SAP IDM – Introduction

These days Organizations are in great pressure of increasing the speed of deploying new apps and systems in their global network to achieve the context of e-Business with partners and customers. One of the extreme challenge facing here is gathering the information of Identity of the resources which are distributed across multiple and incomparable sources.

The main objective as per Identity Management definition is to centralize and update all Identity data within the enterprise. Normally this Identity data is stored and managed individually in each application, this require manual maintenance on each app leads to inconsistency and low data quality. Considering these factors SAP has launched a wonderful product SAP IDM i.e. SAP Identity Management.

In Detail

Looking for Identity Management solutions is a challenge for most organizations today: The larger number of applications in the organization, the greater the challenge. It is important for user to present his or her identity to get access to many ICT (Information and Communication Technology) applications with in the organization. Examples include the various operating systems, the HR (Human Resources) system, CRM (Customer Relationship Management) systems, databases, directories, physical access management control systems, e-mail systems and support systems.

Multiple access is consolidated and liked to each other via sap idm rest api to achieve Single sign-on via SAP SSO i.e. SAP Single Sign On. This is done by setting up SAP SSO Server and doing SAP SSO Configurations and setting up SAP IDM Security under SAP Securities. Which is further linked to SAP Authorisations.

Each one of the existing applications within the organization usually has its own identity management theory,they all  have own database to store and manage user information , such as user authentication details (i.e. user id and password is needed for access to the application) & authorization details (that is required access levels to the application data). Each application has its own standard protocol to store and manage user authentication. Mostly each applications are unknown to each other, Identity data must be maintained manually for every application.

Every time a new employee joins the organization, he or she must be manually added to every required application. The same is valid when an employee has to change their position (or role) within the organization. Access to new applications is required, as well as changing (or revoking) the access rights to existing applications.

Main problems

  • High maintenance cost A system with many manual operations will have a high maintenance cost. For every new employee or employee moving within the organization, many manual interventions are usually involved. This multiply with number of applications. Also manual steps are time-consuming and human errors.
  • Complexity The complexity of the system is high. It is difficult, or even impossible, to get an overview of all employees, to find the correct information about them & what access rights they have to various applications with in the organization. This complexity will also lead to errors when entering the information, like duplicate entries for the same person.
  • Security risks There are security risks the major one is employees separating from the organization and forgot to revoke access to few applications, if they have to be manually and individually revoked. Thus there should be an SAP IDM or Identity Management System in general as to prevent this situation. Even people transferring within the organization may present a risk: they will normally be granted the access rights of the new position within the organization, however the previous access rights might not be revoked. Another security risk is that since there are manual procedures involved, human errors may cause security flaws.