SlideShare a Scribd company logo

IdM FinalVer

Kiril Anastasov
Kiril Anastasov
1 of 21
Download to read offline
www.ibsolution.bg . © IBSolution Bulgaria EOOD SAP NetWeaver Identity Management Kiril Anastasov
www.ibsolution.bg . © IBSolution Bulgaria EOOD AGENDA 1. SAP NetWeaver Identity Management 2. Use Cases 3. Access Control or Governance, risk and compliance (GRC) 4. Single Sign On (SSO)
www.ibsolution.bg . © IBSolution Bulgaria EOOD What is SAP Identity Management ? The whole idea of Identity management is the ability to take users information and put it into a database, especially in SAP environment for being able to provision their proper roles and access. What SAP modules in an organization they need to be able to use. We do not want to reduce their access and we do not want to give them extended access. IdM end up enforcing the rules, making sure that everything is set correctly. Without IdM it is a manual process. When someone joins the company, HR submits an assignment with the information about the Employee and put everything to HCM, but where does it go after that. How do we get it to all the various SAP Modules . IdM is a central repository and we can put workflows so that we are able to put people exactly where they need to be in the organization , where they are in the hierarchy and where they are geographically. IdM Slide 3
www.ibsolution.bg . © IBSolution Bulgaria EOOD Why bother with IdM ? What is the alternative for IdM ? • A lot of spreadsheets. • A lot of emails. • A lot of printed forms. Consequences of working without IdM • Manual work prone to mistakes. • Less efficient process. • No audit reports. • Security threats. IdM Slide 4
www.ibsolution.bg . © IBSolution Bulgaria EOOD IdM History & Central User Administration • SAP bought Norwegian company MaXware in 2007. • MaXware and SAP had many shared Fortune 500 companies as customers and acquisition was natural. • In 2014 SAP decided to move the IdM development from Norway to Bulgaria. • The latest version is 8.0 which is Eclipse based. Central User Administration • CUA was designed to save money and resources managing large number of users. • CUA is used for maintaining user master records centrally in one system. • When the data is modified, then it is automatically updated in the other SAP systems. • Data can be exchanged in a controlled way and kept consistent. • CUA is used for authorization and role management of SAP systems. • CUA can be used only with SAP systems. • CUA will not evolve and SAP recommends using SAP IdM instead. Background & CUA Slide 5
www.ibsolution.bg . © IBSolution Bulgaria EOOD SAP Identity Management Features • IdM can be used for both SAP and non-SAP like Microsoft Active Directory (AD) heterogeneous systems and can be integrated with CUA on premise and in the cloud. • Provisioning, workflow and approvals: Business rules define user access across different systems. Provisioning users is quickly and statistics are available on audits. • Reporting and auditing: Extensive auditing functionalities enable you to produce statistics based on current access and past events. These reports can be used safely to find out if a person had access to the application. • Identity virtualization: Centralized view of the users and identity services with VDS. • Password management: self-service password reset and password synchronization across all systems. • Business Roles: Users are assigned roles and given certain privileges. • Integration with Access Control or Governance, risk and compliance (GRC). • Integration with Single Sign On so users will need only one password. Features Slide 6
www.ibsolution.bg . © IBSolution Bulgaria EOOD Business Roles • High level descriptions of positions like HR or Manager. • One Business Role can have multiple Technical roles/privileges attached to it. • Business roles are defined in IdM. There are three ways to provisioning roles to people. 1. Through request/approval workflow. 2. Manually (administrator). 3. Automatically, e.g. HR-driven. Business Roles Slide 7
www.ibsolution.bg . © IBSolution Bulgaria EOOD Context-Based Role Assignments Context-Based Role Assignments : is used to reduce the number of roles and privileges in the enterprise since IdM version 7.2. Using context-based role assignment, there is no need to duplicate these roles for each factory. Context-based role assignment is beneficial when the number of roles is low and the numbers of factories are big. With 15 roles, and 20 factories you would have 300 roles in IdM version 7.1. With 15 roles, and 20 factories you would have 35 roles + contexts in IdM version 7.2. The difference with this data set is considerable, approximately 8.5 times and when the number of entries is big, than the growth will be exponential in IdM version 7.1. However, in IdM version 7.2 with context-based role assignment the growth will not be considerable. Figure 1: Context-based role assignment (SAP Identity Management Overview, 2014) Role Assignments Slide 8
www.ibsolution.bg . © IBSolution Bulgaria EOOD Technical Roles/ Privileges Technical Roles / Privileges • Represent the technical access rights in different systems (ABAP Roles, UME Roles, Portal Roles, Active Directory). • are loaded into IdM from the target systems. • are system specific. • can be granted via Self-service. Privileges Slide 9
