Professional Documents
Culture Documents
EXTERNAL
Speakers 2017
The information in this presentation is confidential and proprietary to SAP and may not be disclosed without the permission of SAP.
Except for your obligation to protect confidential information, this presentation is not subject to your license agreement or any other service
or subscription agreement with SAP. SAP has no obligation to pursue any course of business outlined in this presentation or any related
document, or to develop or release any functionality mentioned therein.
This presentation, or any related document and SAP's strategy and possible future developments, products and or platforms directions and
functionality are all subject to change and may be changed by SAP at any time for any reason without notice. The information in this
presentation is not a commitment, promise or legal obligation to deliver any material, code or functionality. This presentation is provided
without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement. This presentation is for informational purposes and may not be incorporated into a contract. SAP
assumes no responsibility for errors or omissions in this presentation, except if such damages were caused by SAP’s intentional or gross
negligence.
All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from
expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates,
and they should not be relied upon in making purchasing decisions.
IAM Evolution
IAM Use-cases
Demo
IAM is shifting to become an continuous program that delivers intelligence, meets compliance
requirements, adds value differentiation, and unloads the organization
Partners and
Channels Suppliers Vendors Resellers
Identity Access
Management Management
People Assets
Mobile Devices,
On-Premise
Apps, and Identities
Applications
Secure access
SAP Single Sign-On
SAP Cloud Platform Identity Authentication
Secure code
SAP NetWeaver AS,
add-on for code
vulnerability analysis
Secure code
SAP NetWeaver AS, add-on
for code vulnerability analysis
A complete cloud identity suite that enables organizations to easily manage user on-boarding and helps users to
easily access their applications
This is the current state of planning and may be changed by SAP at any time.
© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ EXTERNAL 16
SAP IAM Workforce to SaaS
SAP IAM – Workforce to SaaS CPL167
Identity Authentication
Single Sign-On across SAP applications out-of-the-box and by default
Pre-integrated SAP applications
Decrease TCO – connect once
Delegated authentication
Enforcing additional security
Identity Provisioning
Simplified user on-boarding
SCIM* gateway ******
Logon
*System for Cross-domain Identity Management, formerly also known as “Simple Cloud Identity Management”
© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ EXTERNAL 18
Business-to-employee scenario (B2E)
Corporate Network
© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ EXTERNAL 20
Authentication with on-premise user store
Delegated authentication
******
On-premise user store
Logon
Users credentials from:
Identity Authentication Microsoft Active Directory
3rd. party user store
Applications
No user replication to the cloud required
Internal network ports do not need to be
exposed to the internet
SAP Cloud
In addition usual product features can
Connector
be used: UI configuration, policies, two-
SAP
LDAP NW JAVA factor authentication
+ SAP SSO AS ABAP
SAP NetWeaver
Corporate Network
© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ EXTERNAL 21
SAP Cloud Platform Identity Provisioning service
Product description
Identity Provisioning offers a comprehensive, low cost approach to identity lifecycle management in the cloud
Solution overview
Manage user accounts and authorizations in a
cloud-based service Retrieve cloud users and their attributes
Provision identities from user stores in the cloud
and on-premise
Enable business applications to quickly support
Create accounts and
single sign-on with Identity Authentication assign authorizations
Covering a broad range of source and target systems, both in the cloud and on-premise
On Google
Connect to Google Developer Console
(https://console.developers.google.com)
Create and configure a service account
Note down clientID and private key
Assign authorizations to cloud applications by mapping attributes in the corporate user store to those in the cloud
Integrate identity data models of different applications by defining rules for data transformation
Capabilities required for B2C and B2B use-cases – registration, social login, self-services, etc.
Scalable solution, used already by SAP and Customers for millions of users
One Solution for B2E and B2C
User self services reduce TCO especially for B2C and B2B scenarios
Convenient user self-services
Configurable self-registration
Account confirmation via email
Forgot password
User profile
Edit details & change password
Mobile device activation (for two-factor
authentication)
(Un-)Link social accounts
Product features
Responsive UIs
Multilanguage support
Are permissions
automatically adjusted if
someone is promoted to
a new position?
Existing customers of SAP Identity Management (IdM) can extend their identity lifecycle management to also
cover cloud-based scenarios using Identity Provisioning and Identity Authentication
On-premise
In hybrid cloud / on-premise scenarios, integrating SAP IdM
with Identity Provisioning is the recommended solution.
Only this allows customers to gain the maximum benefits from
both worlds SAP Identity Management
© 2017 SAP SE or an SAP affiliate company. All rights reserved. ǀ EXTERNAL 33
Demo
SAP Integrated
Business Planning SAP Asset
Intelligence
Network
SAP
Innovation
Management SAP Document
Center
SAP
Networked
SAP Cloud Platform Logistics
SAP Portal service sites Hub
Access replays of
Keynotes
SAP TechEd live interviews
Select lecture sessions
http://sapteched.com/online
sap.com/community
See all SAP TechEd Blogposts
CPL715 – Code Review: Configure Clickjacking Protection for Your Customized Login Screen
CPL716 – Code Review: Adjusting User Provisioning Rules in SAP Cloud Platform
Feedback
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company.
The information contained herein may be changed without prior notice. Some software products marketed by SAP SE and its distributors contain proprietary software components
of other software vendors. National product specifications may vary.
These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP or its affiliated
companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP or SAP affiliate company products and services are those that are
set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.
In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release
any functionality mentioned therein. This document, or any related presentation, and SAP SE’s or its affiliated companies’ strategy and possible future developments, products,
and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time for any reason without notice. The
information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-looking statements are subject to various
risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements,
and they should not be relied upon in making purchasing decisions.
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company)
in Germany and other countries. All other product and service names mentioned are the trademarks of their respective companies.
See http://global.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices.