Date post: | 29-May-2018 |
Category: |
Documents |
Upload: | vuongnguyet |
View: | 247 times |
Download: | 0 times |
Real Experience. Real Advantage.
[
SAP NetWeaver Identity Management – Experiences from an
Implementation at Colgate-Palmolive Company
Sarah Henriquez – Senior Manager IT Risk Management, Colgate-Palmolive
Kristian Lehment – Product Manager IDM & Security, SAP AG
[
Real Experience. Real Advantage.
[ Agenda
Evolution at SAP towards the Solution
“Compliant Identity Management and Single Sign-On”
Introduction – The Functionality Delivered with
“SAP NetWeaver Identity Management”
The COLGATE-PALMOLIVE Company
Facts & Figures
Implementation at COLGATE-PALMOLIVE Company
Learning Points
Business Challenges
Benefits
Plans Going Forward
2
Real Experience. Real Advantage.
[ Compliant Identity Management and Single Sign-On
Compliance and
Governance
SAP Access Control
Identity Management
SAP NetWeaver Identity
Management
Authentication and
Single Sign-On
SAP NetWeaver Single
Sign-On
SAP offers a complete suite of compliance, governance, identity management, and single sign-on solutions
Compliant Identity Management and Single Sign-On
Real Experience. Real Advantage.
[ The Identity Lifecycle
How long does it take for
new employees to receive all
permissions and become
productive in their new job?
Are permissions
automatically adjusted if
someone is promoted to a
new position?
Who has adequate
permissions to fill in for a
co-worker? How long does it take to remove
ALL permissions of an employee?
And how can you ensure that they
were properly removed?
How can you remove
permissions automatically
if employees change their
position?
Real Experience. Real Advantage.
[ SAP NetWeaver Identity Management Functionalities Holistic Approach
e.g. on-boarding
SAP HCM
SAP NetWeaver
Identity Management
Password management
Provisioning to SAP and non-SAP systems
Reporting
Rule-based assignment of business roles
Identity virtualization and identity as service
Central Identity Store
Web-based Single Sign-On and Identity Federation
SAP NetWeaver
Identity Management
Approval workflows
SAP applications Non-SAP applications
SAP Business Suite Integration
SAP
Access Control
Compliance checks
Real Experience. Real Advantage.
[ History of Compliant Identity Management
and Single Sign-On
SAP Access Control
SAP NetWeaver Identity Management
SAP NetWeaver Single Sign-On
April 03, 2006
SAP strengthens leadership in compliance solutions with acquisition of Virsa
May 14, 2007
SAP extends identity management capabilities in SAP NetWeaver
with acquisition of MaXware
June 15, 2007
General availability of SAP NetWeaver Identity Management 7.0
June 16, 2009
General availability of SAP NetWeaver Identity Management 7.1
January 12, 2011
SAP acquires software security products and assets from SECUDE
June 14, 2011
General availability of SAP NetWeaver Single Sign-On 1.0
August 09, 2011
General availability of SAP Governance, Risk, and Compliance
Solutions, Release 10.0
October 31, 2011
General availability of SAP NetWeaver Identity Management 7.2
Real Experience. Real Advantage.
[ SAP offers Rapid Deployment Solution
to meet specific business needs…
Service
Software
Enablement
Content
Software Quickly address the most urgent business
processes
Content SAP best practices, templates and tools
make solution adoption easier
Enablement Guides and educational material speed end
user adoption
Service Fixed scope and price provides maximum
predictability and lowers risk
Real Experience. Real Advantage.
[ … which allow predictability, out-of-the-box integration
and adoption choices as business demands
Predictability Fast value in days/weeks
Fixed cost and fixed best practice scope
Integration Integrated start and growth options
Immediate and future IT and business
processes landscape integrity
Choice Modular packages to meet specific business
needs and allow individual adoption paths
Flexible licensing and deployment options
Real Experience. Real Advantage.
[ Predictability: Solution adoption made simple
Predictability
Implementations in a matter of days/weeks
Clear pricing, scope, timelines and outcomes
Proven best-practices from an extensive customer and qualified partner ecosystem
Real Experience. Real Advantage.
