Skip to Content
Business Trends
Author's profile photo Sarma Adithe

GRC Tuesdays: IAG Bridge to the Cloud

With cloud bringing simple yet powerful solutions,  organizations now have the option to choose cloud apps that best fit their business needs. This invariably introduces complexity in the landscape.  These changes, in a way, bring improved experience in some cases and increases efficiency in how they run business processes. But at the same time, managing such complex landscapes from a security perspective poses challenges (like provisioning users to different applications).

With business functions leaving the on-premise world and moving into the cloud, security and compliance teams are required to optimally manage access to all the applications across the landscape. This entails getting the right access to the right employees,  and ensuring business users get necessary access (authorization) to perform their business functions. It’s also important that these teams fulfill compliance and audit requirements.

With technology growing so fast, there is a need for simple, seamless, and adaptable tools that address such complex scenarios with ease.

Tools to Simplify the Cloud GRC Landscape

Over the past decade, organizations have adopted the comprehensive functionality of SAP Access Control to meet their SoX, Privileged access, role optimization, and auditable workflow enabled self-service access requests, with automated provisioning and other access governance requirements. SAP Access Control has helped organizations to bring their on-premise applications under this access governance domain.

Now, with the move towards enterprise digital transformation, some of the core business functions like HR, finance, expense management, and so on are leaving on-premise and moving to the cloud.

To address these complex problems that result from such a cloud move, SAP Cloud Identity Access Governance’s metric-driven access governance, role design tools, and cloud application provisioning offer simple and intuitive processes.

Introducing SAP Cloud Identity Access Governance

The SAP Cloud Identity Access Governance (SAP IAG) bridge concept introduces a way to extend powerful SAP Access Control with:

  • Connectivity to cloud applications
  • Cross-application access risk analysis, taking advantage of new and improved access analysis service from SAP Cloud Identity Access Governance
  • Remediation process with access refinement functions
  • Intuitive business role design that extracts business role proposals based on current assignments

The SAP IAG bridge concept is built with simplification by design. With this, existing SAP Access Control can be extended easily and also bring cloud applications into compliance domain.

Some of the key processes that will make this simple and seamless are:

  • Master data synchronization from SAP Access Control
  • Access Risk definitions
  • Mitigating Controls
    • Access risk mitigation
    • Applications ( connectors )
    • Access ( technical roles, business roles, groups)
    • Repository data
  • Leverage connectivity from SAP Access Control to target on-premise applications
  • Ability to configure SAP Cloud Identity Access Governance connectivity to cloud applications like SAP Ariba and SAP S/4HANA Cloud
  • Ability to extend current ruleset for cross-application(system) analysis
  • Integrated Access risk analysis into core processes like
    • SAP Access Control: access request process for simulation
    • SAP Access Control Business Role management process for simulation and analysis

So this concept of  SAP Cloud Identity Access Governance bridge makes SAP Cloud Identity Access Governance a natural extension to SAP Access Control. So now, existing and new SAP Access Control customers can capitalize on their current SAP Access Control application and take advantage of cloud business applications without compromising on access governance and compliance requirements.


We’ll be talking more about SAP Cloud Identity Access Governance at SAPPHIRE NOW + ASUG Annual Conference this June 5-7. We hope to see you there!

Learn More

  • Read our other GRC Tuesday blogs for more on governance, risk, compliance, and security issues
  • Watch the following video to learn more about the access analysis service in SAP Cloud Identity Access Governance

Assigned Tags

      1 Comment
      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Hi Sarma,
      Thank you for the explanation!
      For customers that are mostly SaaS customers (e.g. with S/4HANA Cloud, Ariba, etc.) is the recommendation to only implement IAG; or IAG + Access Controls on premises. What does Access Controls add to IAG in such a situation?