to support access governance capabilities. These capabilities include features such as administration of the access request process and approval process with integrated SOD analysis. NetWeaver Identity Management is based on Java technology and is designed to support administration of user identities, user provisioning, and single sign-on across IT systems and applications. SAP Access Control provides highly specialized functionality required to administer access and manage accounts to meet requirements for financial regulations and company policies. NetWeaver Identity Management provides powerful features designed to automate identity administration across multiple systems. When IdM is integrated with SAP Access Control, SoD analysis capabilities can be integrated with the approval processes within IdM to ensure that role assignments are compliant with financial regulations. Please read on to learn more about the benefits of the integrated solution and how to best leverage the features of each to determine the best approach for your deployment Figure 1. Features of NetWeaver Identity Management and SAP Access Control

SAP Netweaver Identity Management SAP NetWeaver Identity Management (NW ID Mgmt ) provides a comprehensive solution for managing user accounts and privileges across enterprise landscapes. Enterprise landscapes include a variety of applications and systems such as Microsoft Active Directory, Microsoft Exchange, SAP Business Suite, and custom applications. SAP NetWeaver Identity Management is capable of integrating with these systems to support identity management and provisioning through a combination of out-of-the-box connectors, standards-based integration, connectors provided by partners and connectors custom-developed using the NW ID Mgmt s published connector API. NW ID Mgmt supports the functionality to manage the user lifecycle from initial on-boarding, change, and termination. NW ID Mgmt includes an integrated workflow engine, extended Role-Based Access Control, and an integrated Identity Store built on virtual directory technology, the authoritative source for user identity data. NW ID Mgmt provides password synchronization functionality, allowing users to change their passwords on a number of source systems and have those passwords synchronized across all of their different accounts. Comprehensive reporting of activities relating to the mappings of users, roles and privileges are provided through SAP Business Warehouse. Standards-based Web Single Sign-On functionality is provided through a SAML 2.0 compliant Identity Provider. In addition, the product includes a Virtual Directory component that provides valuable metadirectory functionality and forms the engine for the product s connector API. SAP Access Control SAP Access Control is an access governance solution that automates the processes associated with managing access to business applications. SAP Access Control supports processes and audit records that track who has access, who approved access, when access was granted, and if the access assignments are still required. SAP Access Control is designed to bridge the gap between obtaining the technical definitions of system authorizations and facilitating the process of associating the correct system authorization or entitlement with the appropriate user. SAP Access Control includes the following five modules to accomplish this automation Access Request Process integrated workflow process to orchestrate approvals, SoD analysis, account actions (ie create, delete, lock, unlock, etc), and automated role assignment User, Role, and Risk Certification supports a periodic review process for existing user assignments, role definitions, and access risks required by several compliance regulations Risk Analysis and Remediation enables analysis of Segregation-of-Duty (SoD) violations by role, business process through ad-hoc queries or integrated with the access request. The integrated risk analysis enables stakeholders to resolve conflicts and reduce risk by mitigating the violation by changing the role assignment or through a mitigating control. Business Role Management supports management of SAP technical and business role lifecycle management. SAP Business Role Management enables the centralized management of SAP technical roles across multiple systems using a role methodology. This process ensures that roles are subjected to appropriate testing and approvals prior to deployment. Business roles in SAP BRM are groups of entitlements that can be associated with job functions for easily assignment to business users. Emergency Access Management a complete solution for managing access for privileged user access with integrated monitoring and log review. SAP Access Control is built on SAP ABAP technology and is supported using standard SAP basis and transport processes. SAP Access Control is intentionally built as a stand-alone solution to support integrated compliance and access provisioning for SAP ERP systems.

