Skip to Content
Product Information
Author's profile photo Thomas Frenehard

GRC Tuesdays: What really is SAP Governance, Risk, and Compliance (GRC)? – Focus on the Identity and Access Governance pillar

This third blog on the “What is really SAP Governance, Risk, and Compliance (GRC)?” series will focus on the identity and access governance aspects of the portfolio.

 

Optimizing digital identities across the enterprise

 

In most cases, supporting the increasing number and complexity of enterprise applications, but also the different types of authorization models, is mostly done by applying manual administrative processes.

This often leads to a lack of visibility into user authorizations and access risks but also an inability to prevent access risk violations.

To be able to effectively manage this process, companies need consistent user and access management across all applications – including in growing hybrid landscapes, with strict compliance needs in segregation of duties for business-critical and financial applications.

This is precisely why the SAP solutions for Identity and Access Governance have been designed: to provide the key capabilities to manage system accounts and help ensure the correct authorization assignments.

 

SAP Access Control – Detect and remediate access risk violations

 

Features and functionalities:

* Analyze risk to find and remediate segregation of duties and critical access violations

* Provision users to automate access administration for enterprise applications

* Maintain roles in business terms

* Certify authorizations to ensure that access assignments are still warranted

* Monitor privileges including emergency access and transaction usage

 

SAP Cloud Identity Access Governance – Simplify access management in complex Cloud and OnPremise environments

 

Features and functionalities:

* Access analysis to refine user assignments and manage controls

* Role design to optimize role definition and streamline governance

* Access request to optimize access, workflows but also policy-based assignment

* Access certification by reviewing access, roles, risks, and mitigating controls

* Privileged access management to achieve account-based access, log consolidation, and review with automated log assessment

 

SAP Identity Management – Cover the entire identity lifecycle, business-driven and compliant

 

Features and functionalities:

* Hiring to enable new employees to log on to all relevant systems, including access to employee self-services

* Substitution to answer the question of who has adequate permissions to fill-in for a co-worker

* Promotion & new position to automatically adjust permissions if someone is promoted to a new position

* Resignation & termination to make sure that all accesses are removed for the particular employee immediately if they leave the company

 

SAP Single Sign-On – Secure authentication, single sign-on and more

 

Features and functionalities:

* Productivity to enable end-users to focus on business tasks instead of manual authentication

* Secure authentication to reduce exposure to cyber-attacks by mitigating the risks of insecure passwords

* Simplicity to quickly implement a foundation for secure access and extend it over time

* Landscape security to enable secure communication with certificate lifecycle management and encryption

 

SAP Dynamic Authorization Management by NextLabs – Enhance security for data and business applications

 

Features and functionalities:

* Automate controls with single policy platform to centralize and automate data and application security

* Secure access for consistent and on-the-fly access enforcement with dynamic authorization

* Prevent violations to minimize fraud but also prevent compliance and security violations

* Gain insight to monitor data and application activity

 

SAP Access Violation Management by Pathlock (formerly known as Greenlight) – Manage and control access risk and assess its financial impact

 

Features and functionalities:

* Extend the capabilities of SAP Access Control across enterprise systems

* Notify business owners when segregation of duties violations are executed

* Monitor to correlate business transactions to users to identify materialized segregation of duties violations

* Report for a summary of the financial exposure due to segregation of duties violations

I hope this helps in introducing the Identity and Access Governance offering from SAP’s Governance, Risk, and Compliance portfolio.

As a reminder, you can find all the other blogs in this series listed below:

I look forward to reading your thoughts and comments either on this blog or on Twitter @TFrenehard

Assigned Tags

      2 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Claudia Ahl
      Claudia Ahl

      I'm searching for information about the future of Identity and Access Governance in particular Access Controll for the ondemand solution. In the Availabliity Matrix everything ends on the 31.12.2025.
      Are there any plans already published?

      Author's profile photo Thomas Frenehard
      Thomas Frenehard
      Blog Post Author

      Hello Claudia,

      First of all, thank you for your comment.

      Concerning the future of SAP solutions, including SAP Access Control or SAP Cloud Identity Access Governance, please see the SAP Road Map Explorer tool available at the following location: SAP Product Road Maps

      This tool is regularly updated as soon as public information is released.

      Kind regards,

      Thomas