SAP NetWeaver Identity



Similar documents
Business-Driven, Compliant Identity Management

BUSINESS-DRIVEN, COMPLIANT IDENTITY MANAGEMENT USING SAP NetWeaver IDENTITY MANAGEMENT

SAP Identity Management Overview

First-hand Information about the Enhanced Functionality and Integration Options Within SAP NetWeaver Identity Management 7.2

SAP Solution in Detail SAP NetWeaver SAP NetWeaver Identity Management. Business-Driven, Compliant Identity Management

LVS Troubleshooting Common issues and solutions

Business-Driven, Compliant Identity Management

How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions

Compliant, Business-Driven Identity Management using. SAP NetWeaver Identity Management and SBOP Access Control. February 2010

SAP BusinessObjects Edge BI, Standard Package Preferred Business Intelligence Choice for Growing Companies

SAP BusinessObjects Edge BI, Preferred Business Intelligence. SAP BusinessObjects Portfolio SAP Solutions for Small Businesses and Midsize Companies

SAP Identity Management Overview

LHI Leasing Simplifying and Automating the IT Landscape with SAP Software. SAP Customer Success Story Financial Services Provider LHI Leasing

How-to guide: Monitoring of standalone Hosts. This guide explains how you can enable monitoring for standalone hosts in SAP Solution Manager

SAP Identity Management Connector Overview. SAP SE Walldorf, August 2015

Minimize Access Risk and Prevent Fraud With SAP Access Control

Compare & Adjust How to Guide for Compare & Adjust in SAP Solution Manager Application Lifecycle Management

Active Quality Management

Nine Reasons Why SAP Rapid Deployment Solutions Can Make Your Life Easier Get Where You Want to Be, One Step at a Time

SAP Security Recommendations December Secure Software Development at SAP Embedding Security in the Product Innovation Lifecycle Version 1.

Finding the Leak Access Logging for Sensitive Data. SAP Product Management Security

Configuring Java IDoc Adapter (IDoc_AAE) in Process Integration. : SAP Labs India Pvt.Ltd

SAP Business ByDesign and SAP ERP. SAP Business ByDesign for Subsidiaries Overview of Functional and Technical Integration with Headquarters SAP ERP

SAP PartnerEdge Program: Opportunities for SAP-Authorized Resellers

SAP BW on HANA & HANA Smart Data Access Setup

SAM Enterprise Identity Manager

SAP Landscape Transformation (SLT) Replication Server User Guide

SAP White Paper Enterprise Information Management

Agentry and SMP Metadata Performance Testing Guidelines for executing performance testing with Agentry and SAP Mobile Platform Metadata based

Implementing an Enterprise Information Management Strategy An Approach That Mitigates Risk and Drives Down Costs

Within Budget and on Time

Integration of SAP Netweaver User Management with LDAP

Cloud Single Sign-On and On-Premise Identity Federation with SAP NetWeaver Cloud White Paper

AC 10.0 Centralized Emergency Access

SAP Archiving and SAP Document Access

HR400 SAP ERP HCM Payroll Configuration

Open Items Analytics Dashboard System Configuration

SAP Business One OnDemand. SAP Business One OnDemand Solution Overview

TM111. ERP Integration for Order Management (Shipper Specific) COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)

Streamlined Planning and Consolidation for Finance Teams in Any Organization

ITM204 Post-Copy Automation for SAP NetWeaver Business Warehouse System Landscapes. October 2013

SAPFIN. Overview of SAP ERP Financials COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)

SAP ERP EMPLOYEE INTERACTION CENTER

SAP Business ByDesign Reference Systems. Scenario Outline. SAP ERP Integration Scenarios

SAP ERP FINANCIALS ENABLING FINANCIAL EXCELLENCE. SAP Solution Overview SAP Business Suite

Made to Fit Your Needs. SAP Solution Overview SAP Solutions for Small Businesses and Midsize Companies

SAP BusinessObjects Business Intelligence 4 Innovation and Implementation

Application Lifecycle Management

RUN BETTER Become a Best-Run Business with Remote Support Platform for SAP Business One

SAP BusinessObjects SOLUTIONS FOR ORACLE ENVIRONMENTS

SAP Solution Manager - Content Transfer This document provides information on architectural and design questions, such as which SAP Solution Manager

Meeting the Challenges of

Streamline HR Tasks with Centralized Document Access

How To Install The Sap Business Explorer 7.X 2.X (Sap) On A Windows 7.30 Computer (Windows 7)