www.ibsolution.bg . © IBSolution Bulgaria EOOD SAP Identity Center Identity Center Slide 10 SAP NetWeaver Identity Management consists of two components: • Identity Center (IC) • Virtual Directory Server (VDS) 1. Identity Center This is the primary component for identity management. Identity Center uses a centralized repository, called the identity store, to provide a uniformed view of the data, regardless of the data's original source. Identity Center enables you to control all identities within your organization, not only for employees, but also for contractors, customers, partners, and other identities that need to access your organization’s applications. Communicates with the Virtual Directory Server using the LDAP protocol. Figure 2: Identity Center (SAP Identity Management Overview, 2014)
www.ibsolution.bg . © IBSolution Bulgaria EOOD SAP Virtual Directory Service VDS Slide 11 SAP NetWeaver Identity Management consists of two components: • Identity Center (IC) • Virtual Directory Server (VDS) 2. Virtual Directory Server (VDS) VDS: can be connected to many systems such as LDAP directories or databases. A template is delivered with the VDS in order to connect to the IDM database. Using the LDAP protocol entries in the database can be viewed, updated and created. As the VDS is a virtual directory you can easily use an external LDAP client browser to connect to the VDS and obtain the same results. Figure 3: VDS (SAP Identity Management Overview, 2014)
www.ibsolution.bg . © IBSolution Bulgaria EOOD Use case 1 Figure 4: Typical employee lifecycle (SAP Identity Management Overview, 2014) Example of typical employee lifecycle Slide 12
www.ibsolution.bg . © IBSolution Bulgaria EOOD Use case 2.1 Figure 5: Start work (SAP Identity Management Overview, 2014) Start work Slide 13
www.ibsolution.bg . © IBSolution Bulgaria EOOD Use case 2.2 Figure 6: Position Change(SAP Identity Management Overview, 2014) Position Change Slide 14
www.ibsolution.bg . © IBSolution Bulgaria EOOD Use case 2.3 Figure 7: Termination (SAP Identity Management Overview, 2014) Termination Slide 15
www.ibsolution.bg . © IBSolution Bulgaria EOOD GRC Access Control Slide 16 Idm can be integrated with Access Control or Governance, risk and compliance (GRC) Reduce the cost and effort of managing your GRC initiatives with governance, risk and compliance solutions from SAP. Embed risk and compliance activities into strategy, planning, and execution. Optimise business performance by accounting for risk and reputation. • Manage risk and increase reliability. • Respond more effectively with risk indicators, events and effects. • Reduce the impact of losses through early mitigations. • Reduce access risk – as well as levels of internal fraud and loss of revenue due to employee error. • Enable efficient, cost-effective audits and ongoing compliance activities.
www.ibsolution.bg . © IBSolution Bulgaria EOOD GRC Access Control Slide 17 Figure 8: GRC (SAP Identity Management Overview, 2014)
www.ibsolution.bg . © IBSolution Bulgaria EOOD SAP NetWeaver Single Sign on SSO Slide 18 • Users need only one password for the entire landscape (AD, SAP). • Enhanced security with Kerberos like authentication. • Two factor authentication (password and fingerprint). Two factor authentication(device and password) Figure 9: SSO (SAP Identity Management Overview, 2014)
www.ibsolution.bg . © IBSolution Bulgaria EOOD Summary In this presentation we have covered the most important topics about SAP Netweaver Identity Management including: • What is SAP Identity Management ? • IdM history & features. • CUA. • IC & VDS. • GRC and SSO integration. If you still maintain users manually in different systems like SAP, AD and Lotus Notes SAP NetWeaver Identity Management can help you to automate the process and save you time, money and a lot of nerves. Finally Slide 19
www.ibsolution.bg . © IBSolution Bulgaria EOOD THE END Identity Management LinkedIn: https://bg.linkedin.com/in/kanastasov Email: Kiril.Anastasov@ibsolution.bg
www.ibsolution.bg . © IBSolution Bulgaria EOOD References: Policove, M. (2014), SAP Identity Management, Available at: https://www.youtube.com/watch?v=7jhSKJsnmq8 (Accessed: 29 July 2015). Leonard, C. (2012), Virtual Directory Server – Accessing the Identity Store, Available at: http://wiki.scn.sap.com/wiki/display/Security/Virtual+Directory+Server+-+Accessing+the+Identity+Store (Accessed: 29 July 2015). SAP (2014), SAP Identity Management Overview, Available at: http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/c050ee1b-3a55-3210-56b8- a390b2c80a5d?QuickLink=index&overridelayout=true&59661390715821 (Accessed: 29 July 2015). SAP (2014), Central User Administration, Available at: http://help.sap.com/saphelp_nw70ehp2/helpdata/en/bf/b0b13bb3acd607e10000000a11402f/content.htm (Accessed: 29 July 2015). SAP (2014), SAP solutions for GRC, Available at: http://issuu.com/grcebook/docs/sap_solutions_for_grc_ebook (Accessed: 29 July 2015). SAP (2013), Secure One-Time Systemwide Authentication with SAP NetWeaver® Single Sign-On, Available at: http://www.sap.com/bin/sapcom/en_us/downloadasset.2011-09-sep-22-14.sap-netweaver-single-sign-on-for-high-productivity-and- security-in-your-company-pdf.html (Accessed: 29 July 2015). SAP (2012), Business-Driven, Compliant Identity Management, Available at: http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/90c5aa16-1861-2e10-ae82- 9e4a34f1c42d?QuickLink=index&overridelayout=true&59661390715881 (Accessed: 29 July 2015). Slide 21

