Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Management
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social ResponsibilityCSR
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
21 May 2024

IAM and SAP Integration: What SAP teams need to know to work better with Identity teams

This blog was produced in partnership with SailPoint; authored by Richard Malmberg, Senior Solutions Engineer, SailPoint.SailPoint-Logo-RGB-Color-4

As an SAP professional, you know as well as anyone how important SAP is for your organisation. But SAP cannot function in a silo. Now more than ever, to keep key business processes operating smoothly and protect sensitive information enterprise-wide, it’s essential that SAP is better aligned with organisation-wide Identity and Access Management (IAM).

This is especially true in the current climate. As many organisations using SAP move towards a cloud-first future with S/4HANA and RISE and seek to unlock new business value by leveraging AI and a growing SaaS-based product offering, the security perimeter as we once knew it is eroding. This reality will bring SAP team’s priorities closer to those of the Identity team, although several key differences and potential conflicts between the two groups remain. In the long term, SAP teams will have to collaborate closely with the Identity teams to balance these priorities, something even the most organised businesses may find challenging.

In part two of our two-part series, we explore how Identity and SAP teams can work better together to protect their enterprise and drive performance from an SAP point of view.

The disconnect between SAP and Identity teams

SAP teams are generally tasked with focusing on that critical platform and the availability, accessibility and functionality of the modules with it. Identity teams, on the other hand, look at things from a wider security angle, wanting to keep all the organisation’s key assets safe and make it easier for the colleagues to access the applications they need, when they need it.

As a result, a significant source of friction is that identity security is just one of the things that the SAP team must juggle, while it is generally the only thing that the Identity team is concerned with. Because of this, SAP teams often end up feeling that Identity teams don’t fully comprehend all the ins and outs of SAP access and/or that they don’t have the expertise to do so. For example, SAP security involves multi-layered processes like building a role, ensuring it’s compliant and certified, and managing segregation and SoD-sensitive PII data. Identity teams, in contrast, typically won’t have the expertise to manage that process end-to-end.

This can naturally lead to SAP teams being more protective of their domain. In not wanting Identity teams to interfere with their system, the two teams end up working independently of each other. When SAP security is siloed, however, it tends to work under a different set of security practices and policies, such as multiple passwords and layers of authentication, which is at odds with the consistent approach that IAM encourages.

The benefits of working together

All is not lost. SAP and Identity teams have more in common than it might seem. Both groups play a valuable role in providing access to the business. Moreover, both rely on similar sources of truth – think HCM platforms like SAP SuccessFactors and Workday.

With SAP moving further towards the cloud and bringing in more opportunities to connect to other applications, the need for SAP and Identities teams to collaborate and avoid unmanageable complexity is growing all the time. At a basic level, working together will eliminate the risk of mismatches in identity management. But the benefits of a collaborative approach go far above and beyond this to include:

  • Efficient utilisation: SAP team expertise can used more widely and deliver more value to the business overall.
  • Enhanced skill base: SAP teams can gain a greater breadth of knowledge across both SAP and IAM as a whole, expanding their expertise and making them an even bigger asset within the organization and the market.
  • Consolidated and consistent approach: Cost efficiency can be maximised and access provisioning made more consistent by removing any overlapping functionality.
  • Improved user experiences: Every user gets a simpler access experience overall, with a single method to request access that covers everything they need, including SAP.
  • Better visibility: Combining the system and strategy facilitates the creation of triggers enterprise-wide that can lock down all access for risky accounts and protect all systems and applications.
  • A more successful programme: A collaborative approach allows SAP and Identity teams to tap into each other’s knowledge. It also enables Identity teams to make a more constructive contribution when they get involved with SAP.

A better relationship for better outcomes

When SAP and Identity teams come together through a consolidated, enterprise-wide IAM platform, everybody wins. The two teams work more efficiently and effectively and gain more expertise; the end-users gain a simplified and more consistent experience. To achieve this, however, both teams need to have a positive attitude and a constructive approach.

To help smooth the process of working with Identity teams, SAP teams should:

  • Understand each other’s priorities. Recognise and respect each other’s knowledge, roles, and responsibilities.
  • Be clear and open about each team’s challenges and pain points.
  • Be proactive in raising concerns and asking questions about the collaboration.
  • Explore opportunities for expanding expertise, including training or certification opportunities.
  • Identify an ‘integration champion’ who can maintain and support a good working relationship between the two teams.

Remember, Identity teams respect your SAP knowledge and want you to work with a new, improved platform that upskills and automates for everyone’s benefit. By sharing a strong commitment to the partnership, you and Identity colleagues can work together to ensure your organisation has the right expertise and the right technology in the right places and reinforce your roles as enablers of better business outcomes across the enterprise.

Find out more about how Identity and SAP teams can work together to future-proof IAM for your SAP systems during our upcoming webinar. Sign up here.

The Future of Identity in SAP: How to Prepare for the Road Ahead Webinar - Thursday 4 July 2024 - Register Now