Enterprise Information Management Services Managing Your Company Data Along Its Lifecycle

AC 10.0 Business Role Management

Five Strategies Small and Medium Enterprises Can Use to Successfully Implement High Value Business Mobility

Certificate SAP INTEGRATION CERTIFICATION

BW Source System: Troubleshooting Guide

Process Archiving using NetWeaver Business Process Management

Set Up Hortonworks Hadoop with SQL Anywhere

Enterprise Software - Applications, Technologies and Programming

How To Use the BPC Mass User Management Tool in BPC 10.0 NW

Memory Management simplifications in ABAP Kernel 7.4*

Integration of SAP central user administration with Microsoft Active Directory

Cut Costs and Improve Agility by Simplifying and Automating Common System Administration Tasks

Budget Control by Cost Center

BW Workspaces Use Cases

UI Framework Simple Search in CRM WebClient based on NetWeaver Enterprise Search (ABAP) SAP Enhancement Package 1 for SAP CRM 7.0

Table of Contents. How to Find Database Index usage per ABAP Report and Creating an Index

AC200. Basics of Customizing for Financial Accounting: General Ledger, Accounts Receivable, Accounts Payable COURSE OUTLINE

Cybersecurity and Secure Authentication with SAP Single Sign-On

AC 10.0 Customizing Workflows for Access Management

Supplier Master Data Governance

Secure MobiLink Synchronization using Microsoft IIS and the MobiLink Redirector

Introducing SAP s Landscape and Data Center Innovation Platform. Phil Jackson SAP Solution Engineer

ForFarmers: SAP Business Communications Management for Call Center Workload Distribution

Can I customize my identity management deployment without extensive coding and services?

Reducing Operational Risk with SAP Management of Change

Setting up Single Sign-On (SSO) with SAP HANA and SAP BusinessObjects XI 4.0

Extend the SAP FIORI app HCM Timesheet Approval

SAP BusinessObjects Business Intelligence 4.1 One Strategy for Enterprise BI. May 2013

Create and run apps on HANA Cloud in SAP Web IDE

SAP ERP OPERATIONS SOLUTION OVERVIEW

Making Information Governance a Reality for Your Organization Maximize the Value of Enterprise Information

Run SAP like a Factory

Getting Started with the License Administration Workbench 2.0 (LAW 2.0)

SAP NetWeaver Decision Service Management in SAP CRM for Utilities

Sybase ASE Linux Installation Guide Installation and getting started guide for SAP Sybase ASE on Linux

Extend Business Scope and Improve Governance with SAP Content Management

Additional Guide to Implementing the SAP CRM Service Management rapiddeployment

How To Use Sap Business Objects For Microsoft (For Microsoft) For Microsoft (For Pax) For Pax (For Sap) For Spera) For A Business Intelligence (Bio) Solution

How to Configure Access Control for Exchange using PowerShell Cmdlets A Step-by-Step guide

Transcription:

SAP NetWeaver SAP NetWeaver Identity Management: The Time Is Now Replace CUA Set a Strategic Course in User Administration

CONTENT 4 Bring New Efficiency to Your User Administration 5 At Home in Every System 5 Dependable Compliance with Any Requirement 6 A Flexible Component for Heterogeneous Systems 7 Achieving Greater Security with Less 7 Rapid, Low-Risk Approvals 7 Rights by Role 7 Less IT Effort Required 8 A Three-Step Approach 9 Direct Comparison 10 Secure Access to All Systems 10 The Time Is Now 10 Reach Your Goals More Quickly with Quality Consulting

Bring New Efficiency to Your User Administration With SAP NetWeaver IDENTITY MANAGEMENT For many years, the central user administration (CUA) component has served SAP customers well with reliable authorization and role management functions for SAP software landscapes based on the ABAP programming language. Now, however, the time for a paradigm shift in SAP s user management strategy has arrived. With the SAP NetWeaver Identity Management (SAP NetWeaver ID Management) component, you can implement centralized administration of your employees user accounts and system authorizations across multiple SAP software environments. The component also offers a functional scope that goes far beyond that of CUA, enabling new users to get started more quickly throughout your heterogeneous system landscape. Powerful and innovative and yet scalable and flexible SAP NetWeaver ID Management aids you in establishing a framework for comprehensive and compliant identity management. The component is finely tuned for integration with the SAP BusinessObjects Access Control application, a market leader for governance, risk, and compliance (GRC) in SAP software systems. By combining SAP NetWeaver ID Management with this application, you can be even more efficient in helping ensure universal security. The time is right to secure your user administration for years to come. Join the many SAP customers already taking full advantage of the new developments and enhanced functions in SAP NetWeaver ID Management. Now it s easy for us to quickly connect new systems to SAP NetWeaver Identity Management. Tobias Marquart, Project Lead in Identity Management, University of Basel Data Center 4

