[ [ SAP NetWeaver Identity Management Experiences from an Implementation at Colgate-Palmolive Company Sarah Henriquez Senior Manager IT Risk Management, Colgate-Palmolive Kristian Lehment Product Manager IDM & Security, SAP AG
[ Agenda Evolution at SAP towards the Solution Compliant Identity Management and Single Sign-On Introduction The Functionality Delivered with SAP NetWeaver Identity Management The COLGATE-PALMOLIVE Company Facts & Figures Implementation at COLGATE-PALMOLIVE Company Learning Points Business Challenges Benefits Plans Going Forward 2
[ Compliant Identity Management and Single Sign-On Compliant Identity Management and Single Sign-On Compliance and Governance Authentication and Single Sign-On Identity Management SAP Access Control SAP NetWeaver Single Sign-On SAP NetWeaver Identity Management SAP offers a complete suite of compliance, governance, identity management, and single sign-on solutions
[ The Identity Lifecycle How long does it take for new employees to receive all permissions and become productive in their new job? How can you remove permissions automatically if employees change their position? Are permissions automatically adjusted if someone is promoted to a new position? How long does it take to remove ALL permissions of an employee? And how can you ensure that they were properly removed? Who has adequate permissions to fill in for a co-worker?
[ SAP NetWeaver Identity Management Functionalities Holistic Approach SAP HCM e.g. on-boarding SAP Business Suite Integration Identity virtualization and identity as service Approval workflows Compliance checks SAP Access Control SAP NetWeaver SAP NetWeaver Identity Identity Management Management Central Identity Store Reporting Rule-based assignment of business roles SAP applications Provisioning to SAP and non-sap systems Non-SAP applications Password management Web-based Single Sign-On and Identity Federation
[ History of Compliant Identity Management and Single Sign-On October 31, 2011 General availability of SAP NetWeaver Identity Management 7.2 August 09, 2011 General availability of SAP Governance, Risk, and Compliance Solutions, Release 10.0 June 14, 2011 General availability of SAP NetWeaver Single Sign-On 1.0 January 12, 2011 SAP acquires software security products and assets from SECUDE June 16, 2009 General availability of SAP NetWeaver Identity Management 7.1 June 15, 2007 General availability of SAP NetWeaver Identity Management 7.0 May 14, 2007 SAP extends identity management capabilities in SAP NetWeaver with acquisition of MaXware April 03, 2006 SAP strengthens leadership in compliance solutions with acquisition of Virsa SAP Access Control SAP NetWeaver Identity Management SAP NetWeaver Single Sign-On
[ SAP offers Rapid Deployment Solution to meet specific business needs Software Service Content Enablement Software Quickly address the most urgent business processes Content SAP best practices, templates and tools make solution adoption easier Enablement Guides and educational material speed end user adoption Service Fixed scope and price provides maximum predictability and lowers risk
[ which allow predictability, out-of-the-box integration and adoption choices as business demands Predictability Fast value in days/weeks Fixed cost and fixed best practice scope Integration Integrated start and growth options Immediate and future IT and business processes landscape integrity Choice Modular packages to meet specific business needs and allow individual adoption paths Flexible licensing and deployment options
[ Predictability: Solution adoption made simple Predictability Implementations in a matter of days/weeks Clear pricing, scope, timelines and outcomes Proven best-practices from an extensive customer and qualified partner ecosystem
[ Agenda The COLGATE-PALMOLIVE Company - Facts & Figures Implementation at COLGATE-PALMOLIVE Company Learning Points Business Challenges Benefits Plans Going Forward 10
$16.7 + Billion in Sales Products Sold in 200 Countries & Territories Sales by Division 39,200 Colgate People Greater Asia/Africa 20% Pet 13% Europe/South Pacific 21% North America 18% Latin America 28%
ORAL CARE PERSONAL CARE HOME CARE PET NUTRITION
[ Learning Points Pre-implementation insights that were important for the project: SAP NetWeaver Identity Management is a framework and it is highly customizable Understand the current business processes in use at Colgate-Palmolive Company 13
[ Overview of Identity Management at Colgate Colgate uses the application to centralize and synchronize user accounts for E-mail, SAP user IDs and Network access (MS-Active Directory) Standardize identities using Human Capital Management (HCM) global personnel number as a unique identifier User accounts mapped to the global personnel number Automatically creates and terminates accounts based on HCM action types 14
[ Business Challenges Addresses current business challenges: Users need accounts in multiple applications Multiple organizations support account creation / termination Manual process requiring complex reconciliation Decentralized account administration processes for different applications 15
[ Benefits One single source of truth Automates creation of user accounts Automates compliance and timeliness of terminations Improves employee experience 16
[ Best Practices Automation of manual process Global centralized process 17
[ HCM Integration with IdM HR to enter data for employees HR Identity Management 1 2 Create employee record RFC Receive HR Data 4 Update employee record with SAP Id + Email (Infotype 105) Web Service 3 Calculate SAP Id and Email address 18 of 22
[ Lessons Learned: HCM Integration with IDM Data entered in the global HCM system The timeliness of the data entered Understand the data needed Use of employee information for account creation Accuracy of user address information 19
[ Where are We Now? Jun 2010 Jul 2010 Aug 2010 Sep 2010 Oct 2010 Nov 2010 Dec 2010 Jan 2011 Feb 2011 Mar 2011 Apr 2011 May 2011 Jun 2011 Jul 2011 Aug 2011 Sep 2011 Oct 2011 Nov 2011 Email account v 7.1 SAP User Id Account v 7.1 Network account automation v 7.1 20
[ Identity Management Account Automation HR to enter data for employees HR Create employee record Identity Management Create user account Network account Provision Active Directory account Email Provision Lotus Notes account SAP CUA New SAP User Id Role provisioning to target systems 21
[ Long Term Strategy Single Sign-On Upgrade 7.2 Integrate GRC Migrate CUA managed systems to IdM Self-service Password resets Lock/unlock Fully automate creation/termination SAP, Email, Network Id 22
[ Plans Going Forward Increase scope on IDM to manage all employees Upgrade SAP NetWeaver Identity Management to version 7.2 Integrate Governance, Risk, and Compliance (GRC) process (SAP Access Control) Automate role assignments were possible Implement SAP NetWeaver Single Sign-On 23
[ Key Lessons Learned Alignment with HR is key Change Management Understand changes and impact to current business processes What is changing What is centralized Understand the data coming from HCM into IDM Identify key technical and business process expertise Communication is key 24
[ ] Thank you for participating. Please remember to complete and return your evaluation form following this session. For ongoing education on this area of focus, visit the Year-Round Community page at www.asug.com/yrc [ SESSION CODE: 1004 25