The discontinuation of SAP Identity Management (IdM) is the perfect opportunity to revisit your entire identity strategy, and improve your overall business processes, security posture, and performance. In particular, it’s a chance to look at the bigger picture and invest in an enterprise IGA solution that handles access and identity control across SAP and non-SAP applications.
We believe that for the majority of organisations full integration and the ability to see every identity through a single pane of glass is the way forward, but getting this right requires a carefully planned strategy encompassing processes, people and technology. This blog will explore why an integrated identity strategy will benefit your business and how to approach it.
Because enterprises have so many applications other than SAP to look after as it is, SAP has often been left separate and treated as a ‘black box’. Its perceived complexity, its integration challenges, and the siloed nature of SAP teams mean that it’s often left out of improvement plans.
But contrary to popular belief, SAP can absolutely be comprehensively integrated into enterprise IGA solutions. Showcasing successful case studies and highlighting vendor partnerships that improve compatibility can help dispel this assumption. But it is also important to emphasise best practices for managing customisations, provide training and resources for Identity and SAP Security teams, and promote the continuous advancement of integration technologies. By focusing on these areas, organisations can illustrate that effective integration is not only possible but also increasingly attainable.
Ultimately, the integrated approach enables benefits on a number of different fronts, including:
So, what’s the best way forward for your strategy? We suggest starting with the identification of desired outcomes and necessary capabilities, and then using those to influence your solution selection process.
We recommend the following approach:
You should also consider several other important factors from a systems perspective: for example, the complexity of your SAP and non-SAP estates and what will need to be configured and migrated. It’s also worth considering the breadth and depth of integration required for all target systems; and the current security capabilities of enterprise and SAP applications to identify what needs to be augmented or integrated.
With your key outcomes and direction decided, you can then begin to work out what your integrated solution should look like in practice, ideally by focusing on the capabilities you need rather than the solutions themselves. For example:
You may have all or none or some of these capabilities in order to meet your future security posture needs. But either way, you need to have a clear view of and track all of them as part of your roadmap development.
From here, you can start to redefine your Identity and SAP Security teams’ roles and duties. In an ideal world, these new responsibilities should look something like this:
| Identity Team | SAP Security Team |
| Providing support and training on the new enterprise IGA solution | Managing all SAP roles, profiles and entitlements |
| Sourcing integration and attribute configuration | Managing SAP Segregation of Duties policies |
| Monitoring and reporting | Working with business and audit teams |
| Coordinating with owners of non-SAP applications | Reporting on SAP certifications and compliance |
| Driving SAP RBAC modelling for the enterprise teams |
With so much to reconfigure and reconsider, this migration represents a big technological and organisational change. That means that a carefully planned migration is absolutely essential for success - and that’s where Turnkey’s expertise and an enterprise IGA solution like SailPoint’s come in.
Turnkey has 15 years of success delivering identity and access management projects, and 20 years of success with SAP projects, making us an ideal consultation and advisory partner across strategy, road mapping, vendor selection, implementation and ongoing management. With our expertise – and ability to provide a fully managed service for the new solution – we can help ensure your SAP and identity teams come together and implement the right technology and business changes for your specific long-term goals.
SailPoint’s enterprise IGA solution gives you a 360-degree view of identity, enabling full visibility of which identity has which type of access across your entire organisation from a single pane of glass. This is dovetailed by Turnkey’s end-to-end expertise in identifying organisational maturity and needs, all the way to planning and even managing implementation and the ongoing running of the new solution.
Get more in-depth expertise on building an organisation-wide identity strategy by registering for our upcoming webinar here.