Identity Management Tips, Thoughts and Opinions

Matthew Pollicove

Subscribe to Matthew Pollicove : eMailAlertsEmail Alerts
Get Matthew Pollicove via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

As usual, events here at TechEd have caught up with me and I missed a post. Sorry, folks!

This does not mean that there has been a lack of activity here at TechEd. Yesterday, I attended an excellent hands on workshop based on Context Based provisioning.  Any organization that is looking into SAP IDM for the purpose of managing SAP Roles over multiple locations or positions needs to look into Context Based provisioning. I think one can make an excellent comparison between IDM contexts and the Derived Role concept within SAP.  I'll have to write some more on that later, either here or on the SCN Blog. I've also come up with some other interesting ideas for Contexts which I will be working on over the next few weeks.  Hopefully, I'll have something to share soon.

There were also a number of good Q&A sessions where users could go one-on-one with some of the SAP IDM experts that came over from SAP Labs in Trondheim, Norway.  For those that don't know, NetWeaver IDM was born as MaXware Identity Server in Trondheim back in the 1990s and core development still happens there to this day.  Concepts such as Assignments, Approvals and Virtual Directory Server were covered.

Today I was able to attend a session on the use of the Provisioning Framework.  Not too much new there, but it was good to hear that SAP is committed to the Framework and feels that IDM is the best way to provision users to SAP systems. During the presentation, the following general IDM points were brought up that I would like to comment on:

Users should consider IDM over CUP if connections to external applications are required (e.g., Microsoft Active Directory)
IDM should be used over other provisioning methodologies for Audit and compliance reasons
Do not think of SAP or non-SAP roles, privileges, provisioning etc., it is all Enterprise provisioning

I'll have a wrap of of TechEd tomorrow with some closing thoughts.

Read the original blog entry...

More Stories By Matthew Pollicove

Matt Pollicove is an Identity Management architect, engineer, trainer, project manager, author and blogger with experience in user account provisioning, data synchronization, virtual directory and password management solutions. As a MaXware Technical Consultant and later as a System Engineer, he worked extensively with MaXware (now SAP) software products in large customer environments. In the past Matt has worked with several leading national and international consulting firms and is currently a Sr. Principal Consultant for Commercium Technologies. He is currently the Practice Lead for SAP NetWeaver Identity Management and SailPoint IIQ.