Identity Management for SAP NetWeaver

Manage your employees' IT lifecycle

The SAP NetWeaver Identity Management (IDM) system manages all of the business roles and authorizations for your IT systems. Identity Management enables you to fulfill your governance requirements, accelerate the system access approval process and unify business roles.

IT employee lifecycle: Manage access authorization for your employees

SAP Identity Management offers you support throughout the entire employee IT lifecycle. From entering the employee into the system for the first time to assigning user roles and authorizations, you control the entire process from a single, integrated system.

Naturally, this also applies whenever employees leave the company or change positions within the firm. You can revoke all of the permissions granted to the users and block their accounts in a single step.

Identity Management: The technology at a glance

SAP IDM is installed on the SAP NetWeaver Application Server. The application interfaces are based on Web Dynpro standard technology and can be adapted to meet your individual requirements if desired. A number of provisioning adapters are already being delivered especially for SAP systems.

  1. SAP NetWeaver Identity Management consolidates technical access authorizations into business roles. When someone is assigned this type of business role, IDM automatically sets up access permissions and roles on the backend system. But this doesn’t mean that all of the rights need to be provisioned in the backend. For example, if you have established a complex role system in SAP SEM you can simply use NetWeaver IDM to enable only system access.
  2. The Virtual Directory Server (VDS) and the Identity Center are central components of IDM. Once the employee has been entered in SAP HR, the data are first replicated in the Identity Center. Then the system determines the required authorizations based on the "role model". Finally, the technical provisioning process is carried out; i.e. automated creation of authorizations and roles takes place in Active Directory, the SAP Portal and the SAP backend.

Application scenarios for SAP Identity Management in corporate portals

New employees receive too many permissions

  • In many companies today, authorization requests are forwarded from supervisors to the responsible IT administrators via e-mail or telephone
  • This frequently results in what are known as copy errors, i.e. new employees receive the same permissions as existing employees
  • Since supervisors usually lack a transparent overview of these permissions at the time of their decision, employees receive too many permissions

No clearly comprehensible documentation of the authorization assignments

  • In many companies there is no way to obtain an overview of "which employee had which authorizations at what time"
  • If this information were ever required during an audit, it would be necessary to search for the data manually across a number of different sources

Unlocking and blocking access takes too long

  • It takes too long for employees to obtain the authorizations they need to do their job
  • As a workaround, other colleagues loan out their user IDs or access rights
  • Often authorizations remain even after employees have changed departments
  • As a rule, it is either impossible or extremely difficult to block all authorizations in critical situations, e.g. when an employee moves to a competitor

SAP Identity Management – Our offer for you!

Our qualified employees offer consulting on SAP Identity Management. Our areas of expertise include:

  • Identity Management Quick Check
  • Analysis and assessment of your current authorization assignment process
  • Development of individual, portal-based user interfaces for the IDM system
  • Implementation and launch of NetWeaver IDM in your company
  • Project management

We have introduced a special framework just for portal customers. It allows you to replace the portal-based authorizations with an SAP IDM system in a matter of days.

Do you still have questions or comments?

We would be happy to discuss your project’s unique requirements in detail. Your contact is Markus Marenbach, Managing Consultant and Managing Director at our Cologne office. Contact us »

Your advantages

  • Faster, improved preparation for external audits
  • Replacement of poorly documented, informal application processes via telephone, eMail or in person
  • Faster access to IT systems for your employees
  • Transparency for employees

 

Features at a glance

  • Complete management of the technical access authorizations in a single, unified system (Identity Center)
  • Creation of technical authorizations possible both in SAP and in third-party systems
  • Automated granting of system access rights based on business roles
  • Ad-hoc authorization requests directly within the system
  • Authorization assignment possible via workflows
 

btexx contact person

Markus Marenbach
Managing Consultant,
Managing Director at
our Cologne office

Are you interested in more detailed information about our solution? Contact us!

Send me an eMail »