Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Management
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
Bedrock Managed Service
Scalable support and on-demand expertise that seamlessly integrates with your existing operations.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Partners
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social ResponsibilityCSR
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Careers
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Blogs
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
16 October 2024

How to bring SAP into an organisation-wide identity strategy

The discontinuation of SAP Identity Management (IdM) is the perfect opportunity to revisit your entire identity strategy, and improve your overall business processes, security posture, and performance. In particular, it’s a chance to look at the bigger picture and invest in an enterprise IGA solution that handles access and identity control across SAP and non-SAP applications.  

We believe that for the majority of organisations full integration and the ability to see every identity through a single pane of glass is the way forward, but getting this right requires a carefully planned strategy encompassing processes, people and technology. This blog will explore why an integrated identity strategy will benefit your business and how to approach it. 


Why is integration so beneficial? 

Because enterprises have so many applications other than SAP to look after as it is, SAP has often been left separate and treated as a ‘black box’. Its perceived complexity, its integration challenges, and the siloed nature of SAP teams mean that it’s often left out of improvement plans. 

But contrary to popular belief, SAP can absolutely be comprehensively integrated into enterprise IGA solutions. Showcasing successful case studies and highlighting vendor partnerships that improve compatibility can help dispel this assumption. But it is also important to emphasise best practices for managing customisations, provide training and resources for Identity and SAP Security teams, and promote the continuous advancement of integration technologies. By focusing on these areas, organisations can illustrate that effective integration is not only possible but also increasingly attainable. 

Ultimately, the integrated approach enables benefits on a number of different fronts, including: 

  • Cost efficiency: a consolidated approach is more cost-effective and can help unlock funding for more success in the future. 

  • Operational efficiency: smoother experiences can improve productivity and satisfy users, without compromising security along the way. 

  • Enhanced security posture: Cloud adoption with S/4HANA and RISE requires tighter SAP and identity integration due to a dissolving security perimeter, which is where coordination and a single source of truth can reinforce strong security measures. 

  • Knowledge sharing: bringing SAP and Identity teams closer together allows them to pool their expertise in mutually beneficial ways. 

 

Identify key outcomes and assess maturity 

So, what’s the best way forward for your strategy? We suggest starting with the identification of desired outcomes and necessary capabilities, and then using those to influence your solution selection process. 

We recommend the following approach: 

  • Define the endgame: work out what your future identity fabric will (or should) look like in ten to fifteen years from now. 

  • Assess your set-up and maturity: identify the current state and necessary changes across the estate. 

  • Agree on a direction: ensure that all teams and stakeholders buy into the overall vision, with an in-depth analysis of requirements that involves both SAP and Identity teams. 

You should also consider several other important factors from a systems perspective: for example, the complexity of your SAP and non-SAP estates and what will need to be configured and migrated. It’s also worth considering the breadth and depth of integration required for all target systems; and the current security capabilities of enterprise and SAP applications to identify what needs to be augmented or integrated. 

 

Focus on capabilities

With your key outcomes and direction decided, you can then begin to work out what your integrated solution should look like in practice, ideally by focusing on the capabilities you need rather than the solutions themselves. For example: 

  • Lifecycle management: how can you meet future lifecycle management needs in SAP across automation, cost reduction and risk removal? 

  • Access governance: can you certify access appropriateness through a risk-based approach rather than an all-in, tick-box approach? 

  • Authorisation management: how can you enable an appropriate role-based access concept, so that it’s an easily discoverable and requestable object in any IGA solution or IP service management solution? 

  • Access Risk Management: how can you maintain a fundamental set of rules and permissions to control the risk of fraud, financial manipulation, access to sensitive and highly-private data, and minimise the impact? 

  • Privileged Access Management: how can you retain some of your ABAP-based Firefighter capabilities for S/4HANA in the cloud, and control and manage other dimensions around BTP in an audited way? 

You may have all or none or some of these capabilities in order to meet your future security posture needs. But either way, you need to have a clear view of and track all of them as part of your roadmap development. 

 

Define key roles and responsibilities 

From here, you can start to redefine your Identity and SAP Security teams’ roles and duties. In an ideal world, these new responsibilities should look something like this: 

Identity Team 

SAP Security Team 

Providing support and training on the new enterprise IGA solution 

Managing all SAP roles, profiles and entitlements 

Sourcing integration and attribute configuration 

Managing SAP Segregation of Duties policies 

Monitoring and reporting 

Working with business and audit teams 

Coordinating with owners of non-SAP applications 

Reporting on SAP certifications and compliance 

 

Driving SAP RBAC modelling for the enterprise teams 

 

Bringing it all together: partnering with experts for change 

With so much to reconfigure and reconsider, this migration represents a big technological and organisational change. That means that a carefully planned migration is absolutely essential for success - and that’s where Turnkey’s expertise and an enterprise IGA solution like SailPoint’s come in. 

Turnkey has 15 years of success delivering identity and access management projects, and 20 years of success with SAP projects, making us an ideal consultation and advisory partner across strategy, road mapping, vendor selection, implementation and ongoing management. With our expertise – and ability to provide a fully managed service for the new solution – we can help ensure your SAP and identity teams come together and implement the right technology and business changes for your specific long-term goals. 

SailPoint’s enterprise IGA solution gives you a 360-degree view of identity, enabling full visibility of which identity has which type of access across your entire organisation from a single pane of glass. This is dovetailed by Turnkey’s end-to-end expertise in identifying organisational maturity and needs, all the way to planning and even managing implementation and the ongoing running of the new solution. 

Get more in-depth expertise on building an organisation-wide identity strategy by registering for our upcoming webinar here.