SAP’s new Identity Access Governance solution ensures compliant access to cloud-based applications

Photo of Johan Wouters

Written by Johan Wouters in Cloud


Ever increasing governance, risk and compliance (GRC) requirements, prove that a professional solution is needed to adequately control SAP access for both on-premise and cloud applications.

For customers with an on-premise system, SAP’s Access Control is already an established and proper access governance solution. Now, to also cover the growing significance of cloud applications, SAP has introduced the SAP Identity Access Governance (IAG).

As SAP Access Control’s cloud counterpart, the Identity Access Governance service can be activated on SAP’s Business Technology Platform (BTP). It employs the HANA database power to process and show data using SAP Fiori-based UI technology. To allow proper authentication and provisioning, the IAG solution is connected to SAP Cloud Identity Services (CIS).

Five valuable services

Intrigued whether the cloud-focused Identity Access Governance could be right for you?
Let's delve deeper into the five valuable services that IAG offers.

1. Access Analysis

  • Similar to Access Risk Analysis (ARA) within SAP Access Control
  • Supports risk analysis of on-premise, cloud and even cross-system access on users / roles for which access refinement / mitigation activities can be executed
  • Rulesets and mitigating controls can be migrated from SAP Access Control

2. Access Request

  • Similar to Access Request Management (ARM) within SAP Access Control
  • Provides request forms with data-driven filters, customizable approval workflows, HR-trigger-requests based on data from SAP SuccessFactors …

3. Privileged Access Management (PAM)

  • Similar to Emergency Access Management (EAM) within SAP Access Control
  • Supports super-user access for on-premise systems (decentralized) and cloud systems (centralized)

4. Role Design

  • Similar to Business Role Management (BRM) within SAP Access Control
  • Supports business role creation based on cluster role analysis / machine learning and can contain both on-premise and cloud access

5. Access Certification: reviewing access

  • Similar to User Access Review (UAR) within SAP Access Control
  • Enables campaigns / reviews for user access including cloud applications taking into account the risk aspect
Access Governance

Which do you prefer: SAP Access Control or Identity Access Governance?

It all depends on your company’s requirements, such as cross-system risk detection, cloud connectivity and complex approval flows. For new customers, opting for the cloud-based SAP IAG straight away may cover all your needs and even offer additional features. However, if you're currently using a GRC On-Premise environment with SAP Access Control functionality, there's no need to transition everything to SAP IAG. Instead, you could opt for a hybrid setup where SAP Access Control focuses on on-premise connectivity while SAP IAG is implemented and connected to cloud applications. The IAG bridge ensures seamless integration and communication between both solutions and is supported by the SAP Cloud Connector that provides secure tunnel between them.

IAG Connectivity

Expertum is here to help

At Expertum, we firmly believe that SAP Access Control and SAP IAG can play a crucial role in the access governance of both on-premise and cloud applications. Our dedicated team of Expertum specialists is at your disposal for the implementation and support of its functional and technical functionalities. Let us help you build a roadmap that fits your organization and covers all your needs. Get in touch to know more!

Charlotte is here to listen.
Get in touch with her.

%firstName% is here to listen.<br />
Get in touch with %pronouns%.

About the author

Photo of Johan Wouters
Johan Wouters

Read more articles by Johan Wouters

Related articles

Recapping Data to Value Day: Collibra, Google and SAP take center stage together

Every year SAP organizes the Data to Value Day: an event during which it showcases customer cases using the latest of SAP technology, reaffirms its vision...

SAP Datasphere and Snowflake: An (im)possible marriage? (Part I)

It is no secret that SAP has been pushing its Datasphere solution as not just a Cloud data warehouse, but a data integration platform as well. Partnerships...

How our implementation at Versuni succeeds through bringing business value to the enterprise by challenging business requirements

At the end of 2021, Expertum was asked by Philips Domestic Appliances to fulfil the role of solution architect with the responsibility for integrating...

Artificial Intelligence in IT: pitfalls and limitations

In the previous blog post, we have looked at Artificial intelligence (AI) and its potential within IT. Particularly, we have seen that the presence of AI and...

Putting the Data Intelligence in SAP Datasphere: a stepwise demo of Replication Flows with S/4HANA, BigQuery and Azure

Like all of SAP Datasphere’s regular updates, the most recent 2024.4 release added a slew of new functionalities into the solution. At Expertum, we...

Artificial Intelligence within the IT: the benefits and its potential

In the last couple of years, Artificial Intelligence (AI) has drastically and permanently impacted our way of living. Think about face recognition that we...