SAP Cloud Identity Access Governance (IAG) Overview and Updates
SAP Cloud Identity Access Governance(IAG) is SAP’s latest innovation for Access Governance. After a highly successful SAP Access Control 12.0 release, SAP has now released some of the latest innovations on the SAP Cloud Identity Access Governance application. SAP Cloud Identity Access Governance (IAG) is a multi-tenant solution built on top of SAP Business Technology Platform (BTP) and SAP’s proprietary HANA database.
SAP Cloud Identity Access Governance(IAG) is bundled with SAP Business Technology Platform(BTP) Identity Provisioning Service(IPS) and Identity Authentication Service(IAS).
**SAP Cloud Identity Access Governance(IAG) 2205 (May,2022) version is now released with product enhancements in the areas of Ariba Integration( via SCIM API) , Mitigation Assignment Reporting, Management of User IDs mapped through multiple cloud applications, Added authorization checks for Access Control bridge integration, Conditional UI fields and more.**
**SAP Cloud Identity Access Governance(IAG) 2202(February,2022) version is now released with product enhancements in areas of integration with SAP Concur, SAP Sales Cloud, SAP Service Cloud, SAP Advanced Financial Closing and SAP Intelligent Asset Management**
**SAP Cloud Identity Access Governance(IAG) 2108 version is released with product enhancements in areas such as customizing workflows for access management, additional properties to support OAuth 2.0 Authentication for SAP Successfactors, support for provisioning of universal unique ID(UUID) for SAP S/4HANA**
**SAP Cloud Identity Access Governance (IAG) 2105 version is released with enhancements in areas such as extending User Access Review(UAR) for cloud solutions to SAP Access Control through the AC-IAG Bridge Scenario.**
**With SAP Cloud Identity Access Governance (IAG) 2102 release customers can now integrate non-SAP solutions based on Open System for Cross-Domain Identity Management(SCIM)**
SAP Cloud Identity Access Governance (IAG) provides out of the box integration with SAP’s latest cloud applications such as SAP Ariba, SAP Successfactors, SAP S/4HANA Cloud, SAP Analytics Cloud and other cloud solutions with many more SAP and non-SAP integrations on the roadmap..
SAP Cloud Identity Access Governance (IAG) helps customers achieve access control and governance through the below key services:
Access Request Service provides customers the opportunity to utilize self service access request forms for user and role provisioning into the Cloud applications along with the power of workflow driven access provisioning mechanisms along with any other features.
The Role Design allows users to design access roles with the power of Machine Learning (ML) based algorithms to optimally define and refine the required roles with a bottom up approach.
The Access Certification service in the Cloud Identity Access Governance (IAG) provides the option to certify access spread across multiple cloud solutions by allowing reviewers to regularly audit and certify the roles assigned.
The Access Analysis service is primarily the application meant for security administrators and compliance teams to analyze access risks across cloud applications and refine or remediate access according to the auditory requirements.
**IAG Release 2005: We have released a risk ruleset library to detect access needing Segregation of Duties in SAP Cloud applications such as SAP S/4HANA Cloud, SAP Ariba and SAP Successfactors**
Privileged Access Management
Privilege Access Management is another service which is provided in the Cloud Identity Access Governance (IAG) solution to monitor, report, audit and take action against any critical access in a critical environment such Cloud application
Cloud Identity Access Governance (IAG) is maintained by SAP DevOps which is responsible for the constant upkeep, maintenance and pushing in new enhancements.
**Privileged Access Management(PAM) is now beta-released(for ABAP connectors) in the latest IAG 2005 release for Privileged Access provisioning and privileged/emergency access monitoring(Firefighter) through the Cloud IAG application.**
SAP Access Control-IAG Bridge
The most talked about feature of Cloud Identity Access Governance (IAG) is the SAP Access Control-IAG bridge which provides customers the flexibility of continuing to use their existing SAP Access Control 12.0 environment as the primary system for Access Control and have the IAG bridge take care of the Access Control services or applications for the cloud environment.
If you are a SAP MaxAttention/Active Attention customer, please contact your Technical Quality Manager(TQM) to know more about the SAP service offerings. For all other existing or potential SAP customers please get in touch with your SAP Account Executive(AE) for solution or service subscriptions.
SAP North America CoE Lead: Saksham Minocha