Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Preparing for SAP Identity Management’s End-of-Maintenance in 2027

MichaelFr
Associate
Associate
‎02-06-2024 9:43 AM

Maintenance for SAP Identity Management (SAP IDM), our on-premises tool for managing the identity lifecycle, will end in 2027. Extended maintenance will be available until 2030. This extension is intended to give your organization ample time to plan and execute a well-considered migration strategy.

There are several topics for SAP IDM customers to consider.

SAP Cloud Identity Services are the center point of SAP’s IAM strategy, relying on widely established industry standards such as Security Assertion Markup Language (SAML), OpenID Connect (OIDC), X.509 certificates and System for Cross-Domain Identity Management (SCIM). Their focus is to simplify system integration and help ensure security and compliance while providing a seamless user experience.

With SAP Cloud Identity Services it is easy to integrate SAP Cloud applications with an existing IAM system infrastructure. SAP Cloud Identity Services provides a central integration point that enables a single one-time integration to support extended partner identity scenarios for SAP Cloud solutions.

You can find more details in the System Integration Guide for SAP Cloud Identity Services.

Furthermore, recognizing the importance of seamless integration within the identity and access management landscape, SAP is committed to further enhance SAP Cloud Identity Services and SAP Cloud Identity Access Governance. These enhancements are designed to facilitate integration with other partner identity management solutions, like Microsoft Entra ID, that provide a comprehensive approach to enterprise-wide identity and access scenarios.

MichaelFr_1-1707210692931.jpeg

Microsoft and SAP are actively collaborating to develop guidance that enables customers to migrate their identity management scenarios from SAP Identity Management to Microsoft Entra ID. Microsoft Entra ID offers a universal identity platform that provides your people, partners, and customers with a single identity to access applications and collaborate from any platform and device. This work and partnership are in progress; stay tuned for updates and blogs with details about our collaboration efforts

6 Comments
priyankgaddala
Explorer
‎02-23-2024 3:22 AM
0 Kudos

Hi Michael, Thanks for the post and insight on collaboration between Microsoft and SAP.

It is good to know that SAP is going have Cloud Identity Services as a part of their IAM strategy.  The issue I see is with bundled CIS tenants does not support SCIM destinations unless they are SAP Systems and just for SCIM connectors customer have to buy license for IAG. If customers have to adopt and leverage their investments in SAP, then SAP should look at making SCIM connector available free of charge/bundle so that customers can integrate 3rd party Products. It doesn't make sense to buy IAG just for sake of SCIM connector, specifically for customers who have On-Premises GRC. 

With sunset of SAP idM, customers will not have any On-Premises IAM Product - Is that right?  

Cheers,

Priyank

MichaelFr
Associate
Associate
‎02-23-2024 12:12 PM

Hi Priyank,

thanks for the feedback.

In fact, we are currently working to also allow general purpose SCIM connectors directly with bundled SAP Cloud Identity  services - Identity Provisioning tenants. This will be a priced feature, though. Only connectivity towards SAP systems is available at no additional cost.

For your second question you are right, there's no other SAP on-premise product for identity management.

Best regards,

Michael 

wagener-mark
Contributor
‎04-12-2024 1:18 PM
0 Kudos

Hi @MichaelFr ,

is the solution described above already available? We are implementing S/4HANA Cloud Private Edition and already use IAS and IPS. We don't want to set up a CUA anymore and would like to know, if we could already achieve a similar functionality. Managing users and authorizations manually on multiple S/4 systems with multiple clients is a pain...

BR,
Mark

Parin
Discoverer
‎04-24-2024 2:18 PM
0 Kudos

Hi @MichaelFr ,

In the architecture diagram you showed,  we can see there is REST based connection or communication between Entra ID and SAP IAG. Are there connectors published by SAP IAG to be integrated with Entra ID for providing user provisioning signals ( allow and deny  events)?

For instance, we plan to use SAP HR and Entra ID out of the box connector for it and can then provision the users to SAP Identity directory using SCIM. However, since Access request or Role request is mainly done at SAP IAG ( or GRC if on premise) , how can Entra Id fit here ?

Entra ID has no information about SAP applicatio Roles configured in SAP end application unlike SAP IAG which has sync jobs to fetch these information and thus it becomes the central system to raise access request and based on outcome of request the user is provisioned to SAP application to that requested role.

How will this be possible with Entra ID.

Its hard to fix this puzzle, could you please throw some light here ?

AAREAS
Associate
Associate
‎04-25-2024 5:17 AM
0 Kudos

Hi @MichaelFr ,

Thanks for the update because it's been very difficult to respond to customer RFPs when identity management capabilities appear. At least we have a likely scenario for this issue in the future, although we do not  have any currently solution to sell to the customer with this need.

Do you think we will be able to sell the Microsoft Entra ID as a Solex in our pricelist or will this product only be available in our SAP Store or a direct contract with Microsoft?

Best Regards

Artur

 

 

priyankgaddala
Explorer
3 weeks ago
0 Kudos

@MichaelFr I trust you are doing well. I just saw below announcement from One Identity that it has been chosen as replacement for SAP's product. Is MS Entra ID no longer replacement for SAP IDM?

One Identity chosen as a leading IGA vendor for SAP transition (youtube.com)

Regards,

Priyank.

Labels in this area
Popular Blog Posts