Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
Showing results for 
Search instead for 
Did you mean: 
Over the last couple of years, we have seen a shift in the corporate IT landscapes to bring more and more business functionality to the Cloud, with impacts the way how you manage digital identities in the hybrid world.

It is imperative that you not only provision users with their roles, groups and entitlements, but also have a concept to ensure compliance and risk awareness along that way.

SAP Cloud Identity Access Management (IAG) is the tool of choice to ensure compliance, remove risks of segregation of duties (SOD) in hybrid on-premise and cloud environments and manage the lifecycle of digital identities across the complete corporate infrastructure.

Principles you might know from SAP Access Control have been adapted and extended to Cloud application in order to bring customers a seemless experience regardless of the different authorization concepts and deployment models.

In 2021 we have extended the functionality of SAP Cloud Identity Access Governance with Privileged Access Management for S/4HANA, which allows customers to have a cloud-based elevated access management process with embedded compliance reviews of the activities the firefighter has performed in the business system. This closes the last major functional difference between the on-premise version of SAP Access Control and SAP Cloud Identity Access Governance.

As customers have a broad choice of cloud products it gets more and more important to extend the reach of identity access governance applications beyond the SAP ecosystem. SAP Cloud Identity Access Governance makes it easy to adopt to industry best practices when it comes to extension points. With the recently added support for systems that support the SCIM (System for Cross-domain Identity Management) interface it is easier than ever before to connect to non-SAP system and include them into the access compliance activities.

To support intelligent Enterprise scenarios better, you can now also trigger access requests in IAG via an API interface, which allows you not only to process the HR-triggers of employee events but also embed IAG into IDM processes that origin in non-SAP environments, by that enabling an ecosystem and making hybrid environments possible.

In our Video we highlight those and other exciting new SAP Cloud Identity Access Governance functionalities.


As a summary: SAP Cloud Identity Access Governance has significantly enhanced its capabilities to manage identity compliance processes for Cloud products in the releases 2105 and 2108. Stay tuned for more features to come in the rest of the year.

Your Voice Matters!

If you want to learn more and actively engage with SAP subject matter experts on SAP Cloud IAG, join our SAP Community. The community brings together  customers, partners and SAP experts and has a clear mission: deliver an interactive community to engage with one another about best practices and product solutions.

You will also find more information in our Q&A section for the SAP Cloud Identity Access Governance