Financial Management Blogs by SAP
Get financial management insights from blog posts by SAP experts. Find and share tips on how to increase efficiency, reduce risk, and optimize working capital.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Cloud Identity Access Governance (IAG) Overview and Updates

saksham
Advisor
Advisor
‎06-12-2020 3:01 PM

SAP Cloud Identity Access Governance(IAG) is SAP's latest innovation for Access Governance. After a highly successful SAP Access Control 12.0 release, SAP has now released some of the latest innovations on the SAP Cloud Identity Access Governance application. SAP Cloud Identity Access Governance (IAG) is a multi-tenant solution built on top of  SAP Business Technology Platform (BTP) and SAP's proprietary HANA database.

SAP Cloud Identity Access Governance(IAG) is bundled with SAP Business Technology Platform(BTP) Identity Provisioning Service(IPS) and Identity Authentication Service(IAS).

**SAP Cloud Identity Access Governance(IAG) 2205 (May,2022) version is now released with product enhancements in the areas of Ariba Integration( via SCIM API) , Mitigation Assignment Reporting, Management of User IDs mapped through multiple cloud applications, Added authorization checks for Access Control bridge integration, Conditional UI fields and more.**

**SAP Cloud Identity Access Governance(IAG) 2202(February,2022) version is now released with product enhancements in areas of integration with SAP Concur, SAP Sales Cloud, SAP Service Cloud, SAP Advanced Financial Closing and SAP Intelligent Asset Management**

**SAP Cloud Identity Access Governance(IAG) 2108 version is released with product enhancements in areas such as customizing workflows for access management, additional properties to support OAuth 2.0 Authentication for SAP Successfactors, support for provisioning of universal unique ID(UUID) for SAP S/4HANA**

**SAP Cloud Identity Access Governance (IAG) 2105 version is released with enhancements in areas such as extending User Access Review(UAR) for cloud solutions to SAP Access Control through the AC-IAG Bridge Scenario.**

**With SAP Cloud Identity Access Governance (IAG) 2102 release customers can now integrate non-SAP solutions based on Open System for Cross-Domain Identity Management(SCIM)**

SAP Cloud Identity Access Governance (IAG) provides out of the box integration with SAP's latest cloud applications such as SAP Ariba, SAP Successfactors, SAP S/4HANA Cloud, SAP Analytics Cloud and other cloud solutions with many more SAP and non-SAP integrations on the roadmap..

 

Cloud IAG Services


 

SAP Cloud Identity Access Governance (IAG) helps customers achieve access control and governance through the below key services:

Access Request

Access Request Service provides customers the opportunity to utilize self service access request forms for user and role provisioning into the Cloud applications along with the power of workflow driven access provisioning mechanisms along with any other features.

Role Design

The Role Design allows users to design access roles with the power of Machine Learning (ML) based algorithms to optimally define and refine the required roles with a bottom up approach.

Access Certification

The Access Certification service in the Cloud Identity Access Governance (IAG) provides the option to certify access spread across multiple cloud solutions by allowing reviewers to regularly audit and certify the roles assigned.

Access Analysis

The Access Analysis service is primarily the application meant for security administrators and compliance teams to analyze access risks across cloud applications and refine or remediate access according to the auditory requirements.

**IAG Release 2005: We have released a risk ruleset library to detect access needing Segregation of Duties in SAP Cloud applications such as SAP S/4HANA Cloud, SAP Ariba and SAP Successfactors**

Privileged Access Management

Privilege Access Management is another service which is provided in the Cloud Identity Access Governance (IAG) solution to monitor, report, audit and take action against any critical access in a critical environment such Cloud application

Cloud Identity Access Governance (IAG) is maintained by SAP DevOps which is responsible for the constant upkeep, maintenance and pushing in new enhancements.

