cancel
Showing results for 
Search instead for 
Did you mean: 

SAP GRC vs Sailpoint for Access provisioning

sankar_reddy14
Participant
0 Kudos

Hi Team,

I am bit new to subject topic.

Could you please help some details in understanding of choosing the right tool between GRC ARM and SAilpoint ?

1) Where the differences comes in ?

2) Why to choose one tool over the other

3) Is it simply a customer call to choose one ?

4) Can sailpoint satisfy ARA also ?

Please advise some details on this.

Thank you.

Accepted Solutions (1)

Accepted Solutions (1)

former_member431321
Participant
0 Kudos

Hi Arabind Sankar,

Based on my knowledge, I would give answer for your question.

1) Where the differences comes in ?

- You may mean SAP GRC Access Control and Sailpoint IdentityIQ.

- GRC Access Control is a kind of Sod Risk Engine and IdentityIQ is a general IDM solution.

- GRC Access Control has provisioning capability for SAP systems. But SAP GRC Access Control can not satisfy all IDM requirements for enterprise, for example, provisioning for non-SAP systems and some major IDM functions like certification, analytics, etc.

2) Why to choose one tool over the other

- Both tools are needed. SAP recommends using IDM + Access Control together.

3) Is it simply a customer call to choose one ?

- You need to guide the customer to use both tools to satisfy their business requirements.

4) Can sailpoint satisfy ARA also ?

- NO. Sailpoint IdentityIQ actually have function for SOD control. But you have to register all SOD rules.

Hope it help.

dongsu.

sankar_reddy14
Participant
0 Kudos

Thanks a lot Dongsu.

Answers (2)

Answers (2)

Henrik1
Participant

To elaborate on dongsu's answer a little bit:

In effect, they are 2 different tools:

GRC is primarily to manage risk and compliance, i.e. risk analysis, emergency access etc. While it does have functionality to manage provisioning, I find it's lacking in terms of flexibility for full user life cycle management.

SailPoint is a tool that is built around user life cycle management, and have since added an SoD engine as well. It does not as standard integrate with SAP GRC however.

So, if you're looking to manage risk, use GRC and if you're looking to manage identities and provisioning, use an IdM system. SailPoint is just one of many.

Your choice of IdM system will depend on many factors. Also, I have seen many clients choose a hybrid approach, with SAP IdM managing the SAP landscape and SailPoint (or other) managing all other systems in the landscape.

SAP IdM is very good at managing the level of detail required for SAP provisioning and is relatively easy to set up.

So in short, there are many factors to consider when choosing your tools.

Happy to elaborate further if you have any other questions/ comments

barry_cag
Member
0 Kudos

SailPoint can integrate with GRC AC. Provisioning can initiate within SailPoint and generate access requests within GRC for SoD Analysis. SailPoint can become a central ID and access provisioning tool. GRC will own and manage access. Using both is of significant value, as they do play nicely 🙂

I recommend using both so users and administrators do not need to manage accounts in 2 separate systems.