Thursday, October 18, 2012

SAP TechEd Days 2 and 3

As usual, events here at TechEd have caught up with me and I missed a post. Sorry, folks!

This does not mean that there has been a lack of activity here at TechEd. Yesterday, I attended an excellent hands on workshop based on Context Based provisioning.  Any organization that is looking into SAP IDM for the purpose of managing SAP Roles over multiple locations or positions needs to look into Context Based provisioning. I think one can make an excellent comparison between IDM contexts and the Derived Role concept within SAP.  I'll have to write some more on that later, either here or on the SCN Blog. I've also come up with some other interesting ideas for Contexts which I will be working on over the next few weeks.  Hopefully, I'll have something to share soon.

There were also a number of good Q&A sessions where users could go one-on-one with some of the SAP IDM experts that came over from SAP Labs in Trondheim, Norway.  For those that don't know, NetWeaver IDM was born as MaXware Identity Server in Trondheim back in the 1990s and core development still happens there to this day.  Concepts such as Assignments, Approvals and Virtual Directory Server were covered.

Today I was able to attend a session on the use of the Provisioning Framework.  Not too much new there, but it was good to hear that SAP is committed to the Framework and feels that IDM is the best way to provision users to SAP systems. During the presentation, the following general IDM points were brought up that I would like to comment on:

Users should consider IDM over CUP if connections to external applications are required (e.g., Microsoft Active Directory)
IDM should be used over other provisioning methodologies for Audit and compliance reasons
Do not think of SAP or non-SAP roles, privileges, provisioning etc., it is all Enterprise provisioning

I'll have a wrap of of TechEd tomorrow with some closing thoughts.

No comments: