SAP Access Control

Manage compliance-compliant access to all SAP applications in your IT landscape with the help of appropriate authorizations

How to connect third-party applications to SAP Access Control

Distribute authorizations

Identify and avoid risks

Map workflows flexibly

 

What is SAP Access Control?

SAP Access Control focuses on the traceable management and consistent distribution of users and authorizations throughout their lifecycle – assignment, repeated adjustments, deletion. The solution enables you to flexibly map your individual workflows so that required user accounts, roles and authorizations can be assigned in a rule-based and automated manner. All changes to authorizations and user data are logged traceably. In addition, emergency access (EAM) can be created via the firefighter workflow to minimize economic damage.

The risk analysis of users and authorizations helps to avoid SoD conflicts and to significantly increase security in applications. Already during the role application via Access Request, it is calculated which risks will arise from new authorizations. The approver can directly store a mitigation to eliminate the resulting risk.

SAP GRC Access Control as part of Identity & Access Management

SAP Access Control is a product to identify risks, minimize risks and automate workflows.

  • Access Request Management
  • Access Risk Analysis
  • Emergency Access Management (EAM)
  • Business Role Management (BRM)
SAP Access Control | IBsolution

SAP Cloud Identity solutions enable authentication (IAS), single sign-on (SSO) and provisioning (IPS) against SAP cloud systems. SAP Cloud Identity Access Governance (IAG) provides the ability to manage workflows, risk checks and emergency access. Especially in a hybrid system landscape and in the communication between on-premise and cloud systems, the products ensure complete integration.

  • SAP Cloud Identity Access Governance

  • SAP Identity Provisioning Service

  • SAP Identity Authentication Service

Click here for SAP IAG

SAP Cloud Identity | IBsolution

SAP Identity Management focuses on the traceable management and consistent distribution of digital identities throughout their lifecycle – assignment, repeated adjustments, deletion. The SAP IdM solution makes it possible to flexibly map individual workflows so that required user accounts, roles, and authorizations can be assigned in a rule-based and automated manner.

Click here for SAP Identity Management

SAP Identity Management | IBsolution

Single sign-on enables end-to-end authentication against SAP and non-SAP applications. Central management of access data increases security, as only one user ID is required for all applications. This means that passwords can be made truly secure without restricting user convenience too much. Constantly changing passwords for each application is a thing of the past, and password resets are minimized. You also avoid duplicate administration efforts in your IT and free up valuable resources.

Click here for SAP Single Sign-On

SAP Single Sign-On | IBsolution

 

The functionalities of SAP Access Control

Identify and minimize risks

With SAP Access Control, you manage legally compliant access to all SAP applications in your IT landscape. This includes, among other things, a cyclical and demand-driven check for risks in SAP authorizations, the management of business roles, and the use of processes to map the entire user lifecycle in compliance with SoD rules.

Risk analysis in SAP Access Control uncovers risks inherent in the user role set. Risks arising from future role assignment can also be simulated.

Avoid risks proactively

Conflicts of segregation of duties and other risks can already be identified and minimized or even prevented during the assignment processes. The risks of the requested roles are displayed directly to the approver, or even simulated with the roles already assigned. This prevents risks from arising in the first place. Security is also proactively increased in interaction with SAP Identity Management.

Manage emergency access

Unexpected disruptions in operation are resolved in a business process-oriented and traceable manner through the use of specialized emergency users. The use of SAP_ALL is thus explicitly avoided.

Emergency users (firefighters), who have extended authorizations, can be used for troubleshooting. A workflow guarantees the logging of the session and the subsequent approval by a responsible person. The emergency user concept is thus mapped in a fully comprehensive and compliance-conforming manner.

SAP Access Control comprises four main modules

Access Risk Analysis

Access Risk Analysis (ARA) provides ad hoc audits and cyclic audits of users and roles to identify and eliminate segregation of duties conflicts.

Access Request Management

Access Request Management (ARM) can be used to request users and authorizations. In combination with risk analysis, the requests are proactively checked for risks.

 

Business Role Management

Business Role Management (BRM) allows efficient and risk-checked administration of business roles. General authorizations can thus be assigned automatically and without risk.

Emergency Access Management

Real emergency situations are managed and logged with Emergency Access Management (EAM). In this way, downtimes in business processes can be minimized and resolved in a traceable manner.

SAP GRC Access Control | IBsolution

 

Integration of SAP Identity Management and SAP Access Control

SAP Identity Management and SAP Access Control focus on the traceable management and consistent distribution of digital identities throughout their lifecycle – assignment, repeated adjustments, deletion. The interaction of the two solutions enables you to flexibly map your individual workflows so that required user accounts, roles and authorizations can be assigned in a rule-based and automated manner. All changes to authorizations and user data are logged in a traceable manner. In this way, SAP Identity Management and SAP Access Control make an important contribution when it comes to adhering to legal and internal compliance regulations.

Power Workshop for SAP Access Control

Whether you want to introduce SAP Access Control for the first time or expand your existing system − with our Power Workshop, you benefit from de facto standards that we adapt step by step to your individual requirements. Together, we develop your implementation roadmap, on the basis of which you can realize all desired functions.

Learn more

More SAP Identity & Access Management solutions

SAP Identity Management | IBsolution

SAP Identity Management

SAP Identity Management focuses on the traceable management and consistent distribution of digital identities throughout their lifecycle – assignment, repeated adjustments, deletion.

Learn more
SAP Cloud Identity | IBsolution

SAP Cloud Identity Access Governance (IAG)

With an intuitive Fiori interface and interactive dashboards, SAP Cloud Identity Access Governance (IAG) is the central solution to manage user and authorization processes as well as audits and business role management.

Learn more
SAP Single Sign-On | IBsolution

SAP Single Sign-On

SAP Single Sign-On enables end-to-end authentication against SAP and non-SAP applications. Central management of access data increases security, as only one user ID is required for all applications.

Learn more

Would you like to learn more about the benefits of SAP GRC Access Control?

Simply complete the form and submit it. We look forward to receiving your inquiry.