cancel
Showing results for 
Search instead for 
Did you mean: 

SAP Application User provision based on Application Role via Entra ID

Parin
Discoverer
0 Kudos

Hi Team,

As SAP IDM is expected to retire soon in the coming years, wanted to know possibility of it being replaced by Entra ID ( azure AD).

SAP IDM and SAP applications including security components - SAP GRC and IAG are very well integrated with each other as they are a part of same family.

Wanted to know if Entra ID can replace SAP IDM , with respect to tasks like :

1. Informing SAP IPS system to provision users to target application based on approval/deny event from SAP GRC or SAP IAG.

Is this possible with Entra Id ? How does the SAP Application role information flow from SAP GRC / IAG to Entra ID is it even possible ?

 

View Entire Topic
dyaryura
Active Participant

Hi Parin

I still think there's a journey to take on this for a full replacement but to support your idea you can have a look at this:https://community.sap.com/t5/technology-blogs-by-sap/preparing-for-sap-identity-management-s-end-of-...

Regarding the scenario you're mentioning "1. Informing SAP IPS system to provision users to target application based on approval/deny event from SAP GRC or SAP IAG.", I'd say that that should be achievable by IAG or GRC+IAG Bridge in general where you manage the approval process in either system and then IAG takes care of the provisioning to Cloud Target systems. This is currently achievable despite some limitations and current lack of functionalities of IAG.

If you are thinking about a real IdM solution with all its functionalities, probably i'll come from Microsoft using IPS with SCIM as is somehow mentioned in the post. Even SAP IdM didn't have some key IdM funcionalities developed like user reconciliation and require to create some custom code or leverage some RDS packages and adapt them.

Hope to hear other ideas

 

Thanks

Diego