Compliant, Business-Driven Identity Management using. SAP NetWeaver Identity Management and SBOP Access Control. February 2010

Similar documents
Enterprise Software - Applications, Technologies and Programming

Budget Control by Cost Center

Understanding HR Schema and PCR with an Example

SAP Master Data Governance- Hiding fields in the change request User Interface

SAPFIN. Overview of SAP ERP Financials COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)

HR400 SAP ERP HCM Payroll Configuration

Table of Contents. How to Find Database Index usage per ABAP Report and Creating an Index

User Experience in Custom Apps

R/3 and J2EE Setup for Digital Signature on Form 16 in HR Systems

Third Party Digital Asset Management Integration

Alert Notification in SAP Supply Network Collaboration. SNC Extension Guide

Business One in Action - How can we post bank fees and charges while posting Incoming or Outgoing Payment transactions?

USDL XG WP3 SAP use case. Kay Kadner

How to Create a Support Message in SAP Service Marketplace

K in Identify the differences between the universe design tool and the information design tool

Maintaining Different Addresses and Ids for a Business Partner via CRM Web UI

Process Archiving using NetWeaver Business Process Management

Intelligent Business Operations Chapter 1: Overview & Strategy

TM111. ERP Integration for Order Management (Shipper Specific) COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)

UI Framework Simple Search in CRM WebClient based on NetWeaver Enterprise Search (ABAP) SAP Enhancement Package 1 for SAP CRM 7.0

AC200. Basics of Customizing for Financial Accounting: General Ledger, Accounts Receivable, Accounts Payable COURSE OUTLINE

SAP Portfolio and Project Management

SAP NetWeaver BRM 7.3

Data Archiving in CRM: a Brief Overview

Integrating Easy Document Management System in SAP DMS

SAP Sustainability Solutions: Achieving Customer Strategies

NetWeaver Business Client (NWBC) for Incentives and Commissions Management (ICM)

UI Framework Task Based User Interface. SAP Enhancement Package 1 for SAP CRM 7.0

Application Lifecycle Management

Portfolio and Project Management 5.0: Excel Integration for Financial and Capacity Planning

SAP Cloud Strategy - Timeless Software. Frank Stienhans on behalf of Kaj van de Loo SAP

BW Workspaces Use Cases

Integration of SAP Netweaver User Management with LDAP

Accounts Receivable. SAP Best Practices

SAP Business ByDesign Reference Systems. Scenario Outline. SAP ERP Integration Scenarios

ERP Quotation and Sales Order in CRM WebClient UI Detailed View. SAP Enhancement Package 1 for SAP CRM 7.0 CRM Sales - SFA

UI Framework Logo exchange without skin copy. SAP Enhancement Package 1 for SAP CRM 7.0

How-to-Guide: Middleware Settings for Download of IPC Configuration (KB) Data from R/3 to CRM System

RUN BETTER Become a Best-Run Business with Remote Support Platform for SAP Business One

Data Source Enhancement Using User Exit

How to Schedule Report Execution and Mailing

Log Analysis Tool for SAP NetWeaver AS Java

SOP through Long Term Planning Transfer to LIS/PIS/Capacity. SAP Best Practices

Next Generation Digital Banking with SAP

Integration of Universal Worklist into Microsoft Office SharePoint

Configuring Distribution List in Compliant User Provisioning

Sending Additional Files from SAP Netweaver PI to third Party System

SAP DSM/BRFPlus System Architecture Considerations

Secure MobiLink Synchronization using Microsoft IIS and the MobiLink Redirector

Sales Planning Detailed View. SAP Enhancement Package 1 for SAP CRM 7.0 CRM Sales - SFA

Ariba Network Integration to SAP ECC

OData in a Nutshell. August 2011 INTERNAL

Business Requirements... 3 Analytics... 3 Typical Use Cases... 8 Related Content... 9 Copyright... 10

Configuring Single Sign-on for SAP HANA

How To Use the BPC Mass User Management Tool in BPC 10.0 NW

SAP Service Tools for Performance Analysis

How To Use the ESR Eclipse Tool with the Enterprise Service Repository

Project Governance The Role Of The Business Process Owner

Download and Install Crystal Reports for Eclipse via the Eclipse Software Update Manager

Fixed Asset in SAP Business One 9.0

How to Add an Attribute to a Case, Record and a Document in NW Folder Management (ex-records Management)

GRC 10.0 Pre-Installation

AC 10.0 Centralized Emergency Access

An Up-to-Date Guide to SAP Business Workflow and Its Role Within Your SAP Infrastructure

