Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Management
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social ResponsibilityCSR
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
21 May 2024

IAM and SAP Integration: What Identity teams need to know to work better with SAP teams

This blog was produced in partnership with SailPoint; authored by Richard Malmberg, Senior Solutions Engineer, SailPoint.SailPoint-Logo-RGB-Color-4

Good integration between Identity and Access Management (IAM) and SAP boosts operational efficiency, improves user experiences, and reduces the risk of cybercrime. But for many organisations, it’s easier said than done. Achieving this means creating a shared understanding of the mutual benefits of collaboration and balancing the priorities of Identity amidst the different demands of the SAP team.

But how do you get there?

In part one of our two-part series, we explore how Identity and SAP teams can work better together to protect their enterprise and drive performance from an Identity point of view.

The disconnect between Identity and SAP teams

First, it’s important to understand the differences in each team’s responsibilities. The Identity team is generally focused on keeping all the assets within an organisation safe, some of which will be housed within the SAP environment. The SAP team, on the other hand, has a remit that includes security but goes far beyond it to include the availability, accessibility, and functionality of the SAP platform for most users.

This disconnect can lead to friction. For example, when Identity teams try to engage with SAP teams, SAP teams are often reticent, or worse, resistant. SAP teams don’t want their normal operations interfered with by those who don’t understand all of SAP’s complexities and challenges. Separately, SAP teams may also feel to a certain extent that if the Identity team gets too involved, then their own jobs may be rendered obsolete.

While SAP teams are right that their Identity colleagues don’t always have the knowledge around compliance, certification, segregation, SoD-sensitive PII data and so on, they must realise it’s because Identity teams don’t necessarily need to. This illustrates why a shared understanding of each team’s roles and responsibilities matters. Without it, SAP security ends up siloed from everything else, leading to a disjointed and inconsistent approach across the organisation that flies in the face of the principles of IAM.

Why Identity and SAP teams should work together

Identity and SAP teams need to work in harmony. The good news is that there’s more overlap between the demands of each teams than meets the eye.

For starters, both teams are focused on providing access to the business, often relying on the same sources of truth, such as HCM platforms like SAP SuccessFactors and Workday. At the same time, with SAP introducing more flexibility to connect to other applications, things are becoming more complex from an identity security perspective. Only if the two teams come together and converge upon one overarching solution can mismatches in identity management be avoided.

But it shouldn’t stop there. By collaborating on an ongoing basis, Identity and SAP can achieve so much more. Together, they can achieve:

  • A consolidated, cost-efficient approach: Bringing the two teams together creates cost efficiency by removing any overlapping functionality. It can also make access provisioning much more efficient and consistent across the organisation.
  • Improved user experiences: A single approach to access provisioning simplifies things for users, who can then request one role through one method and get access to everything they need, including SAP.
  • Better visibility: A combined system and strategy make it easier to create triggers that lock access for risky accounts across all systems and applications, which is simpler and faster than doing so for separate systems.
  • Unlocked funding: Only having to fund one identity solution rather than two frees up funding that the Identity team can utilise. Further budget can be unlocked by demonstrating efficiency to the CFO and reducing the risk of negative audit findings.
  • A more successful programme: By working in harmony and utilising each other’s skills, it becomes far easier for the Identity team to tap into SAP team knowledge and move into the SAP space, often considered the crown jewels of an organisation, for better management and utilisation.

How to foster a better relationship 

A joined-up and collaborative approach to SAP and identity, especially through a consolidated, enterprise-wide IAM platform, is ideal for getting the best of both worlds for the teams involved and the end-users across the organisation. But this is about more than just technology. It requires both teams to come in with a positive and proactive mindset toward a single identity solution.

To help get SAP teams on board, Identity teams should:

  • Facilitate clear and open discussion around the key challenges and pain points of each team.
  • Listen to SAP team concerns and demonstrate how you want to work alongside them – leveraging their expertise without usurping their positions.
  • Emphasise upskilling by offering training and support and clarify any queries about certifications.
  • Demonstrate how the SAP team can drive more benefit for the business as a whole through a more collaborative approach.
  • Nominate an ‘integration champion’ to support a better relationship between the teams and facilitate discussions.

Ultimately, the best convergence of identity and SAP involves the right expertise in the right places, a strong commitment to partnership, and the use of the right technology. This allows both Identity and SAP teams to be business enablers, contributing to better outcomes across the organisation.

Find out more about how Identity and SAP teams can work together to future-proof IAM for your SAP systems during our upcoming webinar. Sign up here.

The Future of Identity in SAP: How to Prepare for the Road Ahead Webinar - Thursday 4 July 2024 - Register Now