|
Getting your Trinity Audio player ready...
|
When a software firm announces end-of-life support for a key software solution, the event often signals a difficult transition ahead for IT and cybersecurity leaders. But when SAP announced end-of-life support for SAP Identity Management (IdM), they paired it by also announcing a collaboration to position Microsoft’s Entra ID (previously Azure AD) as a replacement for SAP IdM. (SAP IdM will reach end-of-life in 2027; extended maintenance will remain available until 2030.) Last year, Microsoft announced the official product integration, including Protiviti as a services and integration partner for deploying Microsoft Entra with SAP applications.
SAP customers will be able to migrate their current identity management scenarios directly into Entra ID. This collaboration between Microsoft and SAP holds great potential for any enterprise seeking to modernize its identity management program and makes now an ideal time to learn more about Entra ID.
As a trusted partner of both SAP and Microsoft, Protiviti presented a webinar to discuss the importance of identity management and governance to any organization and to describe the challenges of identity management in the SAP system landscape. The webinar explored some of Entra ID’s key components, with a spotlight on Entra Identity Governance’s latest capabilities. Protiviti demonstrated how Entra ID can be used to manage identity and access lifecycle management and leverage these capabilities to secure SAP.
Identity and access management (IAM) solutions are critical components of a comprehensive cybersecurity program. Integrating SAP applications with Microsoft Entra ID will streamline the identity and access lifecycle through direct integration with HR systems such as SuccessFactors, where tasks can be automated for any stage of the employee lifecycle including pre onboarding, post offboarding and provide seamless outbound provisioning and deprovisioning to the applications your employees need – whether they are cloud based, or hosted on premise. With Entra ID as an organization’s central IDM tool, it is possible to quickly implement role-based access control (RBAC) designed with least privilege, automate user access and integrate with complex environments – including cloud and legacy on-premises applications – that help organizations meet security and compliance challenges across the enterprise.
User provisioning, transformed
One example scenario helps illustrate the benefits of Entra ID for integrated identity and access management. Consider the steps to create a new employee’s user account for SAP Integrated Business Planning (IBP) for Supply Chain.
Before Entra ID, a typical process may be the following:
- HR creates a new employee in the HR system.
- HR creates an IT service ticket for a new user ID.
- IT reviews the ticket.
- IT creates a user ID in IBP by manually copying data from the service ticket.
- IT downloads identity data from IBP and uploads it to SAP Customer Information System (CIS).
- IT uses CIS to email the initial password to the user.
- Finally, the end user logs in to IBP.
This process could take several days, even if the segregation of duties validation is neglected.
After integrating with Entra ID, the refined process is simplified and automated:
- HR creates a new employee in the HR system.
- Changes made in the HR System are automatically synced to Entra ID, which triggers user provisioning and sends data to CIS — which then sends it to IBP, while also creating the user ID — in a single automated step.
- The end user logs into IBP using the Entra ID sign-in page with multifactor authentication.
The new process not only reduces the number of steps and time to complete the request, but it also reduces the opportunity for human error.
In this architecture, Entra ID only needs one connection point to SAP CIS to integrate with the rest of the SAP landscape. Enterprises with SAP and Microsoft in their systems portfolios will be pleased to learn they may already have access to Entra ID and CIS.
SAP’s collaboration with Microsoft will ease the transition from SAP IdM as it is retired over the next few years. By using Microsoft Entra ID with SAP CIS, enterprises will achieve the straightforward implementation of an IAM to replace SAP IdM, while also achieving more efficient, consistent and error-proof user provisioning and deprovisioning.
To learn more about our cybersecurity, Microsoft solutions and SAP services, contact us.
