Introduction to SAP Cloud Identity Access Governance (IAG)
SAP Cloud Identity Access Governance (SAP IAG) is a SaaS (Software as a service) application built on SAP Business Technology Platform (BTP). Although it offers features that are comparable to SAP GRC Access Control, it will not replace Access Control.
It provides out of the box integration with existing on-premise ECC applications along with latest cloud applications such as Ariba, SuccessFactors, S/4HANA, Analytics Cloud and other cloud solutions with many more SAP integrations on the roadmap. It helps customers achieve access control and governance through the below key services:
Access Analysis, Role Design, Access Request, Access Certification and Privileged Access Management.
I'll guide you through the Access Certification service in this blog post.
What is Access Certification Service?
Access certification service is used for periodically reviewing and certifying access to business applications in the cloud and on-premises area. It ensures that users have optimized access based on their designation.
The Managers and designated reviewers validate access to business applications. Periodic review process can be carried out for single roles, composite roles, business roles, profiles, and SAP SuccessFactors static groups.
Responsibilities of Campaign Administrators, Coordinators and Reviewers
Administrator – is responsible for creating and editing campaigns.
Coordinator – is responsible for coordinating campaign activities, for example, reassign items, remind reviewers, escalating to the reviewer's manager etc.
Reviewer – is responsible for approving/rejecting user access during review stage.
Access required for Campaign Administrators, Coordinators, and Reviewers.
User | Role collections on BTP | User groups on IAS |
Campaign Administrator | CIAG_Access_Certification_Admin | IAG_CPG_ADMIN |
Coordinator | CIAG_Access_Certification_Coordinator | IAG_CPG_CO |
Reviewer | CIAG_Access_Certification_Reviewer | IAG_CPG_REVIEWER |
Note:
IAG_WF_ADMIN - Users assigned to this group can receive and work on access certification review items in the security stage.
IAG_WF_DEFAULT - When managers or role owners are not available, the task of reviewing a user’s access is forwarded to members of this group.
Access Certification Service apps
Below are the apps available on the launchpad for the access certification service.
How to create campaigns - Campaign administrators use the Create Campaigns app to create, edit, and submit campaigns.
How to Manage Active Campaigns - Campaign coordinators use the Manage Active Campaigns app to see the overall status of campaigns assigned to them. They can close an existing campaign, reassign tasks to a different reviewer, or remind a current reviewer of items to evaluate.
How to Manage Campaign Reviewer Inbox - Campaign reviewers use the app Manage Campaign Reviewer Inbox app to review and approve the review requests.
What does Access Certification Audit Log app contain?
Every campaign is listed in the audit log. This app can be used by anyone handling access certification campaigns to verify the steps that have been performed. Utilize the search function to locate particular campaigns.
What does Access Certification Campaign Log app contain?
Details about that campaign's log history are shown in the app. This covers any messages that are generated while the request creation process is run. Furthermore, the app assists you in confirming that the steps have been generated correctly.
Conclusion
I would like to conclude saying that, IAG - Access Certification service help organizations reduce losses from unforeseen risk (fraud, access risk) - by performing periodic access reviews for users.
It lowers compliance and risk management costs by empowering the business with automated user access management and efficient, cost-effective access audits.
References
Product Overview | SAP Help Portal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
12 | |
9 | |
8 | |
8 | |
7 | |
7 | |
7 | |
5 | |
5 | |
4 |