The Identity Blog

SAP Cloud Identity Access Governance (IAG)

Overview and Updates

SAP’s new innovation for Access Governance is the SAP Cloud Identity Access Governance (IAG). SAP Access Control 12.0 release was a huge success. SAP’s latest release is all about innovations in the SAP Cloud Identity Access Governance application. Being a multi-tenant solution SAP Cloud Identity Access Governance (IAG) is built on top of SAP Business Technology Platform (BTP) and SAP’s proprietary HANA database.

Major Product Enhancements Planned:

  • For advanced financial closing, integration with SAP Concur, SAP Sales Cloud, SAP Service Cloud, SAP Intelligent Asset Management, SAP S/4HANA.
  • Access Risk Analysis through SCIM Interface for Non-SAP Cloud Applications.

SAP Cloud Identity Access Governance (IAG) 2108

This version is released with product enhancements in areas like customizing workflows for access management, additional properties to support OAuth 2.0 Authentication for SAP Success factors, and support for provisioning universal unique ID (UUID) for SAP S/4HANA.

SAP Cloud Identity Access Governance (IAG) 2105 

This version is released with enhancements in areas namely, extending User Access Review (UAR) for cloud solutions to SAP Access Control through the AC-IAG Bridge Scenario.

Presently, customers can integrate non-SAP solutions based on an Open System for Cross-Domain Identity Management (SCIM) with the release of SAP Cloud Identity Access Governance (IAG) 2102.

SAP Cloud Identity Access Governance (IAG) gives out-of-the-box integration with SAP’s latest cloud applications. They are SAP Ariba, SAP Success Factors, SAP S/4HANA Cloud, SAP Analytics Cloud, and a few other cloud solutions with much more SAP and non-SAP integrations on the roadmap.

SAP Cloud Identity Access Governance (IAG) helps customers achieve access control and governance through the following key services:

Access Request

Through this service, the customers are provided with the opportunity to utilize self-service access request forms for users and also role provisioning into the Cloud applications. Along with the power of a workflow-driven access provisioning mechanism with any other features.

Role Design

The users are allowed to design access roles with the power of Machine Learning (ML) based algorithms to optimally refine and define the necessary roles with a bottom-up approach.

Access Certification

This service is there in the Cloud Identity Access Governance (IAG). It provides the option to certify access spread across multiple cloud solutions as it allows reviewers to regularly audit and certifies the roles that are assigned.

Access Analysis

This service is an application meant for security administrators and compliance teams. It analyzes access risks across cloud applications and refines or remediates access as per the auditory requirements.

IAG Release 2005: A risk rule set library that detects access needing Segregation of Duties in SAP Cloud applications namely SAP S/4HANA Cloud, SAP Ariba, and SAP Success factors has been released. 

Privileged Access Management

This service is provided in the Cloud Identity Access Governance (IAG) solution. It monitors, reports, audits, and takes action against any critical access in a critical environment like a Cloud application.

SAP DevOps maintains Cloud Identity Access Governance (IAG). It is in charge of constant upkeep, maintenance and also pushing in new enhancements.

Privileged Access Management (PAM) is currently beta-released (for ABAP connectors) in the new IAG 2005 release. It is for Privileged Access provisioning and privileged/emergency access monitoring (Firefighter) through the Cloud IAG application.

SAP Access Control-IAG Bridge

SAP Access Control-IAG bridge is the widely discussed feature of Cloud Identity Access Governance (IAG). It provides customers with the flexibility of continuing to use their existing SAP Access Control 12.0 environment as the primary system for Access Control. The IAG bridge takes care of the Access Control services or applications for the cloud environment.

SAP Contacts

The SAP Max Attention/Active Attention customer can contact the Technical Quality Manager (TQM) to know more about the SAP service offerings. For solution and service subscriptions the existing SAP customers can get in touch with the SAP Account Executive (AE).

Write a comment