Comparison of Major product features This section compares key features of NetWeaver Identity Management and SAP Access Control. FUNCTIONALITY User Provisioning Role Management Workflow Access Certification NETWEAVER IDM Identity Administration and Provisioning User provisioning based on Java technology, connector framework, and integrated Identity Store for systems and applications. Broad support for SAP applications, databases, LDAP Directories, replacement for SAP CUA. Job function oriented, SAP and Non-SAP roles supported including global heterogeneous cross-system business roles. Supports context based grouping of roles and hierarchical role inheritance capabilities. Comprehensive workflow designed for general IT onboarding and off-boarding. Customizable configuration in the product. SAP ACCESS CONTROL Access Governance and ERP Provisioning Supports access request, approval processes, default values, role mapping, HR position based security, account actions and specific features required for managing access for ERP systems; based on SAP ABAP technology. Includes SAP technical role lifecycle management, integrated risk analysis, business role management. Focus is on definition and support of SAP business processes. Specifically designed multi-stage multi-path to handle multiple line item requests, cancelation and forwarding scenarios for access request approvals, delegation, and certification processes required for financial integrity and compliance. Complete solution for periodic analysis and certification of user assignments, role definitions and access risk. Supports process that enables review scope to be defined and administrative review process, and review management. Segregation of Duties Analysis Not Supported Flexible and comprehensive cross-system SoD and Critical Action risk analysis Reporting and Auditing Single Sign-On Identity Provider Emergency Access Management Designed for management of user provisioning processes Standards based SSO for SAP and non-sap applications based on SAML 2.0. Standards based IDP for SAP and other third party applications and services Not Supported Supports compliance audit requirements Not Supported Not Supported Comprehensive application for emergency access management

Identity Store Password Management HR Integration Comprehensive support for virtual profiles and synchronization of identity profiles and attributes Comprehensive solution for password reset and policies Automated update of user identities and synchronization with integrated systems with integrated audit review process User and role repository for compliance processes and reporting Supports reset only across multiple ERP systems Automated ERP account provisioning based on HR event type and pre-configured default attributes and settings Deployment Considerations Table 1. Feature Comparison Since both SAP Access Control and NetWeaver Identity Management were designed as independent solutions, there are several options to consider when integrating Access Control to an existing NW ID Mgmt deployment and vice versa. Along with these options, are important considerations for approval processes and management of the integrated solution. Figure 2. Solution Architecture

For existing SAP Access Control customers, integration of NW ID Mgmt can enable common integrated workflow approval and provisioning process that includes IT, email, and business applications. Access requests can be initiated in the IdM system with subsequent approvals and analysis in Access Control. This solution helps to consolidate identity and access administration processes with automated workflow, provisioning, and integrated SoD analysis. Existing Access Control Deployments Considerations for Implementing an Integrated Approval Workflow - Access request initiated in IdM, then send to Access Control to enable integrated approval process - Approval process supported in Access Control for all assignment provisioning actions. - Mitigating control concept in Access Control cannot be supported with external approvals. - Application roles are required to be maintained in Access Control and NW ID Mgmt to support risk analysis and approvals - User provisioning to ERP applications supported by Access Control - User provisioning to non ERP applications and IT systems can be supported using NW ID Mgmt Identity Store and connector framework. - Integrated audit trail supported through bi-directional web service records all approval and request actions. - Access Control role management supports ERP role lifecycle - Emergency Access capabilities supported through SAP Access Control - Integrated reporting supported through BW Table 2. Options for Existing SAP Access Control Customers For existing NW ID Mgmt customers, you can benefit from integrating Access Control to support access governance and compliance features required to manage access to the ERP system. Access Control also includes role management, emergency access management, and reporting/ audit features that enhance and expand the value of NW ID Mgmt. Existing NetWeaver Identity Management Deployments Considerations for integrating Access Control access governance and compliance - - Enables support for financial compliance and internal policies during provisioning approval process - SoD Check web service enables check for conflicts during approval process - Maintenance of roles is required in both SAP Access Control and NW ID Mgmt - Access certification processes can support periodic reviews for all ERP and compliance relevant role assignments - Multiple options for provisioning are supported: o Access Control supports ERP provisioning, NW ID Mgmt supports other systems and applications o NW ID Mgmt supports provisioning to all systems and applications o Access Control supports SAP HR Indirect position based security and provisioning model - Maintains audit record of approval actions that enables - Roles maintained with Access Control role management, enabled for NW ID Mgmt provisioning - Emergency Access capabilities supported through SAP Access Control - Integrated reporting supported through BW Table 3. Options for Existing NetWeaver Identity Management Customers

Case Study NW ID Mgmt

Summary Managing access to enterprise systems is becoming increasingly complex with increased risk and potential for penalties. Netweaver Identity Management and SAP Access Control combined solutions provide critically important features to ensure both management of identities and governance processes. In many organizations, the management of IT systems and financial applications are supported by different organizations, however the processes are similar in some cases. The integrated solution of IdM and Access Control provides the ability to share a common set of tools to manage IT and ERP access and identity built on common workflow, roles, and processes enabling greater value for both NW ID Mgmt and Access Control customers. Author Summary Swetta Singh, Chris Radkowski, Keith Grayson SAP Solution Management December 6, 2012 All Rights Reserved

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information