How To Improve Your Business Process With Sap

Finding the Leak Access Logging for Sensitive Data. SAP Product Management Security

Variable Exit in Sap BI How to Start

Consume an External Web Service in a Nutshell with good old ABAP

Installation Guide Customized Installation of SQL Server 2008 for an SAP System with SQL4SAP.VBS

How to Configure Access Control for Exchange using PowerShell Cmdlets A Step-by-Step guide

SAP Central Process Scheduling (CPS) 8.0 by Redwood

AP Integration with BRFplus VERSION V APRIL SAP AG

Sample Universe on Microsoft OLAP Cube

Xcelsius Dashboards on SAP NetWaver BW Implementation Best Practices

Query, Read, Create and Update CLOUD FOR CUSTOMER ODATA SERVICE QUERY, READ, CREATE AND UPDATE

Run SAP like a Factory

BUSINESS STRUCTURE: FUNCTIONS AND PROCESSES

Mass Maintenance of Procurement Data in SAP

How To Configure MDM to Work with Oracle ASM-Based Products

Single Sign-On between SAP Portal and SuccessFactors

SAP NetWeaver MDM 7.1 Features at a Glance. November, 2011

How to Set Up an Authorization for a Business Partner in Customer Relationship Management (CRM) Internet Sales: Sample Case

Quick Guide EDI/IDoc Interfacing to SAP ECC from External System

Introducing the SAP Business One starter package. A Great Start to help you to Streamline Your Small Business

BUSINESS PROCESS MANAGEMENT

SAP Business One for iphone and ipad. Version 1.5.x January 2012

AC 10.0 Customizing Workflows for Access Management

BICS Connectivity for Web Intelligence in SAP BI 4.0. John Mrozek / AGS December 01, 2011

Unified Service Description Language Enabling the Internet of Services

Using User Exit for Variables in BEx Reporting

SAP How-To Guide: Develop a Custom Master Data Object in SAP MDG (Master Data Governance)

SAP GRC Access Control: Background jobs for risk analysis and remediation (formerly Virsa Compliance Calibrator)

B2B E-COMMERCE. B2B concepts

SAP Best Practices for Subsidiary Integration in One Client Production with Intercompany Replenishment

3 rd party Service Desk interface

Production Subcontracting (External Processing) SAP Best Practices

SAP HANA Cloud Integration Document Version: Template Guide for SAP Sales and Operations Planning

Transcription:

Compliant, Business-Driven Identity Management using SAP NetWeaver Identity Management and SBOP Access Control February 2010

Disclaimer This presentation outlines our general product direction and should not be relied on in making a purchase decision. This presentation is not subject to your license agreement or any other agreement with SAP. SAP has no obligation to pursue any course of business outlined in this presentation or to develop or release any functionality mentioned in this presentation. This presentation and SAP's strategy and possible future developments are subject to change and may be changed by SAP at any time for any reason without notice. This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. SAP assumes no responsibility for errors or omissions in this document, except if such damages were caused by SAP intentionally or grossly negligent. SAP AG 2010. All rights reserved. / Page 2

Concerns I am worried about the compliance program cost I am worried about minimizing security risks I am worried about simplifying user access SAP AG 2010. All rights reserved. / Page 3

Typical User Lifecycle Home Challenges: Long time to become productive Enormous costs and efforts Security leaks if employee leaves 7 years later 8 years later 10 years later 1 year later 3 weeks later Hire date Chuck Brown joins company Available: Temporary accounts Chuck Brown is able to work in accounting Available: E-Mail Portal Internet Accounting Chuck Brown transfers to sales Available: E-Mail Portal Internet Accounting CRM (west) Marketing data (west) Chuck Brown is promoted: Vice President Sales Available: E-Mail Portal Internet Accounting CRM (global) Marketing data (global) Chuck Brown resigns All known accounts of Chuck Brown are deactivated Chuck Brown still has access to the system Available: Accounting Marketing data (global) SAP AG 2010. All rights reserved. / Page 4

Agenda 1. What is Compliant Identity Management? 2. Technical Details 3. Best Practice SAP AG 2010. All rights reserved. / Page 5

