You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
SAP Connector Landscape
Identity Lifecycle for SAP
EmpowerID Identity Lifecycle for SAP automates account provisioning and access assignment. Automation of policy-based “Compliant Access” eliminates security problems and human errors associated with the manual user creation and role and profile assignment in SAP. Lifecycle events can be triggered manually by workflows but are most often detected as changes coming from any HR system including SuccessFactors. EmpowerID handles provisioning and deprovisioning across your entire SAP landscape. On deprovisioning, policy settings allow for graceful handover of responsibilities and the transfer of data ownership.
Zero Trust Delegated Administration for SAP
The out of the box roles and security model varies across your traditional ABAP-based systems, SAP HANA, and other various SAP modules which presents a challenge for organization’s pursuing a Zero Trust strategy. One of the key tenants of the Zero Trust model is that users should not be granted permanent unproxied access to systems. Unproxied access cannot be easily monitored and permanent privileged access is an opening waiting to be compromised by an attacker. EmpowerID’s supports a Zero Trust strategy by overlaying a single unified security model on top of all your SAP systems. This allows organizations to delegate granular administrative privileges to users within specific business units or partner organizations even though this granularity is not supported in some SAP modules. Fine-grained delegations support even the most complex global organizations and multi-tenancy scenarios to control exactly who may see which objects and identities and who may perform which tasks, all without granting any native administrative privileges.
SAP Firefighter and Emergency Access Management
EmpowerID supports a Zero Trust strategy for SAP with the industry’s leading firefighter management capabilities for S/4HANA. End users are empowered to request temporary firefighter emergency access that is granted to the user’s existing SAP account. Requests can be pre-approved or routed for approval with their status tracked in a business-user friendly interface. This approach is simpler than checking out vaulted privileged account passwords and improves the correlation of user activity.
Role Design and Optimization for SAP
EmpowerID is a critical tool in defining and maintaining compliant access for your SAP landscape. EmpowerID ties together your SAP role and fine-grained TCode level access with organizational data from HR and IGA to map out in advance the position appropriate access for employees, partners, and customers and the risk policies that will measure and ensure continued compliance.
EmpowerID’s role optimization functionality assists with maintaining SAP roles and ensuring that they grant the optimal least privilege access even in business environments undergoing frequent changes due to re-organizations, mergers and acquisitions. In addition, EmpowerID performs SOD simulation during role design to ensure proposed roles have no inherent SOD conflicts.
Compliant Risk Management
The goal of any organization is to efficiently deliver Compliant Access which is “position appropriate” and adheres to an organization’s “business policies” concerning risk. Compliant Access enhances an organization’s Zero Trust strategy by adding risk policies into the equation to determine if least privilege ‘level’ would produce unacceptable risks. Identifying such cases allows an organization’s risk control owners to make informed decisions whether to accept risk and apply mitigating controls or to reject them. EmpowerID’s risk engine supports both preventive and detective SOD simulation and validation with friendly dashboards and workflow processes to automate remediation and revocation.
See Also