[ Agenda
10
The COLGATE-PALMOLIVE Company
- Facts & Figures
Implementation at COLGATE-PALMOLIVE Company
Learning Points
Business Challenges
Benefits
Plans Going Forward
Sales by Division Pet
13%
Europe/South
Pacific
21%
Latin America
28%
North
America
18%
Greater
Asia/Africa
20%
$16.7 + Billion in
Sales
39,200
Colgate People
Products Sold in
200 Countries &
Territories
ORAL CARE PERSONAL CARE
HOME CARE PET NUTRITION
Real Experience. Real Advantage.
[ Learning Points
Pre-implementation insights that were important for the
project:
SAP NetWeaver Identity Management is a framework
and it is highly customizable
Understand the current business processes in use
at Colgate-Palmolive Company
13
Real Experience. Real Advantage.
[ Overview of Identity Management at Colgate
Colgate uses the application to centralize and synchronize
user accounts for E-mail, SAP user IDs and Network access
(MS-Active Directory)
Standardize identities using Human Capital Management
(HCM) global personnel number as a unique identifier
User accounts mapped to the global personnel number
Automatically creates and terminates accounts based on
HCM action types
14
Real Experience. Real Advantage.
[ Business Challenges
Addresses current business challenges:
Users need accounts in multiple applications
Multiple organizations support account creation /
termination
Manual process requiring complex reconciliation
Decentralized account administration processes for
different applications
15
Real Experience. Real Advantage.
[ Benefits
One single source of truth
Automates creation of user accounts
Automates compliance and timeliness of terminations
Improves employee experience
16
Real Experience. Real Advantage.
[ Best Practices
Automation of manual process
Global centralized process
17
Real Experience. Real Advantage.
[
HR
18 of 22
HCM Integration with IdM
Create
employee
record
Update employee
record with
SAP Id + Email
(Infotype 105)
Identity Management
Receive
HR
Data
Calculate
SAP Id
and
Email address
HR to enter data
for employees
RFC
Web Service
1 2
3 4
Real Experience. Real Advantage.
[ Lessons Learned: HCM Integration with IDM
Data entered in the global HCM system
The timeliness of the data entered
Understand the data needed
Use of employee information for account creation
Accuracy of user address information
19
Real Experience. Real Advantage.
[
20
Where are We Now?
Jun
2010
Jul
2010
Aug
2010
Sep
2010
Oct
2010
Nov
2010
Dec
2010
Jan
2011
Feb
2011
Mar
2011
Apr
2011
May
2011
Jun
2011
Jul
2011
Aug
2011
Sep
2011
Oct
2011
Nov
2011
SAP User Id Account v 7.1
Network account
automation v 7.1
Email account v 7.1
Real Experience. Real Advantage.
[ Identity Management Account Automation
21
HR
Create
employee
record
HR to enter data
for employees
SAP CUA
New SAP User Id
Role provisioning
to target systems
Network account
Provision
Active Directory
account
Provision
Lotus Notes
account
Identity Management
Create
user account
Real Experience. Real Advantage.
[ Long Term Strategy
22
Fully automate creation/termination
• SAP, Email, Network Id
Upgrade 7.2
Integrate GRC
Migrate CUA managed systems to IdM
Self-service
• Password resets
• Lock/unlock
Single Sign-On
Real Experience. Real Advantage.
[ Plans Going Forward
Increase scope on IDM to manage all employees
Upgrade SAP NetWeaver Identity Management
to version 7.2
Integrate Governance, Risk, and Compliance (GRC)
process (SAP Access Control)
Automate role assignments were possible
Implement SAP NetWeaver Single Sign-On
23
Real Experience. Real Advantage.
[ Key Lessons Learned
Alignment with HR is key
Change Management
Understand changes and impact to current “business processes”
What is changing
What is centralized
Understand the data coming from HCM into IDM
Identify key technical and business process expertise
Communication is key
24
Real Experience. Real Advantage.
[
25
[
] Thank you for participating.
SESSION CODE: 1004
Please remember to complete and return your
evaluation form following this session.
For ongoing education on this area of focus, visit the
Year-Round Community page at www.asug.com/yrc