Recommended

SAP Identity Management Overview
SAP Identity Management OverviewSAP Identity Management Overview
SAP Identity Management OverviewSAP Technology
 
Identity Management: What Solution is Right for You?
Identity Management: What Solution is Right for You?Identity Management: What Solution is Right for You?
Identity Management: What Solution is Right for You?C/D/H Technology Consultants
 
Iam suite introduction
Iam suite introductionIam suite introduction
Iam suite introductionwardell henley
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Identacor
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTGlobal Online Trinings
 
Building Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementBuilding Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementGovernment Technology Exhibition and Conference
 
Large Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerLarge Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerHitachi ID Systems, Inc.
 
Identiverse 2021 enterprise identity: What foundations
Identiverse 2021 enterprise identity: What foundationsIdentiverse 2021 enterprise identity: What foundations
Identiverse 2021 enterprise identity: What foundationsBertrand Carlier
 

Recommended

SAP Identity Management Overview
SAP Identity Management OverviewSAP Identity Management Overview
SAP Identity Management OverviewSAP Technology
 
Identity Management: What Solution is Right for You?
Identity Management: What Solution is Right for You?Identity Management: What Solution is Right for You?
Identity Management: What Solution is Right for You?C/D/H Technology Consultants
 
Iam suite introduction
Iam suite introductionIam suite introduction
Iam suite introductionwardell henley
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Identacor
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTGlobal Online Trinings
 
Building Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementBuilding Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementGovernment Technology Exhibition and Conference
 
Large Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerLarge Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerHitachi ID Systems, Inc.
 
Identiverse 2021 enterprise identity: What foundations
Identiverse 2021 enterprise identity: What foundationsIdentiverse 2021 enterprise identity: What foundations
Identiverse 2021 enterprise identity: What foundationsBertrand Carlier
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTGlobal Online Trainings
 
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsIdentity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsAlain Huet
 
ITIL - IAM (Access Management)
ITIL - IAM (Access Management)ITIL - IAM (Access Management)
ITIL - IAM (Access Management)Josep Bardallo
 
IBM Security Identity & Access Manager
IBM Security Identity & Access ManagerIBM Security Identity & Access Manager
IBM Security Identity & Access ManagerIBM Sverige
 
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...Profesia Srl, Lynx Group
 
Overview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineOverview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineNovell
 
Overview of Oracle Identity Management - Customer Presentation
Overview of Oracle Identity Management - Customer PresentationOverview of Oracle Identity Management - Customer Presentation
Overview of Oracle Identity Management - Customer PresentationDelivery Centric
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101Jerod Brennen
 
Id m what-why-how presentationv2.0
Id m what-why-how presentationv2.0Id m what-why-how presentationv2.0
Id m what-why-how presentationv2.0John Bernhard
 
Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1OracleIDM
 
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...IBM Security
 
Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3Atul Goyal
 
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...Fédération d’identité : des concepts Théoriques aux études de cas d’implément...
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...e-Xpert Solutions SA
 
SAP GRC
SAP GRC SAP GRC
SAP GRC Kellton Tech Solutions Ltd
 
Oracle IDAM overview
Oracle IDAM overviewOracle IDAM overview
Oracle IDAM overviewEslam Hafez
 
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerRole Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerProlifics
 
