Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Product Features
Contents Client Pain-points 1 Current solutions 2 The OneAccess Value 3 Process Workflow 4 4 Architecture / Functional 4 5
Selva Kumar – Product Expert <ul><li>15 Years Experience in SAP Basis and Security </li></ul><ul><li>Worked with Eli Lilly...
Client Pain-points <ul><li>Inadequate change control for User management </li></ul><ul><li>Lack of approval/audit trail as...
Current solutions <ul><li>Band-aid </li></ul><ul><li>Customize third-party workflow tools like Lotus Notes </li></ul><ul><...
The OneAccess Way <ul><li>Approved access to SAP Systems </li></ul><ul><li>Org hierarchy-based and rule-based access contr...
The OneAccess Value <ul><li>SOX-compliant </li></ul><ul><li>Less resources for User management </li></ul><ul><li>Reduced a...
Process flow <ul><li>Requester registers himself and creates request for access to SAP System </li></ul><ul><li>Approver d...
Architecture <ul><li>Java Web application built on Spring/Hibernate </li></ul><ul><li>Deployed on any J2EE application ser...
Our Competition <ul><li>SAP GRC Access Enforcer </li></ul><ul><li>SUN Identity management Software </li></ul><ul><li>Novel...
Good Practices in Security <ul><li>Local Site Security Administrator </li></ul><ul><li>One Composite Role per user which l...
Good Practices cont <ul><li>Create one base role and use derived roles for organizational locations </li></ul><ul><ul><li>...
Site Security Administrator <ul><li>Understands the End user Requirement </li></ul><ul><li>Recommends role to the user and...
One Composite Role Per User <ul><li>Composite Role should follow the Job title  </li></ul><ul><ul><li>Eg: AP Manager- CIMA...
Continuous Compliance
Audit group- Participation
Role development
Roles and responsibilities Requester Approver Admin <ul><li>Perform System settings </li></ul><ul><li>Load master Data </l...
Site System relationship Attaches to Location ECC 6.0 BI 7.0 APO Location Role Role Role Role Role Role Approver
Admin functions Policies and Setup Loading Data Trouble Shoot Approver Setup
Debashish Questions <ul><li>Copy Users </li></ul><ul><li>Peer Approval </li></ul><ul><li>Site Approval </li></ul>
Normal Approved request
Rejection Process
Process when System Failure
Admin Site Approver List
Admin Report
Admin- User Report
Admin-Settings
Admin:-Role List
Admin-Adding New Site
Admin-New SAP System
Admin-System List
Approver- Approvals Waiting
Approver-Approver Details
http://softsquare.biz/oneaccess/ Thank You !
Upcoming SlideShare
Loading in …5
×

OneAccess-UserManager

376 views

Published on

SAP Certified OneAccess-UserManager solution for SAP.
We are now SAP Certified Partner for NetWeaver Platform.
The product has following features

Automates complex provisioning task
In-premise deployment
Control user-administration task
Track user approval process
Lock, unlock, and deactivate users
Detailed Audit features
SOX-compliant
SAP J2EE-DEP certified
Enforce security enterprise-wide
Tight integration with SAP
Easy customization