SAP NetWeaver Identity Management Holistic Approach IDM triggered by identity business processes and data e.g. Order2Cash Business process relies on appropriate user and role assignments in systems e.g. on-boarding Compliance checks through GRC SAP Business Suite Integration SAP BusinessObjects Access Control (GRC) Identity virtualization and identity as service SAP NetWeaver Identity Management Approval workflows Central Identity Store Identity mgmt. monitoring & audit Rule-based assignment of business roles Password management Provisioning to SAP and non-sap systems SAP AG 2010. All rights reserved. / Page 6

SAP BusinessObjects Access Control: Sustainable prevention of segregation of duties violations Audit Oversight Access Risk analysis Remediation Control Environment Cross-platform Cross-function Identity Management Risk analysis and remediation Compliant user provisioning IT Infrastructure Periodic Access Review and Audit Enterprise role management Cross-enterprise library of best practice segregation of duties rules Regulations Rules Corporate Policies FIN SCM SRM MFG HR Superuser privilege management SAP_ALL Best Practices Minimal time to compliance Quick, effective and comprehensive access risk identification Elimination of existing access and authorization risks is key Continuous access management Improve productivity of end users Reduce cost of role maintenance Avoid business obstructions with faster emergency response Ease compliance and avoid authorization risk Effective management oversight Capabilities for Management Oversight Capabilities Internal Audit SAP AG 2010. All rights reserved. / Page 7

SAP BusinessObjects Access Control (GRC) & SAP NetWeaver IDM Integration SAP NetWeaver Identity Management SAP NetWeaver Identity Management Rule-based business role assignment Heterogeneous connectivity Extended SAP Business Suite integration Password self-service SAP BusinessObjects Access Control (GRC) SAP BusinessObjects Access Control (GRC) Compliance checks Business risk controls and mitigation Combined SAP NetWeaver Identity Management SAP BusinessObjects Access Control (GRC) Compliant, business-driven Identity Management for the entire system landscape! SAP AG 2010. All rights reserved. / Page 8

Agenda 1. What is Compliant Identity Management? 2. Technical Details 3. Best Practice SAP AG 2010. All rights reserved. / Page 9

Compliant, Business-Driven Identity Management Requirement: Provide automated, position-based role management while ensuring compliance Reduce TCO by simplifying assignment of roles and privileges to users, triggered by HCM events Reduce risk through compliance checks and remediation Automate manual processes through integration with SAP Business Suite New Hire Calculate entitlements based on position Compliance check Remediation Approve assignments Yes Create user Assign roles Create User Assign roles No Create User Assign privileges HCM SAP NetWeaver Identity Management SAP BusinessObjects Access Control Line Manager Landscape SAP AG 2010. All rights reserved. / Page 10

Compliant, Business-Driven Identity Management Process Flow 1 Request Role Assignment 4 Risk analysis SAP BusinessObjects Access Control (GRC) RAR CUP 5 Risk mitigation Forward request for risk analysis 6 Risk status SAP NetWeaver Identity Management 3 VDS Provisioning to target systems Manager approval 7 IC 2 Notification to User / Manager 8

Agenda 1. What is Compliant Identity Management? 2. Technical Details 3. Best Practice SAP AG 2010. All rights reserved. / Page 12

Centralized Provisioning Customer Best Practice - General Recommendation SAP BusinessObjects Access Control (GRC) SAP NetWeaver Identity Management Provisioning to SAP and non-sap systems SAP AG 2010. All rights reserved. / Page 13

Centralized Provisioning Details Create role assignment request in Identity Management (Identity Center) Automatic (using certain rules, e.g. department assignment) Manual (per user request) Pre-process request in Identity Management (Identity Center) Assignments require compliance check Assignments do not require compliance check Request processing & risk analysis in Compliant User Provisioning Risk violations found No Risk violations found Request rerouted to manual workflow declined approved Identity Management reads request status No provisioning Identity Management starts provisioning SAP AG 2010. All rights reserved. / Page 14

Further Information SAP Public Web: SAP Developer Network (SDN): www.sdn.sap.com/irj/sdn/nw-identitymanagement Business Process Expert (BPX) Community: www.bpx.sap.com Related SAP Education and Certification Opportunities http://www.sap.com/education/ TZNWIM - SAP NetWeaver Identity Management 7.1 SAP AG 2010. All rights reserved. / Page 15

Thank You!

Copyright 2010 SAP AG All Rights Reserved No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, System z9, z10, z9, iseries, pseries, xseries, zseries, eserver, z/vm, z/os, i5/os, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Sun Microsystems, Inc. JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP Business ByDesign, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects S.A. in the United States and in other countries. Business Objects is an SAP company. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warrant. SAP AG 2010. All rights reserved. / Page 17