Configuring Security

Objective

After completing this lesson, you will be able to manage Security in SAP Agent Performance Management.

Security Group Management

As with any application, security is of key importance to ensure only the right users have access to your organization’s sensitive data. APM security management allows you to control user access to all aspects of the system, including portals, forms, individual fields, actions, and other system features.

As an example, consider the image below. Alexander Smith is an administrator and has access to all four portals: Manager, Integration, Administration, and Credentialing. Deborah Willis is a producer and only has access to the Credentialing portal, where she can only view her own licenses and appointments.

Two examples of security groups are displayed. The first image shows the four portals visible to the administrator. The second shows that broker payees can only see the Broker and Credentialing portals.

The features of security management in APM include the following:

  • Using Security Groups, you can configure access to forms, fields, actions, and system features for specific sets of users.
  • User Management allows you to create and manage users, as well as their authentication and authorization in the application.
  • Password Policies allows you to configure a password policy to define constraints and requirements for passwords and password maintenance.
  • The Data Protection and Privacy capability allows you to configure fields as personal and sensitive data fields, and block data, if needed.
  • APM also includes an Auditing capability to audit every add, update, and delete made by a user, as well as all successful and failed user login attempts.

Create Security Groups

Steps

  1. Open the Administrator Portal.

  2. Select SecuritySecurity Groups.

  3. Select Create.

  4. Select the portal for which the security group will apply.

  5. Select Save.

    The Security Groups screen. A new security group is being created with the ID “MgrDefault”.

Management of Access to Forms and Fields using Security Groups

APM has many different types of users, ranging from administrators with full access to the system to individual agents or payees who can see a limited view of their own data. Displaying the system in different ways for different types of users can be managed using the security groups we created earlier. Some of the many ways security groups can manage user access include:

  • Hiding or displaying forms
  • Making a form read-only
  • Hiding an action, such as Save or Activate
  • Hiding or masking a specific field

Each security group is associated with a portal, such as Manager, Integration, or Administrator.

User Creation

Once your security groups are set up, create at least one (preferably two) administrative users with full access to the system. Users in the context of Agent Performance Management are the individuals who use the system. This is in contrast to Producers, who are added in the Producers portal.

Create Users

Steps

  1. From the Administrator portal, select SecurityUsers.

  2. Select Create.

  3. Enter the user’s full name and User ID.

  4. Enter the user’s email address.

  5. Optionally, select an effective date, default language, or other user information.

    The Users workspace. A new user named Alexander Smith is being created.

  6. Select an authorization type.

  7. Scroll to the Portal Access section and select the portals to which the user should have access.

  8. For each portal, select the Security Group ID that grants access to the portal.

    The Portal Access section of the Users screen. The Manager, Integration, Credentialing, and Administrator portals are checked, and a Security Group ID for each portal has been selected.

  9. Select Save.

  10. Select Activate.

Password Policies

Password Policies define constraints and requirements for passwords and password maintenance. Some of the items that can be configured in the password policy include:

  • Maximum password length.
  • Password expiration rules; for example, passwords must be changed every 60 days.
  • The password duplication cycle sets the number of cycles for which a password can be reused.
  • Maximum failed login attempts.

Password policies can be set under Administrator → Security → Security Configuration.

The Security Configuration screen, with the Passwords section in view.

Create a Security Group and User

Business Example:

In this exercise, you will create a new security group and a new user.

ExerciseStart Exercise

Steps

  1. Create a Security Group with the ID MgrDefault and the name Manager Default.

    1. From the Administrator portal, select SecurityConfigurationSecurity Groups.

    2. Select (+).

    3. Enter the Security Group ID MgrDefault.

    4. Enter the Full Name Manager Default.

    5. Set the Portal ID to Manager.

    6. Select Save.

      The Security Groups screen. A new security group is being created with the ID “MgrDefault”.

  2. Create a new user.

    1. From the Administrator portal, select SecurityUsersUsers.

      The User Detail screen. A new user named Alexander Smith is being added.

    2. Select Add (+).

    3. Enter the following information for the new user:

      • Name: Alexander Smith
      • User ID: asmith
      • Effective: 1/1/2025
      • Contact email: asmith@sabermanagement.com
      • User time zone: US/Eastern (ET)

    4. Scroll down to the Authorization section and set the Authentication Type to LDAP.

  3. Assign the new user to the Manager portal using the access granted by the new security group.

    1. Scroll down to the Portal Access section.

    2. Select the Manager checkbox.

    3. In the SecGroupID field, select MgrDefault.

    4. Select the Integration checkbox.

    5. Select the SecGroupID menu and select Integration.

    6. Repeat these steps to grant access to the Credentialing and Administrator portals.

    7. Select Save.

      The Portal Access section of the Users screen. The Manager, Integration, Credentialing, and Administrator portals are checked, and a Security Group ID for each portal has been selected.

Summary

  • Using Security Groups, administrators can configure access to forms, fields, actions, and system features for specific sets of users.
  • Each security group is associated with a portal, such as Manager, Integration, or Administrator.
  • Users in the context of Agent Performance Management are the individuals who use the system.
  • Password Policies allow you to configure a password policy to define constraints and requirements for passwords and password maintenance.
  • SAP Identity Authentication Service (IAS) acts as a federated identity provider (IdP) for SAP cloud solutions.
  • Agent Performance Management can authenticate with SAP Identity Authentication Service (IAS) using SAML, LDAP, or API only.

Learning

SAP FacebookSAP YoutubeSAP LinkedIn