Technology Blog Posts by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Quick enablement of SAP Cloud Identity Access Governance with IAG QuickStart Service

Elvira_Khuzina
Associate
Associate
2 weeks ago
592

Quick enablement of SAP Cloud Identity Access Governance with IAG QuickStart Service

You can streamline access management for both cloud-based and on-premise applications by implementing SAP Cloud Identity Access Governance (IAG) containing Access Analysis Service, Access Request Service, Role Design Service, Access Certification Service and Privileged Access Management Service. The configuration of SAP Cloud IAG can be subdivided in two main parts: basic steps relevant to all customers and steps that include individual settings. SAP Services offers the IAG QuickStart Service to simplify and speed up performance of the first part providing the initial setup and the technical baseline configuration in a short timeframe using SAP Best Practices content. The scope of the service includes the configuration of two target applications (incl. their productive as well as non-productive tenants) and a knowledge transfer session.

How IAG QuickStart Service is performed?

1. Questionnaire

Initially, SAP Services sends to a customer a questionnaire about technical data, required technical users and system hostnames. The information provided will be later used for automatic configuration.

2. Ensure prerequisites

As prerequisites, the customer must provide network configuration and additional configuration required, e.g., SAP Cloud Connector and SAP Cloud Identity Services (SCI). These activities are out of the scope of the IAG QuickStart Service itself. Using SCI with SAP Cloud IAG is mandatory, in case it is not in place yet and the customer doesn’t have resources or knowledge to configure it, SAP Services can support as well with its dedicated SCI service offerings.

3. Automatic and manual SAP Cloud IAG configuration

This stage includes the initial setup and technical baseline configuration, as well as setting up the connection to two target systems. Using scripts allows to significantly reduce time of the basic configuration steps.

SAP Services utilizes those scripts that run on the basis of technical information provided by the customer, aiming to accomplish the following tasks:  

  • Setup of SAP Cloud IAG subaccounts
  • Setup of SAP Identity Authentication Service (IAS) standard groups for workflow and authorization purposes
  • Establish trust between SAP Cloud IAG and SAP IAS
  • Setup of SAP Cloud IAG standard destinations
  • Setup of IPS proxy systems
  • Setup of target system destinations for two applications (excluding prerequisite steps in target systems and connectivity). We recommend selecting IAS as one of the two target systems.

4. SAP service incident

SAP Services will create required SAP incidents on customer’s behalf, e.g., to upload SAP standard ruleset to SAP Cloud IAG.

5. Knowledge transfer and hand-over

SAP Services provides a configuration document, conducts a knowledge transfer workshop and hands over the preconfigured solution to the customer.

What is the outcome of the service and further steps?

As a result, the customer obtains a basic configuration that facilitates rapid activation of SAP Cloud IAG such that the customer can focus on configuring the functional aspects. After the service hand over, the customer can configure SAP Cloud IAG functionality according to company needs and test scenarios. Here as well SAP Services can support using their long-lasting SAP Cloud IAG project experience from many other customer projects.

Labels in this area
Popular Blog Posts