Oracle Identity Governance - Customer Presentation
Oracle Identity Governance - Customer PresentationOracle Identity Governance - Customer Presentation
Oracle Identity Governance - Customer PresentationDelivery Centric
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 
Sailpoint Online Training on IAM overview
Sailpoint Online Training on IAM overviewSailpoint Online Training on IAM overview
Sailpoint Online Training on IAM overviewITJobZone.biz
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access ManagementDLT Solutions
 
IBSolution Bulgaria at SAP World tour 2011
IBSolution Bulgaria at SAP World tour 2011IBSolution Bulgaria at SAP World tour 2011
IBSolution Bulgaria at SAP World tour 2011ivanparvanov
 
Agilewiz PaaS, SaaS, Web 2.5, Platform Technology, BPO Platform Technology,Di...
Agilewiz PaaS, SaaS, Web 2.5, Platform Technology, BPO Platform Technology,Di...Agilewiz PaaS, SaaS, Web 2.5, Platform Technology, BPO Platform Technology,Di...
Agilewiz PaaS, SaaS, Web 2.5, Platform Technology, BPO Platform Technology,Di...Akshay Shah
 

More Related Content

What's hot

Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTGlobal Online Trainings
 
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsIdentity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsAlain Huet
 
ITIL - IAM (Access Management)
ITIL - IAM (Access Management)ITIL - IAM (Access Management)
ITIL - IAM (Access Management)Josep Bardallo
 
IBM Security Identity & Access Manager
IBM Security Identity & Access ManagerIBM Security Identity & Access Manager
IBM Security Identity & Access ManagerIBM Sverige
 
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...Profesia Srl, Lynx Group
 
Overview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineOverview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineNovell
 
Overview of Oracle Identity Management - Customer Presentation
Overview of Oracle Identity Management - Customer PresentationOverview of Oracle Identity Management - Customer Presentation
Overview of Oracle Identity Management - Customer PresentationDelivery Centric
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101Jerod Brennen
 
Id m what-why-how presentationv2.0
Id m what-why-how presentationv2.0Id m what-why-how presentationv2.0
Id m what-why-how presentationv2.0John Bernhard
 
Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1OracleIDM
 
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...IBM Security
 
Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3Atul Goyal
 
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...Fédération d’identité : des concepts Théoriques aux études de cas d’implément...
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...e-Xpert Solutions SA
 
Oracle IDAM overview
Oracle IDAM overviewOracle IDAM overview
Oracle IDAM overviewEslam Hafez
 
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerRole Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerProlifics
 
Oracle Identity Governance - Customer Presentation
Oracle Identity Governance - Customer PresentationOracle Identity Governance - Customer Presentation
Oracle Identity Governance - Customer PresentationDelivery Centric
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 
Sailpoint Online Training on IAM overview
Sailpoint Online Training on IAM overviewSailpoint Online Training on IAM overview
Sailpoint Online Training on IAM overviewITJobZone.biz
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access ManagementDLT Solutions
 

What's hot (20)

Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
 
Identity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling conceptsIdentity and Access Management - Data modeling concepts
Identity and Access Management - Data modeling concepts
 
ITIL - IAM (Access Management)
ITIL - IAM (Access Management)ITIL - IAM (Access Management)
ITIL - IAM (Access Management)
 
IBM Security Identity & Access Manager
IBM Security Identity & Access ManagerIBM Security Identity & Access Manager
IBM Security Identity & Access Manager
 
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le id...
 
Overview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineOverview of Identity and Access Management Product Line
Overview of Identity and Access Management Product Line
 
Overview of Oracle Identity Management - Customer Presentation
Overview of Oracle Identity Management - Customer PresentationOverview of Oracle Identity Management - Customer Presentation
Overview of Oracle Identity Management - Customer Presentation
 
Identity and Access Management 101
Identity and Access Management 101Identity and Access Management 101
Identity and Access Management 101
 
Id m what-why-how presentationv2.0
Id m what-why-how presentationv2.0Id m what-why-how presentationv2.0
Id m what-why-how presentationv2.0
 
Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1Platform approach-series-building a-roadmap-finalv1
Platform approach-series-building a-roadmap-finalv1
 
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
Managing Identity from the Cloud: Transformation Advantages at VantisLife Ins...
 
Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3
 
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...Fédération d’identité : des concepts Théoriques aux études de cas d’implément...
Fédération d’identité : des concepts Théoriques aux études de cas d’implément...
 
