You see some common business problems when managing your SAP systems.
Managing accounts in the different SAP systems is a very complex task. Trying to manually maintain account information in the SAP systems and then trying to synchronize that information with the other systems in your environment is very costly, time-consuming, and error-prone.
The extension for SAP environments contains provisioning solutions for the different SAP systems in your environment. The solutions allow you to provision users from the SAP GRC Access Control, the SAP Portal, and from traditional SAP application servers.
The provisioning solutions use the new and updated Identity Manager drivers to provision the SAP accounts. Identity Manager then provisions the SAP account information into any other system that you have connected through Identity Manager. These provisioning processes are automated to save time and money, and to reduce errors. For instructions on how to configure the provisioning solutions, see Section 2.0, Managing User Accounts.
Typically, business managers do not have direct access to assign SAP roles or profiles to users. Instead, they must work through the SAP administrator to facilitate these assignments. The extension for SAP environments provides a solution that enables business managers to easily make role assignments. For instructions on how to configure the solutions for managing roles, see Section 3.0, Managing Roles.
One of the most common and expensive business problems is how to manage user passwords. SAP adds many complexities to password management because each user account in each system and child system has a password associated with it. The extension for SAP environments contains two solutions for managing passwords:
The SAP Identity Manager driver automatically assigns passwords to users when they are provisioned in to the SAP systems and child systems.
You can allow users to manage their own passwords.
For instructions on how to manage user passwords, see Section 4.0, Managing Passwords.
After users are provisioned, they need access to the resources to do their jobs. A common frustration for users is being required to authenticate each time they access a resource. The solution provided with the extension for SAP environments uses Access Manager to allow users to log into Windows* workstation and then have access to the SAP Portal, the Roles Based Provisioning Module, and the Role Mapping Administrator. When users launch a Web browser that is pointing at one of these resources, they are automatically authenticated to that resource through Access Manager. For instructions on how to configure the single sign-on solution, see Section 5.0, Simplifying User Access.
The final part of any solution is to provide auditing and reporting capabilities for the solution. The extension for SAP environments provides real-time auditing and reporting capabilities for your SAP systems through Sentinelâ„¢. This allows you to provide automated reports that can prove compliance with the business policies implemented when users are provisioned and granted access to resources. For instructions on how to configure the auditing solution, see Section 6.0, Auditing Real-Time Events.