**Privileged Access Management(PAM) is now beta-released(for ABAP connectors) in the latest IAG 2005 release for Privileged Access provisioning and privileged/emergency access monitoring(Firefighter) through the Cloud IAG application.**

SAP Cloud Identity Access Governance (IAG) 2401 version is now released with added functionalities such as Manage Jobs to help customers synchronize Segregation of Duties (SoD) rules from SAP Access Control 12.0 to SAP Cloud Identity Access Governance (IAG) in addition to Creation of Access Review Campaigns  for coordinators to receive alerts when campaigns are overdue. 


SAP Access Control-IAG Bridge

The most talked about feature of Cloud Identity Access Governance (IAG) is the SAP Access Control-IAG bridge which provides customers the flexibility of continuing to use their existing SAP Access Control 12.0 environment as the primary system for Access Control and have the IAG bridge take care of the Access Control services or applications for the cloud environment.

SAP Contacts:

If you are a SAP MaxAttention/Active Attention customer, please contact your Technical Quality Manager(TQM) to know more about the SAP service offerings. For all other existing or potential SAP customers please get in touch with your SAP Account Executive(AE) for solution or service subscriptions.

SAP North America CoE Lead: Saksham Minocha

Labels:
9 Comments
former_member506357
Discoverer
‎09-24-2020 10:02 AM

Hi Saksham,

Excellent blog content. I have a question why is user management different in IAG as compared to S/4 HANA cloud? In S/4 HANA cloud role assignment in done using the apps in S/4 HANA cloud whereas for IAG we assign the roles for the services in cloud cockpit instead of in IAG. Similarly "Intelligent asset management" also maintains role assignment via cloud cockpit. How are some cloud applications differing from others in this aspect. Hope I was able to word my question properly, any help would be greatly appreciated.

Thanks

saksham
Advisor
Advisor
‎10-16-2020 9:41 PM
0 Kudos

Hi Supreeti,

 

Thank you! You have worded your question very precisely.

 

S/4HANA Cloud is a core ERP application and hence the structure is so. IAG is a fulfillment/compliance application for other Cloud ERP Applications and hence the structure is through SCP Cockpit. Also, if you look at the user/role management in IAG application itself there is a not a lot that you have to do.

There might be some changes from the product side in the future releases to align the structures.

 

Hope that helps.

 

Regards,

Saksham

siddheshpai
Explorer
‎09-22-2021 6:28 AM
0 Kudos
Excellent Blog Saksham. Is there any documentation available on connecting IAG bridge to GRC 12.0?

We have a requirement to connect Ariba to GRC 12.0, hence we were looking for a hybrid approach by leveraging IAG bridge with our existing GRC 12.0 .

 

Thanks,

Siddhesh Pai
saksham
Advisor
Advisor
‎10-12-2021 3:10 PM
Hi Siddhesh,

Thanks for the nice words.

Most of our customers have deployed using the available documentation at SAP Help portal. Please refer to the link. Hope this helps.

Regards,

Saksham
pvinjamuri
Explorer
‎11-23-2021 1:24 PM
0 Kudos
Hello Saksham!

 

Nice Blog! Can we use IAG as an access management platform for other BTP services such as Integration suite, Multi-cloud, etc?

 

Thanks

Praveen.
Niladri_B_Nayak
Active Contributor
‎06-28-2022 5:53 AM
0 Kudos
Excellent blog, How does it work with SAP SuccessFactors. SAP SF has its own security model / Role Based Permission too.

 

Regards,

Niladri

 
vdoux
Advisor
Advisor
‎06-28-2022 6:52 AM
0 Kudos
Please see the SAP IAG Help portal, integration scenario for SFSF:

SAP SuccessFactors | SAP Help Portal

 

Regards

Vincent
MelvinButton
Explorer
‎07-25-2023 12:50 PM
0 Kudos
Hi,

 

Can we use IAG to provision access to SAC SAP Analytics Cloud ? or what provisioning tool is recommended managing accesses here ?

 

Regards, Mel
vdoux
Advisor
Advisor
‎07-26-2023 1:39 PM
0 Kudos
Hi, Yes, SAP IAG can provision access to SAC.

Regards

Vincent
Popular Blog Posts