For customers with an on-premise system, SAP’s Access Control is already an established and proper access governance solution. Now, to also cover the growing significance of cloud applications, SAP has introduced the SAP Identity Access Governance (IAG).
As SAP Access Control’s cloud counterpart, the Identity Access Governance service can be activated on SAP’s Business Technology Platform (BTP). It employs the HANA database power to process and show data using SAP Fiori-based UI technology. To allow proper authentication and provisioning, the IAG solution is connected to SAP Cloud Identity Services (CIS).
Five valuable services
Intrigued whether the cloud-focused Identity Access Governance could be right for you?
Let's delve deeper into the five valuable services that IAG offers.
1. Access Analysis
- Similar to Access Risk Analysis (ARA) within SAP Access Control
- Supports risk analysis of on-premise, cloud and even cross-system access on users / roles for which access refinement / mitigation activities can be executed
- Rulesets and mitigating controls can be migrated from SAP Access Control
2. Access Request
- Similar to Access Request Management (ARM) within SAP Access Control
- Provides request forms with data-driven filters, customizable approval workflows, HR-trigger-requests based on data from SAP SuccessFactors …
3. Privileged Access Management (PAM)
- Similar to Emergency Access Management (EAM) within SAP Access Control
- Supports super-user access for on-premise systems (decentralized) and cloud systems (centralized)
4. Role Design
- Similar to Business Role Management (BRM) within SAP Access Control
- Supports business role creation based on cluster role analysis / machine learning and can contain both on-premise and cloud access
5. Access Certification: reviewing access
- Similar to User Access Review (UAR) within SAP Access Control
- Enables campaigns / reviews for user access including cloud applications taking into account the risk aspect
Which do you prefer: SAP Access Control or Identity Access Governance?
It all depends on your company’s requirements, such as cross-system risk detection, cloud connectivity and complex approval flows. For new customers, opting for the cloud-based SAP IAG straight away may cover all your needs and even offer additional features. However, if you're currently using a GRC On-Premise environment with SAP Access Control functionality, there's no need to transition everything to SAP IAG. Instead, you could opt for a hybrid setup where SAP Access Control focuses on on-premise connectivity while SAP IAG is implemented and connected to cloud applications. The IAG bridge ensures seamless integration and communication between both solutions and is supported by the SAP Cloud Connector that provides secure tunnel between them.
Expertum is here to help
At Expertum, we firmly believe that SAP Access Control and SAP IAG can play a crucial role in the access governance of both on-premise and cloud applications. Our dedicated team of Expertum specialists is at your disposal for the implementation and support of its functional and technical functionalities. Let us help you build a roadmap that fits your organization and covers all your needs. Get in touch to know more!
Chris is here to listen.
Get in touch with him.
About the author
Read more articles by Johan Wouters
