SAP IDM & Why You Should Have It
First of all, if you read the title of this blog and clicked the link anyway, thank you! SAP has told me that I’m not allow to mention my name or place of employment in blog posts, for reasons that I can’t understand but if you want to know this information, look up! My name is right there at the top of this post and if you click it, you’ll find out who I work for and how to contact me. I’ve been an SAP IDM developer, systems administrator, consultant, technical team lead, along with a host of other titles for the last 7 years now. In that time, it has constantly amazed me how many companies run SAP and don’t also utilize SAP’s Identity Management solution! But at this stage of my career, I’ve kind of accepted this fact and I just do what I can to inform my fellow IT / SAP professionals about what SAP IDM is and why I believe, especially if you’re a current SAP client, you should have it.
Why am I sharing this with you? It seems like a lot of SCN blogs are geared towards the technical experts. In fact, every blog post I’ve written has been targeted to the same kind of crowd; people like me. However, I wanted to write something more geared towards IT decision makers. I hope this helps to answer some of the questions people in that role might have.
First, a little more about me. I started out life in SAP IDM v7.1 as a systems administrator. I was offered the position because I was next in line for a promotion from the help desk. I really wanted off the help desk so I took it even though I’d never heard of SAP IDM in my life. That said, I love a challenge, so once I had the job and some very minimal training, I grabbed every piece of SAP issued documentation I could find, asked a lot of questions, and over the course of about 18 months, became a pretty skilled developer. Seven years and two upgrade releases to version 8.0 later and I’m still here; still building and troubleshooting environments for new clients all over the globe, right from my basement office in Toledo, Ohio.
Anyway, enough about me. What is SAP IDM and why should you have it? First, if you’re considering an IDM solution and you run SAP, this option has to be at the top of your list. It goes without saying that SAP IDM is native to the rest of SAP’s ABAP and AS Java systems. There’s also connectors for SuccessFactors, HANA Database, Novell, the list goes on. If SAP ERP is at the core of you enterprise, do you really want another IDM product managing your SAP identities?
Second, there are connectors available for many Microsoft platforms like Active Directory, Office365, Azure and SharePoint. I haven’t worked in a corporate environment yet that doesn’t run a Windows domain so this is an absolute must have. You can customize what attributes you want IDM to manage. If you have custom attributes in your AD schema, IDM can populate those too.
Third, SAP IDM sits on top of SAP’s Netweaver server, which is a Java system. Due to this open framework, you can custom develop connectors to plug SAP IDM into virtually any target system you need to manage identities on. Everything from custom APIs, REST, SOAP, SQL based databases all the way down to simple CSV drop files, IDM can communicate with virtually any repository that stores identities, either purchased from third party vendors or in-house developed.
In addition to its limitless connection capabilities, its auditing and reporting capabilities are unmatched. Every time an action takes place on an identity or the privileges within a role change, who performed the action, what that action specifically was, what the data looked like prior to the action, and the date/time of the action are all recorded. Custom reporting can be set up to call this information to the table whenever needed. Are you a publicly traded company that has to answer to auditors? The information kept in IDM’s database will prove invaluable during your next security audit.
Finally, there’s the ability to establish Role Based Access Controls, or RBAC. Many times you’ll have several people who all do the same job. There might be many HR Generalist 1 or Warehouse Labor positions in your company and they all need the same rights across two, three or more systems. With SAP IDM, you can design a role containing these privileges in more than one system, so that when that person starts on day 1 of work, they have a Windows login ID, initial password delivered to their manager, an email box and the basic access rights they need. What happens when they change job functions? IDM switches from the old RBAC role to the new one; granting all the new rights they need, building accounts in the new systems they need access to but also removing all the rights from their old jobs they no longer need. This all happens the minute an HR profile is updated.
This article was meant to reviews over some of the most common features SAP IDM can accomplish. Its capabilities are much more! Have questions as to if this platform is right for your company? Contact me! Again, I can’t actually mention my email address in this blog post but just click my name above and check out my profile. I’d love to answer any questions you might have about SAP IDM and how much I’ve enjoyed working with it all these years. If you’ve made it this far, thanks for your time and I hope to hear from you!