This blog is part of a five-part series. I recommend starting here: Enterprise Security Services – Security for the Cloud Age We are now in the third category, Risk and Compliance, and I am leaving my home turf – technology. Nevertheless, this is an important topic. As a developer or administrator, you should be aware of the functionality available....

In this blog I will go through the steps to Integrate IAG with IAS. SAP Cloud Identity Access Governance is a cloud-based service for creating self-service requests to applications for on-premise and cloud source applications and systems. By connecting to the SAP Cloud Identity Access Governance solution, it enables Identity Authentication users to initiate access....

In this blog post you are going to learn step-by-step process with the help of screenshots on how to integrate SAP Analytics Cloud with SAP Cloud Identity Access Governance. For successful integration, you would need administrator access in SAP Analytics Cloud, SAP Identity Provisioning Service(SAP IPS), SAP Bussiness Technology Platform Cloud Foundry(SAP BTP CF) and....

Access Analysis plays a crucial role in IAG to provide several functionalities to manage the potential occurrence of risks and their proper handling. Ruleset is foundation of all these functionalities of Access Analysis. In this blog post, I have tried to provide answers to few questions regarding Access Analysis, which can be beneficial to those....

In this blog I will go through the steps to enable SAP Access Control 12.0 (on-premise) to use SAP Cloud Identity Access Governance as a bridge to facilitate creation of access requests, and performing risk analysis, for cloud applications. IAG bridge scenario is referred, if customer is using GRC system as primary System.If the customer....

In this blog I will go through the steps to Integrate IAG with SAP BTP Subaccount(Cloud foundry). This blog is not applicable for Neo Environment. The SAP Cloud Identity Access Governance solution offers multiple core services that help streamline identity and access management. You can use individual services independently or combine them with others. With....

What is Top-Down User Sync ? Top–down user sync is a process that allows user data from an external system to be synchronized with a user directory in an organization. This process can be used for directory synchronization, provisioning, and user access control. The top–down user sync process begins by gathering user data from an external source and then mapping the data to the user directory. The mapped data is then used to create user accounts, update existing user accounts, and delete user accounts as needed. This process can be automated using SAP Identity Provisioning Service(IPS) or manual processes (not recommended). The process is beneficial as it allows administrators to quickly and easily manage user access and user data across multiple platforms with complete automated way. Bring all your Users from External IAM System to SAP IAS The challenge of bringing users from an external IAM(Identity Authentication Management) system to SAP IAS(Identity Authentication Services) can be daunting. It requires an understanding of both systems and a complete workflow to ensure the process is seamless and secure. The first step is to determine the data needed to be transferred from the external system. This will depend on the use case and the specific requirements of SAP IAS. Once the data is identified, the next step is to create a Standard or SCIM connector for the external system. This connector will be used to transfer the data from the external system into SAP IAS. The connector will need to be tested thoroughly to ensure that the data is transferred accurately and securely before it is used in SAP IAS. Once the SCIM connector is tested and approved, it can be used to move the data from the external system into SAP IAS. When the data is in SAP IAS, it needs to be mapped to the appropriate fields within SAP IAS. This is done by creating custom mappings within the system. Once the mappings are complete, the data can be imported into SAP IAS and the users can be added to the system. Below is the typical flow of User Provisioning Sync   In this....

Systems are not adequately configured or updated to restrict system access to properly authorized and appropriate users. Control Description Access is authenticated through unique user IDs and passwords or other methods as a mechanism for validating that user are authorized to gain access to the system. Password parameters meet company and/or industry standards (e.g., password....

In this blog you will find detailed steps on how to configure and test the IAG Access Request APIs, which enable external applications to submit request to SAP Cloud Identity Access Governance (IAG) and search for specific entities that are required to create request. For more information, see Access Request API. Configuring the Access Request APIs....

This is the final part of the 3 blog posts about the reference architecture for Identity and Access Management scenarios: SAP Reference architecture for IAM – Employee provisioning  with Azure AD SAP Reference architecture for IAM – Employee provisioning  with SAP IAS SAP Reference architecture for IAM – HR Driven identity lifecycle management – Recruit-to-Retire (this....

This article is mainly for partners and customers who wants to automate internal & external users sync (on-boarding) to SAP IAS by using the below SCIM APIs from your external system or applications. I have listed out all the examples for you to understand.. This below flow makes you understand to automate Users Sync from....

In this blog post I am going to explain how you can bypass Azure AD when Azure AD is setup as the identity provider for SSO and identity federation is disabled. As I could not find the information I needed within appropriate time I want to share my limited knowledge on the topic with you.....

GRC Integration with SuccessFactors EC Using IAG Bridge Concept The below steps will provide the insight on how GRC AC will integrate with IAG and SAP SF EC for user creation and provisioning. Overview 1. Setup SuccessFactors System for IAG Provisioning I. The SF system needs to be setup and enabled for Oauth2 through “Manage....

Please follow below steps to upload Cloud Groups in GRC AC for IAG Bridge For Uploading Cloud Group setup as below  Role Type = Technical Role Import Source= File on Desktop Role Authentic Source = Skip Application Type = IAG Landscape = ARIBA/SAC etc. Methodology = Complete Selection Criteria              ....

This post is a follow up content for the previous blog post from my colleague Sonia Petrescu and me ( Soumya Prakash Mishra ) for SAP IAG integration with different SAP Ariba modules. Integrating SAP Ariba solutions with SAP Cloud IAG (4 Minutes read) and  Extending Cloud Integration of SAP IAG to SAP Ariba Strategic Sourcing Suite(3 Minutes read) I....

As explained in my previous blog of “IAG Integration with ARIBA” the steps required to complete End to End Integration of GRC IAG Bridge to any target cloud application is 5 step process. The Step 3 to 5 will follow the same configuration with minor tweaks depending on Cloud Applications. The first step of any....

Single sign-on (SSO) is a session/user authentication process that permits users to enter a single name and password to access multiple applications. While SSO uses a single login (username/password) to access all applications within the same organization, federated SSO (FSSO) goes a step further and extends SSO across enterprises. In other words, FSSO allows access to multiple systems....

SAP Cloud Identity Access Governance (IAG) is Software as a service (SAAS) solution built on the SAP Business Technology Platform, It helps organizations to manage SOD and critical access risks while meeting security and compliance requirements. Cloud IAG provides native integration with a superior user experience across hybrid environments, it can be connected directly to SAP....