SAP GRC
SAP GRC SAP GRC
SAP GRC
 
Oracle IDAM overview
Oracle IDAM overviewOracle IDAM overview
Oracle IDAM overview
 
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerRole Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy Modeler
 
Oracle Identity Governance - Customer Presentation
Oracle Identity Governance - Customer PresentationOracle Identity Governance - Customer Presentation
Oracle Identity Governance - Customer Presentation
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
 
Sailpoint Online Training on IAM overview
Sailpoint Online Training on IAM overviewSailpoint Online Training on IAM overview
Sailpoint Online Training on IAM overview
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access Management
 

Similar to IdM FinalVer

IBSolution Bulgaria at SAP World tour 2011
IBSolution Bulgaria at SAP World tour 2011IBSolution Bulgaria at SAP World tour 2011
IBSolution Bulgaria at SAP World tour 2011ivanparvanov
 
Agilewiz PaaS, SaaS, Web 2.5, Platform Technology, BPO Platform Technology,Di...
Agilewiz PaaS, SaaS, Web 2.5, Platform Technology, BPO Platform Technology,Di...Agilewiz PaaS, SaaS, Web 2.5, Platform Technology, BPO Platform Technology,Di...
Agilewiz PaaS, SaaS, Web 2.5, Platform Technology, BPO Platform Technology,Di...Akshay Shah
 
Cloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service OptionCloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service OptionDenodo
 
CSI Authorization Auditor 2014 Brochure
CSI Authorization Auditor 2014 BrochureCSI Authorization Auditor 2014 Brochure
CSI Authorization Auditor 2014 BrochureCSI tools
 
[WSO2Con EU 2017] IAM: Catalyst for Digital Transformation
[WSO2Con EU 2017] IAM: Catalyst for Digital Transformation[WSO2Con EU 2017] IAM: Catalyst for Digital Transformation
[WSO2Con EU 2017] IAM: Catalyst for Digital TransformationWSO2
 
Mt26 identity management as a service
Mt26 identity management as a serviceMt26 identity management as a service
Mt26 identity management as a serviceDell World
 
Jade Global Oracle Analytics Cloud Services (OAC)
Jade Global Oracle Analytics Cloud Services (OAC)Jade Global Oracle Analytics Cloud Services (OAC)
Jade Global Oracle Analytics Cloud Services (OAC)Jade Global
 
Developer Conference 2.1 - (Cloud) First Steps to the Cloud
Developer Conference 2.1 - (Cloud) First Steps to the CloudDeveloper Conference 2.1 - (Cloud) First Steps to the Cloud
Developer Conference 2.1 - (Cloud) First Steps to the CloudMicro Focus
 
ING webcast platform
ING webcast platformING webcast platform
ING webcast platformOracleIDM
 
Experiences in federated access control for UK e-Science
Experiences in federated access control for UK e-ScienceExperiences in federated access control for UK e-Science
Experiences in federated access control for UK e-ScienceEduserv Foundation
 
IBM Spectrum Scale and Its Use for Content Management
IBM Spectrum Scale and Its Use for Content Management IBM Spectrum Scale and Its Use for Content Management
IBM Spectrum Scale and Its Use for Content ManagementSandeep Patil
 
Swapnil_Shelke_SAP_EP_Developer_2016
Swapnil_Shelke_SAP_EP_Developer_2016Swapnil_Shelke_SAP_EP_Developer_2016
Swapnil_Shelke_SAP_EP_Developer_2016Swapnil Shelke
 
Three Dimensions of Data as a Service
Three Dimensions of Data as a ServiceThree Dimensions of Data as a Service
Three Dimensions of Data as a ServiceDenodo
 
SailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfSailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfVishnuGone
 
How to excite the travel industry with a BPM story
How to excite the travel industry with a BPM storyHow to excite the travel industry with a BPM story
How to excite the travel industry with a BPM storyEric D. Schabell
 
Experiences in federated access control for UK e-Science
Experiences in federated access control for UK e-ScienceExperiences in federated access control for UK e-Science
Experiences in federated access control for UK e-ScienceEduserv
 
Paradigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access ManagementParadigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access ManagementJulie Beuselinck
 

Similar to IdM FinalVer (20)

IBSolution Bulgaria at SAP World tour 2011
IBSolution Bulgaria at SAP World tour 2011IBSolution Bulgaria at SAP World tour 2011
IBSolution Bulgaria at SAP World tour 2011
 
Agilewiz PaaS, SaaS, Web 2.5, Platform Technology, BPO Platform Technology,Di...
Agilewiz PaaS, SaaS, Web 2.5, Platform Technology, BPO Platform Technology,Di...Agilewiz PaaS, SaaS, Web 2.5, Platform Technology, BPO Platform Technology,Di...
Agilewiz PaaS, SaaS, Web 2.5, Platform Technology, BPO Platform Technology,Di...
 
Cloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service OptionCloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service Option
 
Identity and Access Lifecycle Automation
Identity and Access Lifecycle AutomationIdentity and Access Lifecycle Automation
Identity and Access Lifecycle Automation
 
CSI Authorization Auditor 2014 Brochure
CSI Authorization Auditor 2014 BrochureCSI Authorization Auditor 2014 Brochure
CSI Authorization Auditor 2014 Brochure
 
[WSO2Con EU 2017] IAM: Catalyst for Digital Transformation
[WSO2Con EU 2017] IAM: Catalyst for Digital Transformation[WSO2Con EU 2017] IAM: Catalyst for Digital Transformation
[WSO2Con EU 2017] IAM: Catalyst for Digital Transformation
 
Mt26 identity management as a service
Mt26 identity management as a serviceMt26 identity management as a service
Mt26 identity management as a service
 
Ad507
Ad507Ad507
Ad507
 
Jade Global Oracle Analytics Cloud Services (OAC)
Jade Global Oracle Analytics Cloud Services (OAC)Jade Global Oracle Analytics Cloud Services (OAC)
Jade Global Oracle Analytics Cloud Services (OAC)
 
Developer Conference 2.1 - (Cloud) First Steps to the Cloud
Developer Conference 2.1 - (Cloud) First Steps to the CloudDeveloper Conference 2.1 - (Cloud) First Steps to the Cloud
Developer Conference 2.1 - (Cloud) First Steps to the Cloud
 
ING webcast platform
ING webcast platformING webcast platform
ING webcast platform
 
Experiences in federated access control for UK e-Science
Experiences in federated access control for UK e-ScienceExperiences in federated access control for UK e-Science
Experiences in federated access control for UK e-Science
 
IBM Spectrum Scale and Its Use for Content Management
IBM Spectrum Scale and Its Use for Content Management IBM Spectrum Scale and Its Use for Content Management
IBM Spectrum Scale and Its Use for Content Management
 
Swapnil_Shelke_SAP_EP_Developer_2016
Swapnil_Shelke_SAP_EP_Developer_2016Swapnil_Shelke_SAP_EP_Developer_2016
Swapnil_Shelke_SAP_EP_Developer_2016
 
Three Dimensions of Data as a Service
Three Dimensions of Data as a ServiceThree Dimensions of Data as a Service
Three Dimensions of Data as a Service
 
SailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfSailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdf
 
How to excite the travel industry with a BPM story
How to excite the travel industry with a BPM storyHow to excite the travel industry with a BPM story
How to excite the travel industry with a BPM story
 
Siddhartha resume (Update)
Siddhartha resume (Update)Siddhartha resume (Update)
Siddhartha resume (Update)
 
Experiences in federated access control for UK e-Science
Experiences in federated access control for UK e-ScienceExperiences in federated access control for UK e-Science
Experiences in federated access control for UK e-Science
 
Paradigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access ManagementParadigmo specialised in Identity & Access Management
Paradigmo specialised in Identity & Access Management
 