www.expressgrc.com

  • Be the first to comment

OneAccess-UserManager

  1. 1. Product Features
  2. 2. Contents Client Pain-points 1 Current solutions 2 The OneAccess Value 3 Process Workflow 4 4 Architecture / Functional 4 5
  3. 3. Selva Kumar – Product Expert <ul><li>15 Years Experience in SAP Basis and Security </li></ul><ul><li>Worked with Eli Lilly ( 6000), EDS ( 28000), DuPont ( 14 Systems, 7000 Users, Rohm Hass ( 10000), SAP America, HMCO, Unilever, AUTO FINA, IPG Ogilvy Mather, IGT, Best Foods, Unilever( 4000), Cephalon, Johnson and Johnson ( 7000), HPC , US Army ( 80000 Users) </li></ul><ul><li>Tasks: Role Redesign, SAP 2.2G to 4.6 Upgrades, Profile to Role Conversion, Sox Audit remediation </li></ul>
  4. 4. Client Pain-points <ul><li>Inadequate change control for User management </li></ul><ul><li>Lack of approval/audit trail as structured data </li></ul><ul><li>Lost time and budget remediating repeated errors </li></ul><ul><li>Master record inconsistencies across SAP systems </li></ul><ul><li>No self service for user password reset </li></ul><ul><li>Unapproved access for the wrong SAP users </li></ul><ul><li>No effective enforcement of roles </li></ul>
  5. 5. Current solutions <ul><li>Band-aid </li></ul><ul><li>Customize third-party workflow tools like Lotus Notes </li></ul><ul><li>Email based approvals or ticket-based (Remedy) approvals </li></ul><ul><li>Paper-based approval </li></ul><ul><li>Throwing more resources </li></ul><ul><li>Investing in expensive third-party audits </li></ul><ul><li>Other high-cost tools </li></ul>
  6. 6. The OneAccess Way <ul><li>Approved access to SAP Systems </li></ul><ul><li>Org hierarchy-based and rule-based access control </li></ul><ul><li>Centralized SAP security access and policy enforcement </li></ul><ul><li>Streamline and automate approval process </li></ul><ul><li>Delegate SAP access approval to local units </li></ul><ul><li>Automated creation of users in SAP System </li></ul>
  7. 7. The OneAccess Value <ul><li>SOX-compliant </li></ul><ul><li>Less resources for User management </li></ul><ul><li>Reduced audit costs </li></ul><ul><li>Stream-lined access approval </li></ul><ul><li>Avoid inappropriate access </li></ul><ul><li>Comply to corporate policy </li></ul><ul><li>Short Implementation </li></ul><ul><li>Value Pricing </li></ul>
  8. 8. Process flow <ul><li>Requester registers himself and creates request for access to SAP System </li></ul><ul><li>Approver denies or approves request </li></ul><ul><li>Approver approves request  Requester account provisioned in remote SAP system </li></ul><ul><li>Admin adds System/Site/SAP Role </li></ul><ul><li>Admin adds Approvers </li></ul><ul><li>Admin manages SAP system parameters </li></ul>
  9. 9. Architecture <ul><li>Java Web application built on Spring/Hibernate </li></ul><ul><li>Deployed on any J2EE application server such as SAP Netweaver, Apache Tomcat, JBoss, Weblogic, Websphere, Sun ONE </li></ul><ul><li>N-tier software architecture with Domain objects, Data Access Objects (DAO), Spring Controllers, JSP pages, Acegi Security, Quartz scheduler, Web 2.0 (Ajax) </li></ul><ul><li>All passwords stored in encrypted form </li></ul><ul><li>Works on any JDBC-compliant database such as mySQL, Oracle, SQL Server, Sybase </li></ul>
  10. 10. Our Competition <ul><li>SAP GRC Access Enforcer </li></ul><ul><li>SUN Identity management Software </li></ul><ul><li>Novell Identity manager </li></ul><ul><li>IBM Tivoli Access Manager </li></ul>
  11. 11. Good Practices in Security <ul><li>Local Site Security Administrator </li></ul><ul><li>One Composite Role per user which lets the user perform his or her job </li></ul><ul><ul><li>Composite role should align with organizational location and job title </li></ul></ul><ul><ul><li>Use organizational derived Composite role across sites </li></ul></ul><ul><ul><li>Have sensitive and non sensitive display roles </li></ul></ul><ul><li>Continuous Compliance: Risks mitigation or remediation in Development environment </li></ul>
  12. 12. Good Practices cont <ul><li>Create one base role and use derived roles for organizational locations </li></ul><ul><ul><li>Strong Naming conventions for security roles </li></ul></ul><ul><ul><li>Access to custom tables and programs should be secured by transactions / authorization groups </li></ul></ul><ul><ul><li>SU24 Updates </li></ul></ul><ul><li>Positive and negative tests should be performed for SAP roles </li></ul><ul><li>Audit person should be involved in Mitigation controls and Change control process </li></ul>
  13. 13. Site Security Administrator <ul><li>Understands the End user Requirement </li></ul><ul><li>Recommends role to the user and Validates the Role assignment </li></ul><ul><li>Knowledgeable in the SAP role and Transactions </li></ul><ul><li>Initiate changes to single roles and composite roles </li></ul><ul><li>First line of defense for trouble tickets </li></ul><ul><li>Coordinates testing and user acceptance by end user </li></ul>
  14. 14. One Composite Role Per User <ul><li>Composite Role should follow the Job title </li></ul><ul><ul><li>Eg: AP Manager- CIMA, AP Manager- SLC </li></ul></ul><ul><li>When there is a mitigation control on the composite role all the users are Clean </li></ul><ul><li>End users and support personal can easily understand the role </li></ul><ul><li>Issues can be fixed on all the composites </li></ul><ul><li>Consistent access across all jobs </li></ul><ul><li>Should have broad display roles </li></ul>
  15. 15. Continuous Compliance
  16. 16. Audit group- Participation
  17. 17. Role development
  18. 18. Roles and responsibilities Requester Approver Admin <ul><li>Perform System settings </li></ul><ul><li>Load master Data </li></ul><ul><li>Run audit Reports </li></ul><ul><li>Creates approver </li></ul><ul><li>Trouble shoot Problems </li></ul><ul><li>Approve or Deny request </li></ul><ul><li>Create own request </li></ul><ul><li>Mass approve request </li></ul><ul><li>Review approval status by system </li></ul><ul><li>Change Site </li></ul><ul><li>Reports </li></ul><ul><li>Register in OneAccess </li></ul><ul><li>Add Request to System </li></ul><ul><li>Add Role to Request </li></ul><ul><li>Change Site </li></ul><ul><li>Reset Password </li></ul><ul><li>Review status </li></ul><ul><li>Clone Request </li></ul>
  19. 19. Site System relationship Attaches to Location ECC 6.0 BI 7.0 APO Location Role Role Role Role Role Role Approver
  20. 20. Admin functions Policies and Setup Loading Data Trouble Shoot Approver Setup
  21. 21. Debashish Questions <ul><li>Copy Users </li></ul><ul><li>Peer Approval </li></ul><ul><li>Site Approval </li></ul>
  22. 22. Normal Approved request
  23. 23. Rejection Process
  24. 24. Process when System Failure
  25. 25. Admin Site Approver List
  26. 26. Admin Report
  27. 27. Admin- User Report
  28. 28. Admin-Settings
  29. 29. Admin:-Role List
  30. 30. Admin-Adding New Site
  31. 31. Admin-New SAP System
  32. 32. Admin-System List
  33. 33. Approver- Approvals Waiting
  34. 34. Approver-Approver Details
  35. 35. http://softsquare.biz/oneaccess/ Thank You !

×