At Home in Every System Fully Integrated, Totally Secure CUA and SAP NetWeaver ID Management both provide a number of functions for managing users, roles, and authorizations, including: Centralized creation, maintenance, and deletion of user accounts Centralized administration of global attributes, such as first and last names Role assignment and removal Data synchronization across multiple systems So, why upgrade? CUA only offers these functions within ABAP-based SAP software environments; SAP solutions based on Java and technology other than the SAP NetWeaver technology platform (such as SAP BusinessObjects and Sybase solutions) and systems from other providers are not supported. This is precisely where the advantages of SAP NetWeaver ID Management come into play. Among additional comprehensive identity management functionality (see Figure 1), the solution contains numerous connectors (see Figure 2) through which you can integrate other IT systems across multiple platforms. Interlinking your applications based on a service-oriented architecture will enable you to implement consistent, centralized user administration throughout your company s system landscape. Dependable Compliance with Any Requirement With SAP NetWeaver ID Management, you benefit from: Segregation of duties: You can automatically help ensure legal compliance by delegating decisions concerning authorization assignments to the responsible business process owners. Workflows help you adhere to the correct approval sequences, while SAP NetWeaver ID Management logs every process in the background. A hierarchical role model: The component enables you to organize authorizations based on a hierarchy of business roles. Through the Logging, auditing, and reporting Data synchronization SAP NetWeaver Identity Management: A complete identity management component for heterogeneous system landscapes Approval workflow employee role, for example, you can create a new e-mail account, Microsoft Active Directory entry, or telephone extension in a single step. You can then grant the department manager role further authorizations, such as cost center access. Consistent identity monitoring and transparent audit trails: SAP NetWeaver ID Management facilitates tracking of changes in data and authorizations throughout an employee s entire identity lifecycle. This helps ensure a higher level of security and makes reporting easier. User self-administration: Employees can manage much of their personal data on their own and even reset their own passwords, which means Role and authorization management Figure 1: A Complete Identity Management Component for Heterogeneous System Landscapes 5

less work for those at your help desk. Users can also request system access and role assignment themselves. Transparency in authorization administration: What authorizations does a certain employee have? How many employees are using a particular system license? SAP NetWeaver ID Management provides immediate insight into all of the permissions granted at your company. Reduced costs and time requirements: Just minutes after their accounts are created, employees can log into their workstations, send and receive e-mail, access the business applications assigned to their positions, and use your employee portal. This spares you the usual routing slips and manual data entry. All in all, you can transfer more responsibility for managing personal data and authorizations to those to whom they belong: your employees. By enabling you to implement reliable, comprehensive, and compliant identity management in short order, SAP NetWeaver ID Management also significantly improves your preparation for future quality inspections and internal audits. Simply connect the component to SAP BusinessObjects Access Control to integrate potent functions for governance, risk management, and compliance directly into your user administration. A Flexible Component for Heterogeneous Systems Written purely in ABAP, CUA is deeply integrated into SAP ERP and other SAP Business Suite applications. As part of the SAP NetWeaver technology platform, SAP NetWeaver ID Management makes much more flexible implementations possible: instead of targeting individual systems, you can use it to consolidate and manage identities and authorizations throughout your landscape according to your company s role model, which leads to significant gains in efficiency. Target system class Directories Databases Applications OS or other systems Generic interfaces Partner connectors (not included in standard component) Connectors In addition, CUA sits directly atop an SAP R/3 or SAP ERP software system, while SAP NetWeaver ID Management is based on Java. The new component runs on the SAP NetWeaver Application Server component and connects to a separate database server. By easily integrating separate directories, databases, groupware applications, and operating systems into your user administration, you can implement a comprehensive identity management beyond the borders of SAP software systems. The connectors in Figure 2 make this possible. Microsoft Active Directory, IBM Tivoli Directory, Novell edirectory, SunONE Java Directory, Oracle Internet Directory, Microsoft Active Directory Application Mode (ADAM), Siemens DirX, OpenLDAP Microsoft SQL Server, Microsoft Access, Oracle Database, IBM UDB (DB2), MySQL, Sybase SAP Business Suite, SAP BusinessObjects Access Control (GRC), Lotus Domino/Notes, Microsoft Exchange, RSA ClearTrust, RSA SecurID SAP NetWeaver Application Server component, Microsoft Windows NT, MS-ILM (previously MIIS), Unix/Linux, ShellExecute, custom Java connector API, script-based connector API SPML (Services Provisioning Markup Language), LDAP, ODBC/JDBC/OLE-DB, RFC, LDIF files, XML files, CSV files ENDRA (Kogit), BlackBerry Enterprise Server (Kogit), IBM Cognos (Kogit), IBM i5 (Identity Forge), CA-ACF2 (Identity Forge), CA-Top Secret (Identity Forge), Cisco Call Manager (Conet), FlexiTrust CA (FlexSecure), IBM RACF (Kogit), IBM RACF (Identity Forge), SharePoint (Asconsit), SharePoint (Kogit), Secure TrustManager (Secude), PeopleSoft (Asconsit) Figure 2: Connectors for SAP NetWeaver Identity Management 6

