Discussing Access Governance Integration Scenarios (AC/IAG)

Objective

After completing this lesson, you will be able to describe SAP solutions for Hybrid Identity Management and Access Governance.

SAP Hybrid Identity Management and Access Governance

With the ongoing digital transformation, many of the traditional business functions are shifting from on-premise to the cloud, therefore organizations require to deal with access governance in these hybrid landscapes. For Hybrid Identity Management and Access Governance, SAP recommends a comprehensive strategy using the following products and services for On-Premise and Cloud-based system environments:

  • SAP Identity Management
  • SAP Access Control Solutions
  • SAP Cloud Identity Access Governance
  • SAP Cloud Services - Identity Authentication Service
  • SAP Cloud Services - Identity Provisioning Service

SAP Identity Access Governance’s tight integration, as the IAG Bridge with SAP Access Control, allows organizations to align their strategies and use their existing SAP investments in the cloud. The IAG Bridge between SAP Access Control and SAP Cloud Identity Access Governance enables SAP Access Control to facilitate the creation of access requests and the performance of risk analysis for cloud applications.

For example, suppose you use the SAP Access Control system to create access requests for your cloud application. In that case, SAP Cloud Identity Access Governance can handle the risk analysis, assignment of mitigation controls (if needed), and provisioning.

Diagram illustrating the SAP Cloud Identity Services with integrations to SuccessFactors, Fieldglass, SAP Cloud Solutions, SAP On-Premise Solutions, and various SAP applications for access control and identity provisioning.

The architecture shows all the components/systems involved in integrating SAP Cloud Identity Access Governance and SAP Access Control. This integration setup called IAG Bridge, unifies a landscape between the On-Premise and cloud environments.

IAG also provides the facility for API-based integration. The Access Request API enables an external application to submit requests to SAP Cloud Identity Access Governance for further processing. Once processed within SAP Cloud Identity Access Governance, the request provisions/deprovisions the user's access at the end of the approval process. The API also provides the possibility of periodically retrieving the request status.

Diagram showing SAP Cloud Identity Services lifecycle, involving SuccessFactors, Fieldglass, SAP Cloud and On-Premise Solutions. Steps include Identity Directory, Access Governance, Authorization Management, and Provisioning.

Read SAP Cloud Identity Access Governance, Access Request documentation for more information on API-based integration.

Lesson Summary

You can now describe the SAP solutions for Hybrid Identity Management and Access Governance.

Log in to track your progress & complete quizzes

Learning

SAP FacebookSAP YoutubeSAP LinkedIn