Skip to Content
Product Information

SAP Cloud Identity Access Governance (IAG) Overview and Updates

SAP Cloud Identity Access Governance is SAP’s latest innovation for Access Governance. After a highly successful SAP Access Control 12.0 release, SAP has now released some of the game-changing innovations on the SAP Cloud Identity Access Governance application. SAP Cloud Identity Access Governance (IAG) is a multi-tenant solution built on top of  SAP Cloud Platform (SCP) and SAP’s proprietary HANA database.

**SAP Cloud Identity Access Governance (IAG) 2005 version is released for SAP Cloud Foundry.**

SAP Cloud Identity Access Governance (IAG) provides out of the box integration with SAP’s latest cloud applications such as SAP Ariba, SAP Successfactors, SAP S/4HANA Cloud, SAP Analytics Cloud and other cloud solutions with many more SAP and non-SAP integrations on the roadmap.

SAP plans to leverage the System for Cross-domain Identity Management (SCIM) protocol to provide integrations with Non-SAP applications and embrace the journey towards Digital Transformation in the cloud world.


Cloud IAG Services


SAP Cloud Identity Access Governance (IAG) helps customers achieve access control and governance through the below key services:

Access Request

Access Request Service provides customers the opportunity to utilize self service access request forms for user and role provisioning into the Cloud applications along with the power of workflow driven access provisioning mechanisms along with any other features.

Role Design

The Role Design allows users to design access roles with the power of Machine Learning (ML) based algorithms to optimally define and refine the required roles with a bottom up approach.

Access Certification

The Access Certification service in the Cloud Identity Access Governance (IAG) provides the option to certify access spread across multiple cloud solutions by allowing reviewers to regularly audit and certify the roles assigned.

Access Analysis

The Access Analysis service is primarily the application meant for security administrators and compliance teams to analyze access risks across cloud applications and refine or remediate access according to the auditory requirements.

**IAG Release 2005: We have released a risk ruleset library to detect access needing Segregation of Duties in SAP Cloud applications such as SAP S/4HANA Cloud, SAP Ariba and SAP Successfactors**

Privileged Access Management

Privilege Access Management is another service which is provided in the Cloud Identity Access Governance (IAG) solution to monitor, report, audit and take action against any critical access in a critical environment such Cloud application

Cloud Identity Access Governance (IAG) is maintained by SAP DevOps which is responsible for the constant upkeep, maintenance and pushing in new enhancements.

**Privileged Access Management(PAM) is now beta-released in the latest IAG 2005 release for Privileged Access provisioning and privileged/emergency access monitoring(Firefighter) through the Cloud IAG application.**

SAP Access Control-IAG Bridge

The most talked about feature of Cloud Identity Access Governance (IAG) is the SAP Access Control-IAG bridge which provides customers the flexibility of continuing to use their existing SAP Access Control 12.0 environment as the primary system for Access Control and have the IAG bridge take care of the Access Control services or applications for the cloud environment.

1 Comment
You must be Logged on to comment or reply to a post.
  • Hi Saksham,

    Excellent blog content. I have a question why is user management different in IAG as compared to S/4 HANA cloud? In S/4 HANA cloud role assignment in done using the apps in S/4 HANA cloud whereas for IAG we assign the roles for the services in cloud cockpit instead of in IAG. Similarly “Intelligent asset management” also maintains role assignment via cloud cockpit. How are some cloud applications differing from others in this aspect. Hope I was able to word my question properly, any help would be greatly appreciated.