Achieving Greater Security with Less Optimize Authorization Assignment Rapid, Low-Risk Approvals Are you still investing a lot of time and dealing with the errors often involved in managing your user accounts based on routing slips, manual signatures, and e-mail archives? SAP NetWeaver ID Management now gives IT directors like you the opportunity to significantly optimize your user administration while helping ensure the highest possible level of security. The component supports your efforts to assign and manage user accounts and authorizations with an integrated model. Through single sign-on, she can then access all of the functions she needs from a central location. An intern completes consecutive stints in various departments. On the first day of each, SAP NetWeaver ID Management quickly and reliably grants him his new authorizations following manager approval and removes those he no longer needs. An employee leaves your company. With SAP NetWeaver ID Management, it takes just seconds to remove access rights for everything from workstations to the company parking garage. After many years with CUA, we successfully upgraded to SAP NetWeaver Identity Management to realign our strategy and gain the ability to merge our user management for SAP and non-sap applications whenever necessary. Dr. Christoph Wall, Freie Universität Berlin identities based primarily on business roles. Containing authorization information from adjacent systems, these roles are inheritable and easy to organize in hierarchies. You can also generate templates to speed up the creation of new roles in the future. A real-world situation might include the following roles: Employee: Every employee receives an e-mail account, a user ID, an Active Directory, and single sign-on portal access. You can assign a business role to automatically grant the corresponding authorizations. Sales manager: You can assign multiple roles such as manager and sales to the same employee to grant extended access to cost centers and customer relationship management functions. When needed, you can also still grant specific rights without assigning a business role. approval workflow that helps ensure smooth, secure processing all the way from requests to approvals. All of your employees will have the exact permissions they need for their daily work and not one authorization more. Here are some example scenarios: A new employee joins your company. The human resources department enters the corresponding master data into your HR system. SAP NetWeaver ID Management creates an e-mail account, an Active Directory entry, and a home folder while granting the employee access to your employee portal. The new hire also automatically receives further authorizations based on a clearly defined role Other useful workflows that help ensure equally high measures of employee productivity and security and are not available in CUA offer further arguments for an upgrade to SAP NetWeaver ID Management. Rights by Role Through roles, you can determine which authorizations your employees receive while precisely defining each individual access right. With CUA, this can quickly lead to uncontrolled growth, which is why the roles that companies use in practice often outnumber their employees. SAP NetWeaver ID Management enables you to maintain clear, straightforward structures and handle Less IT Effort Required Upgrading to SAP NetWeaver ID Management is also a worthwhile investment with respect to your ongoing outlay in IT: the component will reduce your administrative costs and effort and relieve your IT help desk for the long term. By accessing self-services through a familiar interface, users can quickly manage their attributes cell phone numbers and office addresses, for example and reset their passwords without time-consuming support tickets. The sooner you switch to SAP NetWeaver ID Management, the sooner you can start achieving the additional return on investment these functions provide.

