Expand +



SAP Extends Functionality for Identity Management: A Harmonized Approach to Managing a Heterogeneous Landscape

by SAP

April 1, 2008

by SAP SAP NetWeaver Magazine - Volume 4, Issue 2

Identity management is a critical piece of an IT optimization strategy. Who accesses systems and data — and how IT manages that process — is one of the greatest challenges facing IT. And it’s a challenge that will only grow more complex in the future as access is granted to a widening range of stakeholders, including C-level executives, suppliers, customers, and partners. Identity management is about shutting the back door so that, at the press of a button, you can guarantee no one will damage your systems or access your confidential data.

For identity management, enterprise customers want a comprehensive solution that can change along with their business, regardless of whether they are launching a new business strategy or embarking on a corporate restructure. Customers want a solution that they can modify easily, without requiring IT to go back to the drawing board every time the business evolves.

The SAP NetWeaver Identity Management component supports this holistic approach with a solution that operates at the core of your SAP software, nestled within the heart of the SAP NetWeaver platform. For more information about SAP NetWeaver Identity Management's compatibility, please see the sidebar "SAP NetWeaver Identity Management Compatibility Chart" below.

Identity Management — The Challenge

Today’s CIO faces an increasingly complex landscape, and that complexity directly affects security. Four key factors make identity management a challenge:

  • IT operations silos:
    The IT landscape comprises multiple sources of identity data, with a user provisioning system that requires direct intervention by the help desk.

  • Manual processes:
    Security relies on labor-intensive, paper-based approval systems, as well as a proliferation of inconsistent and informal processes.

  • Poor accountability:
    There’s often little or no record of who has access to each IT resource, as well as an inability to terminate user access rights when people leave the organization or change roles.

  • Unresponsive services:
    Users depend on help-desk response times for simple tasks that affect productivity, such as password resets or delays in approval.

Security, however, is not just the CIO’s problem: CEOs and CFOs depend on it to keep the business compliant with regulations. At the same time, they need to optimize business processes. Here are some of the challenges currently facing organizations:

  • It might take several weeks or longer for new hires to gain access to job-critical systems, reducing the new hires’ productivity.

  • When employees change roles, a lack of consistent identity management processes can leave systems unsecured, exposing the business to risk.

  • A lack of integration means that workers have multiple passwords and access codes, and when they’re forgotten, the number of support calls to the help desk can increase.

  • Manual processes require more administrative support than automated processes, costing the organization additional money while increasing the possibility of error.

  • Compliance audit costs can be high, and noncompliant provisioning is a common reason for failure.

Accordingly, customers have been clamoring for an end-to-end solution that can address both business and technical risks. In addition, more and more companies have complex business processes that cross multiple applications. For example, one part of a process may originate in a supply chain application, another in a customer relationship management application. All of these activities require consistent and secure access to the software services that support them.

How well you model your business — and your business processes — is contingent on how effectively your identity management solution supports these processes while ensuring that they are deployed securely.

SAP NetWeaver Identity Management — The Solution

In 2007, SAP acquired MaXware, which has provided identity management software for over a decade. SAP has integrated MaXware’s tools into SAP NetWeaver to create a full-service identity management solution.

Today, most SAP customers rely on Central User Administrator (CUA) software for identity management. But in a world of heterogeneous systems, IT needs to extend this functionality to portals and Java-based solutions. SAP NetWeaver Identity Management offers just such a harmonized approach for a heterogeneous IT environment.

Increasingly, IT needs to implement and enforce the hire-to-retire business process through approval steps that are controlled by workflows and with automated role assignments. And SAP NetWeaver Identity Management supports these activities.

SAP NetWeaver Identity Management leverages all the components and infrastructure provided in SAP NetWeaver. It uses your workflows, your database interfaces, and other key services provided by the technology platform. Among the most recognized benefits of SAP NetWeaver Identity Management is its ability to do the following.

  • Provide a heterogeneous identity platform linking SAP software with external, authoritative, and target identity data resources

  • Reduce the total cost of ownership of SAP software in terms of IT operations and integration costs, while providing a central point for user administration

  • Provide a missing link between enterprise application silos and core IT infrastructure components, such as email systems and portal access

  • Ease consolidation of identity data stores across both SAP and non-SAP software-based systems in broader application consolidation initiatives

  • Combine identity management in a heterogeneous environment with tight compliance controls and provide a centralized log of all administrative actions and user access rights

  • Automate provisioning of new hires immediately on their start dates, which enables IT user management to respond rapidly to organizational changes

  • Offer a Web user interface for better recall and accountability, plus self-service functionality that reduces password reset calls

Straightforward Approach — Peace of Mind

SAP NetWeaver Identity Management provides customers with the tools and flexibility they need to incorporate security management seamlessly into their business process platform, matching their employee regulations with IT security controls. Rather than constraining growth and business opportunity, the software can rapidly adapt to your changing needs.

The benefits extend far beyond the executive office. The intuitive, straightforward tools built into the central identity center component reduce complexity for IT administrators. Help desk technicians won’t have to spend their time resetting passwords because those tasks are the user’s responsibility.

SAP NetWeaver Identity Management relieves IT of considerable security risk with its ability to synchronize identity information across systems, supply a virtual view of information across those distributed sources, and integrate identity management processes and information within your core HR system. As an SAP customer recently put it, with SAP NetWeaver Identity Management, “I can go home at five o’clock.”

Processes supported by SAP NetWeaver Identity Management

SAP NetWeaver Identity Management Compatibility Chart

The SAP NetWeaver Identity Management component works with the following:

  • Third-party security solutions for Web single sign-on and two-factor authentication, which have certified integration with SAP software

  • A wide range of database servers with Java Database Connectivity- compliant drivers

  • Directory servers that are Lightweight Directory Access Protocol (LDAP) v3-compliant (Note that the virtual directory server allows the use of any LDAP schema.)

  • Operating system platforms, including provisioning to Microsoft Windows and a number of Unix and Linux platforms

  • Data standards for Web services such as Directory Services Markup Language (DSML) and Services Provisioning Markup Language (SPML), as well as file-based data formats, including the LDAP Data Interchange Format (LDIF), comma separated values (CSV) format, and XML

  • Custom connectors, including a custom Java Connector API

An email has been sent to:

More from SAPinsider


Please log in to post a comment.

No comments have been submitted on this article. Be the first to comment!