Financial Management Blogs by SAP
Get financial management insights from blog posts by SAP experts. Find and share tips on how to increase efficiency, reduce risk, and optimize working capital.
Showing results for 
Search instead for 
Did you mean: 
Product and Topic Expert
Product and Topic Expert

This third blog on the “What is really SAP Governance, Risk, and Compliance (GRC)?” series will focus on the identity and access governance aspects of the portfolio.


Optimizing digital identities across the enterprise


In most cases, supporting the increasing number and complexity of enterprise applications, but also the different types of authorization models, is mostly done by applying manual administrative processes.

This often leads to a lack of visibility into user authorizations and access risks but also an inability to prevent access risk violations.

To be able to effectively manage this process, companies need consistent user and access management across all applications – including in growing hybrid landscapes, with strict compliance needs in segregation of duties for business-critical and financial applications.

This is precisely why the SAP solutions for Identity and Access Governance have been designed: to provide the key capabilities to manage system accounts and help ensure the correct authorization assignments.


SAP Access Control – Detect and remediate access risk violations


Features and functionalities:

* Analyze risk to find and remediate segregation of duties and critical access violations

* Provision users to automate access administration for enterprise applications

* Maintain roles in business terms

* Certify authorizations to ensure that access assignments are still warranted

* Monitor privileges including emergency access and transaction usage


SAP Cloud Identity Access Governance – Simplify access management in complex Cloud and OnPremise environments


Features and functionalities:

* Access analysis to refine user assignments and manage controls

* Role design to optimize role definition and streamline governance

* Access request to optimize access, workflows but also policy-based assignment

* Access certification by reviewing access, roles, risks, and mitigating controls

* Privileged access management to achieve account-based access, log consolidation, and review with automated log assessment


SAP Identity Management – Cover the entire identity lifecycle, business-driven and compliant


Features and functionalities:

* Hiring to enable new employees to log on to all relevant systems, including access to employee self-services

* Substitution to answer the question of who has adequate permissions to fill-in for a co-worker

* Promotion & new position to automatically adjust permissions if someone is promoted to a new position

* Resignation & termination to make sure that all accesses are removed for the particular employee immediately if they leave the company


SAP Single Sign-On – Secure authentication, single sign-on and more


Features and functionalities:

* Productivity to enable end-users to focus on business tasks instead of manual authentication

* Secure authentication to reduce exposure to cyber-attacks by mitigating the risks of insecure passwords

* Simplicity to quickly implement a foundation for secure access and extend it over time

* Landscape security to enable secure communication with certificate lifecycle management and encryption


SAP Dynamic Authorization Management by NextLabs – Enhance security for data and business applications


Features and functionalities:

* Automate controls with single policy platform to centralize and automate data and application security

* Secure access for consistent and on-the-fly access enforcement with dynamic authorization

* Prevent violations to minimize fraud but also prevent compliance and security violations

* Gain insight to monitor data and application activity


SAP Access Violation Management by Pathlock (formerly known as Greenlight) – Manage and control access risk and assess its financial impact


Features and functionalities:

* Extend the capabilities of SAP Access Control across enterprise systems

* Notify business owners when segregation of duties violations are executed

* Monitor to correlate business transactions to users to identify materialized segregation of duties violations

* Report for a summary of the financial exposure due to segregation of duties violations

I hope this helps in introducing the Identity and Access Governance offering from SAP’s Governance, Risk, and Compliance portfolio.

As a reminder, you can find all the other blogs in this series listed below:

I look forward to reading your thoughts and comments either on this blog or on Twitter @TFrenehard