A Three-Step Approach Upgrade Now and Reap the Benefits Switching from CUA to SAP NetWeaver ID Management is an important strategic endeavor, and doing so is simpler and faster than you might think. You can achieve this goal in three phases. Phase 1: Project Preparation First, you analyze your existing processes in the central user administration (CUA) component and take stock of your current data in order to identify and leverage synergies. You determine which personal data and processes you want to transfer to your new system and which roles you will need to carry over. Meanwhile, data cleansing and migration effects will improve your data quality and prepare you for the transition. During this phase, CUA still handles user administration in your SAP software systems. You continue to maintain your non-sap solutions separately and approve authorizations as before using routing slips or e-mail, for example. Phase 2: Parallel Operations In the next step, you import all of your user data into the SAP NetWeaver ID Management component. You map all of your role models and then integrate your non-sap solutions while continuing to use CUA to manage your users and access rights for SAP applications. In other words, you run both components in parallel to minimize downtime. Depending on your IT structure and requirements, you can also integrate your third-party systems at a later point in time it s up to you. Phase 3: Migration and Project Completion You now successively migrate all of your SAP software systems from CUA to your new SAP NetWeaver ID Management component. This enables you to maintain an overview while carrying out your project carefully and avoiding the risks involved in a big bang implementation. After transferring all of your systems, you can deactivate CUA. Initial Situation Migration SAP NetWeaver ID Management Project Completion CUA CUA SAP NetWeaver ID Management E-Mail Portal SAP ERP SAP SCM E-Mail Portal SAP ERP SAP SCM E-Mail Portal SAP ERP SAP SCM CUA manages SAP software systems Higher-level administration Successful migration and deactivation of CUA CUA = Central User Administration; ERP = Enterprise Resource Planning; SCM = Supply Chain Management 8

Direct Comparison Your Benefits at a Glance While CUA and SAP NetWeaver ID Management do have some things in common, it s easy to see the advantages of the new SAP component in the following overview table. Our user administration is now more streamlined and cost-effective, and it s also easier to meet the associated compliance requirements. Margit Stefaniack, Department Head of Processes and Applications, Berliner Stadtreinigungsbetriebe Function Central user administration (CUA) SAP NetWeaver Identity Management Target systems ABAP programming language based systems Applications and solutions from both SAP and other providers Workflow support No Yes Rule-based access to user administration No Yes, through access controls Hierarchical role modeling Only single and composite roles No inheritance or hierarchy support Company-wide role models based on business roles Cross-system role assignment Manual only Automatic Lightweight Directory Access Protocol (LDAP) directory integration Password management LDAP synchronization only Central management and allocation of initial passwords Yes User interface enables decentralized password resets Graphical user interface Yes, through transaction SU10 Mass changes through comma-separated values (CSV) based initial data Import and upload preparation as part of the CUA replacement package from SAP Consulting Reporting Yes, through transaction SUIM Standard reports in the SAP NetWeaver Business Warehouse component and SAP Crystal Reports software Migration package includes customizable report templates E-mail notification No Supports integration of an existing e-mail system Integration of back-end systems, monitoring, and troubleshooting Application link enabling (ALE) distribution model and idoc processing Synchronization through standardized jobs Includes interfaces and job templates The actual specifications require conception and configuration 9

Secure Access to All Systems Ideally Positioned for the Future Reach Your Goals More Quickly with Quality Consulting If you re looking to take advantage of this new component sooner rather than later, SAP Consulting offers a service package that can help you prepare and complete your upgrade to SAP NetWeaver ID Management all for one fixed price. We have successfully replaced CUA and added high value with the introduction SAP NetWeaver Identity Management. More information is also available at these links: www.sap.com/platform/netweaver /components/idm/index.epx www.sdn.sap.com/irj/sdn /nw-identitymanagement Dr. Christoph Wall, Freie Universität Berlin The Time Is Now With SAP NetWeaver ID Management SAP s new strategic component for identity management you can move on from CUA with confidence. Doing so will prepare your company s user administration for the future and consolidate the corresponding elements throughout your system landscape. You can also add new functions to the component with subsequent updates. SAP NetWeaver ID Management enables you to implement centralized user administration for your entire IT landscape while transcending system boundaries. By combining it with SAP BusinessObjects Access Control, you can also minimize risk by helping to ensure your compliance with current and future governance guidelines. The component largely automates your fulfillment of legal and auditing requirements. Meanwhile, you ll find the process of granting and removing access rights much easier and more efficient. Many procedures will no longer require manual execution by your employees, and managing all of the identities at your company centrally will constantly increase the quality of your user data and your company s security in equal measure. Year after year, your support effort will decline as you watch the return on your investment grow. 10

50 104 885 (11/04) 2011 SAP AG. All rights reserved. SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, StreamWork, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects Software Ltd. Business Objects is an SAP company. Sybase and Adaptive Server, ianywhere, Sybase 365, SQL Anywhere, and other Sybase products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Sybase, Inc. Sybase is an SAP company. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ( SAP Group ) for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. www.sap.com/contactsap

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information