Cloud Identity Access & Management
An overview of Identity Access & Management
Identity Access and Management (IAM) enables us to grant granular access to specific resources and restricts the access to other resources. It also allows us to adopt a security principle of least privilege and it is the security discipline which enables the right individuals to access the right resources at the right times for the respective reasons.
First, let’s talk about some of the key features and functionalities of SAP Cloud IAM.
- Enhanced access agreement
- Intelligent optimization
- Extended controls
- Reduced risk
- Simplified governance of data access
- Seamless user experience
- Adaptable identity & access control
IAM solutions frequently include technologies such as Multi-Factor Authentication (MFA) and Enterprise Mobility Management to address the countless ways of data access. These products ensure that the authorized workers, partners and customers have appropriate access to the resources they need, and that the processes such as on-boarding, off-boarding, role management, authentication and access management are scalable and can be automated.
Access Analysis –Analyse access, refine user assignments and manage controls.
Role Design –Optimize role definition and streamline governance.
Access Request –Optimize access, track workflow, enable Policy- based assignments and streamline process.
Access Certification –Review access, roles, risks and migration controls.
Privilege Access Management – Enable accounts-based access, consolidate logs and automates log risk. Review to access fraud risk.
Ensuring suitable user access to all the enterprise systems on-premise or on cloud is always a difficult task for an organization. It has been more challenging and becoming even more complex as IT industries across the landscapes are changing user roles and new technologies.
In order to overcome these challenges, SAP is providing a comprehensive set of solutions like — SAP Single Sign-On (SSO), SAP Cloud Platform Identity Authentication, SAP Identity Access Management and SAP Cloud Platform Identity Provisioning for managing user identities and authorizations across different environments such as on-premise, cloud and hybrid.
IAM services with SAP Cloud platform provide new employees with a simplified on-boarding process and integration with various applications. This will also protect the company assets with appropriate authorizations and secure login.
- LDAP or Active Directory (AD)
- Internal applications
- Web access management
- External apps
- Cloud apps
- Standard based apps
- Directory or HRMS driven
- Request & Approval workflow
- Provision to on-premise and SaaS apps
- Segregation of duty
- Attestation/Access Certification
- Audit & Analytics
The components in the above picture build a typical Enterprise IAM solution. The Corporate Directory is used as a user store of an organization, LDAP is for all servers which belong to Linux and Active Directory comes under Windows OS. Earlier, companies achieved SSO capabilities for managing their internal applications and gain access to web URLs using non-standard methods. Later, due to the increase of interaction with external services such as SaaS applications and other third party applications, organizations are forced to use standard methods for achieving SSO. These solutions which were built on standard, allow companies to integrate products with their applications.
Multi-Factor Authentication (MFA) provides a higher level of trust to the users who are using these applications. The life cycle of the users can be managed by Automated Provisioning instead of Human Resources Management System. Finally, Component Compliance/Identity Governance is used to monitor and audit all IAM solutions.
Since the SAP Cloud IAM implementation is a paid service, we need to check with the Marketing team if we could deploy on any landscape. This is available as SaaS subscription on a monthly and annual basis. The links in references provide information on implementation and master guides. There are two versions released by SAP for Cloud Identity and Access Governance – 1908 and 1911.
Since privilege misuse or abuse is recognized to be a key ingredient of almost all security breaches today, a well-implemented IAM provides confidence that only authorized and authenticated users are able to interact with the systems and data that they need to perform their job roles effectively.
MOURI Tech devises a strategy based on the customer’s inputs and requirements. Our team will design the roadmap and implement the plans taking into consideration all the pros & cons. Case studies with our past clients illustrate how smoothly we handled implementations and managed services as per their requests.
- Set up guide: https://help.sap.com/viewer/e12d8683adfa4471ac4edd40809b9038/1911/en-US/c462f9744efe4b14bc5ab398cb05614f.html
Contact for further details
Sai Kumar Dudala
Sr.Technical Consultant – SAP Basis & HANA