IdM FinalVer

  • 1. www.ibsolution.bg . © IBSolution Bulgaria EOOD SAP NetWeaver Identity Management Kiril Anastasov
  • 2. www.ibsolution.bg . © IBSolution Bulgaria EOOD AGENDA 1. SAP NetWeaver Identity Management 2. Use Cases 3. Access Control or Governance, risk and compliance (GRC) 4. Single Sign On (SSO)
  • 3. www.ibsolution.bg . © IBSolution Bulgaria EOOD What is SAP Identity Management ? The whole idea of Identity management is the ability to take users information and put it into a database, especially in SAP environment for being able to provision their proper roles and access. What SAP modules in an organization they need to be able to use. We do not want to reduce their access and we do not want to give them extended access. IdM end up enforcing the rules, making sure that everything is set correctly. Without IdM it is a manual process. When someone joins the company, HR submits an assignment with the information about the Employee and put everything to HCM, but where does it go after that. How do we get it to all the various SAP Modules . IdM is a central repository and we can put workflows so that we are able to put people exactly where they need to be in the organization , where they are in the hierarchy and where they are geographically. IdM Slide 3
  • 4. www.ibsolution.bg . © IBSolution Bulgaria EOOD Why bother with IdM ? What is the alternative for IdM ? • A lot of spreadsheets. • A lot of emails. • A lot of printed forms. Consequences of working without IdM • Manual work prone to mistakes. • Less efficient process. • No audit reports. • Security threats. IdM Slide 4
  • 5. www.ibsolution.bg . © IBSolution Bulgaria EOOD IdM History & Central User Administration • SAP bought Norwegian company MaXware in 2007. • MaXware and SAP had many shared Fortune 500 companies as customers and acquisition was natural. • In 2014 SAP decided to move the IdM development from Norway to Bulgaria. • The latest version is 8.0 which is Eclipse based. Central User Administration • CUA was designed to save money and resources managing large number of users. • CUA is used for maintaining user master records centrally in one system. • When the data is modified, then it is automatically updated in the other SAP systems. • Data can be exchanged in a controlled way and kept consistent. • CUA is used for authorization and role management of SAP systems. • CUA can be used only with SAP systems. • CUA will not evolve and SAP recommends using SAP IdM instead. Background & CUA Slide 5
  • 6. www.ibsolution.bg . © IBSolution Bulgaria EOOD SAP Identity Management Features • IdM can be used for both SAP and non-SAP like Microsoft Active Directory (AD) heterogeneous systems and can be integrated with CUA on premise and in the cloud. • Provisioning, workflow and approvals: Business rules define user access across different systems. Provisioning users is quickly and statistics are available on audits. • Reporting and auditing: Extensive auditing functionalities enable you to produce statistics based on current access and past events. These reports can be used safely to find out if a person had access to the application. • Identity virtualization: Centralized view of the users and identity services with VDS. • Password management: self-service password reset and password synchronization across all systems. • Business Roles: Users are assigned roles and given certain privileges. • Integration with Access Control or Governance, risk and compliance (GRC). • Integration with Single Sign On so users will need only one password. Features Slide 6
  • 7. www.ibsolution.bg . © IBSolution Bulgaria EOOD Business Roles • High level descriptions of positions like HR or Manager. • One Business Role can have multiple Technical roles/privileges attached to it. • Business roles are defined in IdM. There are three ways to provisioning roles to people. 1. Through request/approval workflow. 2. Manually (administrator). 3. Automatically, e.g. HR-driven. Business Roles Slide 7
  • 8. www.ibsolution.bg . © IBSolution Bulgaria EOOD Context-Based Role Assignments Context-Based Role Assignments : is used to reduce the number of roles and privileges in the enterprise since IdM version 7.2. Using context-based role assignment, there is no need to duplicate these roles for each factory. Context-based role assignment is beneficial when the number of roles is low and the numbers of factories are big. With 15 roles, and 20 factories you would have 300 roles in IdM version 7.1. With 15 roles, and 20 factories you would have 35 roles + contexts in IdM version 7.2. The difference with this data set is considerable, approximately 8.5 times and when the number of entries is big, than the growth will be exponential in IdM version 7.1. However, in IdM version 7.2 with context-based role assignment the growth will not be considerable. Figure 1: Context-based role assignment (SAP Identity Management Overview, 2014) Role Assignments Slide 8
  • 9. www.ibsolution.bg . © IBSolution Bulgaria EOOD Technical Roles/ Privileges Technical Roles / Privileges • Represent the technical access rights in different systems (ABAP Roles, UME Roles, Portal Roles, Active Directory). • are loaded into IdM from the target systems. • are system specific. • can be granted via Self-service. Privileges Slide 9
