cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP GRC vs Sailpoint for Access provisioning

Go to solution
Sankar_Aravind
Participant

on ‎2022 Feb 02 9:17 AM

0 Kudos
3,435

Hi Team,

I am bit new to subject topic.

Could you please help some details in understanding of choosing the right tool between GRC ARM and SAilpoint ?

1) Where the differences comes in ?

2) Why to choose one tool over the other

3) Is it simply a customer call to choose one ?

4) Can sailpoint satisfy ARA also ?

Please advise some details on this.

Thank you.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

former_member431321
Participant
‎2022 Feb 09 6:00 PM
0 Kudos

Hi Arabind Sankar,

Based on my knowledge, I would give answer for your question.

1) Where the differences comes in ?

- You may mean SAP GRC Access Control and Sailpoint IdentityIQ.

- GRC Access Control is a kind of Sod Risk Engine and IdentityIQ is a general IDM solution.

- GRC Access Control has provisioning capability for SAP systems. But SAP GRC Access Control can not satisfy all IDM requirements for enterprise, for example, provisioning for non-SAP systems and some major IDM functions like certification, analytics, etc.

2) Why to choose one tool over the other

- Both tools are needed. SAP recommends using IDM + Access Control together.

3) Is it simply a customer call to choose one ?

- You need to guide the customer to use both tools to satisfy their business requirements.

4) Can sailpoint satisfy ARA also ?

- NO. Sailpoint IdentityIQ actually have function for SOD control. But you have to register all SOD rules.

Hope it help.

dongsu.

Show replies
Show replies
Sankar_Aravind
Participant
‎2022 Feb 10 9:03 AM
0 Kudos

Thanks a lot Dongsu.

Answers (2)

Answers (2)

Henrik1
Participant
‎2022 Feb 10 10:28 PM

To elaborate on dongsu's answer a little bit:

In effect, they are 2 different tools:

GRC is primarily to manage risk and compliance, i.e. risk analysis, emergency access etc. While it does have functionality to manage provisioning, I find it's lacking in terms of flexibility for full user life cycle management.

SailPoint is a tool that is built around user life cycle management, and have since added an SoD engine as well. It does not as standard integrate with SAP GRC however.

So, if you're looking to manage risk, use GRC and if you're looking to manage identities and provisioning, use an IdM system. SailPoint is just one of many.

Your choice of IdM system will depend on many factors. Also, I have seen many clients choose a hybrid approach, with SAP IdM managing the SAP landscape and SailPoint (or other) managing all other systems in the landscape.

SAP IdM is very good at managing the level of detail required for SAP provisioning and is relatively easy to set up.

So in short, there are many factors to consider when choosing your tools.

Happy to elaborate further if you have any other questions/ comments

Show replies
Show replies
barry_cag
Newcomer
‎2022 Jul 12 4:31 PM
0 Kudos

SailPoint can integrate with GRC AC. Provisioning can initiate within SailPoint and generate access requests within GRC for SoD Analysis. SailPoint can become a central ID and access provisioning tool. GRC will own and manage access. Using both is of significant value, as they do play nicely 🙂

I recommend using both so users and administrators do not need to manage accounts in 2 separate systems.

Show replies
Show replies
Ask a Question