  • 10. www.ibsolution.bg . © IBSolution Bulgaria EOOD SAP Identity Center Identity Center Slide 10 SAP NetWeaver Identity Management consists of two components: • Identity Center (IC) • Virtual Directory Server (VDS) 1. Identity Center This is the primary component for identity management. Identity Center uses a centralized repository, called the identity store, to provide a uniformed view of the data, regardless of the data's original source. Identity Center enables you to control all identities within your organization, not only for employees, but also for contractors, customers, partners, and other identities that need to access your organization’s applications. Communicates with the Virtual Directory Server using the LDAP protocol. Figure 2: Identity Center (SAP Identity Management Overview, 2014)
  • 11. www.ibsolution.bg . © IBSolution Bulgaria EOOD SAP Virtual Directory Service VDS Slide 11 SAP NetWeaver Identity Management consists of two components: • Identity Center (IC) • Virtual Directory Server (VDS) 2. Virtual Directory Server (VDS) VDS: can be connected to many systems such as LDAP directories or databases. A template is delivered with the VDS in order to connect to the IDM database. Using the LDAP protocol entries in the database can be viewed, updated and created. As the VDS is a virtual directory you can easily use an external LDAP client browser to connect to the VDS and obtain the same results. Figure 3: VDS (SAP Identity Management Overview, 2014)
  • 12. www.ibsolution.bg . © IBSolution Bulgaria EOOD Use case 1 Figure 4: Typical employee lifecycle (SAP Identity Management Overview, 2014) Example of typical employee lifecycle Slide 12
  • 13. www.ibsolution.bg . © IBSolution Bulgaria EOOD Use case 2.1 Figure 5: Start work (SAP Identity Management Overview, 2014) Start work Slide 13
  • 14. www.ibsolution.bg . © IBSolution Bulgaria EOOD Use case 2.2 Figure 6: Position Change(SAP Identity Management Overview, 2014) Position Change Slide 14
  • 15. www.ibsolution.bg . © IBSolution Bulgaria EOOD Use case 2.3 Figure 7: Termination (SAP Identity Management Overview, 2014) Termination Slide 15
  • 16. www.ibsolution.bg . © IBSolution Bulgaria EOOD GRC Access Control Slide 16 Idm can be integrated with Access Control or Governance, risk and compliance (GRC) Reduce the cost and effort of managing your GRC initiatives with governance, risk and compliance solutions from SAP. Embed risk and compliance activities into strategy, planning, and execution. Optimise business performance by accounting for risk and reputation. • Manage risk and increase reliability. • Respond more effectively with risk indicators, events and effects. • Reduce the impact of losses through early mitigations. • Reduce access risk – as well as levels of internal fraud and loss of revenue due to employee error. • Enable efficient, cost-effective audits and ongoing compliance activities.
  • 17. www.ibsolution.bg . © IBSolution Bulgaria EOOD GRC Access Control Slide 17 Figure 8: GRC (SAP Identity Management Overview, 2014)
  • 18. www.ibsolution.bg . © IBSolution Bulgaria EOOD SAP NetWeaver Single Sign on SSO Slide 18 • Users need only one password for the entire landscape (AD, SAP). • Enhanced security with Kerberos like authentication. • Two factor authentication (password and fingerprint). Two factor authentication(device and password) Figure 9: SSO (SAP Identity Management Overview, 2014)
  • 19. www.ibsolution.bg . © IBSolution Bulgaria EOOD Summary In this presentation we have covered the most important topics about SAP Netweaver Identity Management including: • What is SAP Identity Management ? • IdM history & features. • CUA. • IC & VDS. • GRC and SSO integration. If you still maintain users manually in different systems like SAP, AD and Lotus Notes SAP NetWeaver Identity Management can help you to automate the process and save you time, money and a lot of nerves. Finally Slide 19
  • 20. www.ibsolution.bg . © IBSolution Bulgaria EOOD THE END Identity Management LinkedIn: https://bg.linkedin.com/in/kanastasov Email: Kiril.Anastasov@ibsolution.bg
  • 21. www.ibsolution.bg . © IBSolution Bulgaria EOOD References: Policove, M. (2014), SAP Identity Management, Available at: https://www.youtube.com/watch?v=7jhSKJsnmq8 (Accessed: 29 July 2015). Leonard, C. (2012), Virtual Directory Server – Accessing the Identity Store, Available at: http://wiki.scn.sap.com/wiki/display/Security/Virtual+Directory+Server+-+Accessing+the+Identity+Store (Accessed: 29 July 2015). SAP (2014), SAP Identity Management Overview, Available at: http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/c050ee1b-3a55-3210-56b8- a390b2c80a5d?QuickLink=index&overridelayout=true&59661390715821 (Accessed: 29 July 2015). SAP (2014), Central User Administration, Available at: http://help.sap.com/saphelp_nw70ehp2/helpdata/en/bf/b0b13bb3acd607e10000000a11402f/content.htm (Accessed: 29 July 2015). SAP (2014), SAP solutions for GRC, Available at: http://issuu.com/grcebook/docs/sap_solutions_for_grc_ebook (Accessed: 29 July 2015). SAP (2013), Secure One-Time Systemwide Authentication with SAP NetWeaver® Single Sign-On, Available at: http://www.sap.com/bin/sapcom/en_us/downloadasset.2011-09-sep-22-14.sap-netweaver-single-sign-on-for-high-productivity-and- security-in-your-company-pdf.html (Accessed: 29 July 2015). SAP (2012), Business-Driven, Compliant Identity Management, Available at: http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/90c5aa16-1861-2e10-ae82- 9e4a34f1c42d?QuickLink=index&overridelayout=true&59661390715881 (Accessed: 29 July 2015). Slide 21