ฝัง
- เผยแพร่เมื่อ 7 ก.พ. 2025
- Recording of our webinar on 26 November 2024!
-----------------------------------
ROI iAM is the best intelligent access management tool for companies with a big SAP landscape, especially former SAP IDM customers.
ROIABLE is a provider of SAP expertise in the areas of User access and Workflow automation.
ROIABLE's webpage:
roiable.com/
-----------------------------------
Q & A
Q: How flexible is the customization and development of processes and connectors with ROI iAM compared to SAP IdM?
A: The main concept upon which ROI iAM was built, was to keep the well-done parts of SAP IdM and get rid of those that didn’t work so well. Logically, the flexibility which SAP IdM offered was categorized among its good sides. Therefore, we are not only keeping that flexibility in place, but also enhancing the workflow engine to be much more intuitive during design and much more powerful during runtime. This is surely possible thanks to the underlying SAP BTP services, which are used to ensure a scalable and stable performance.
Q: Currently Entra ID cannot assign roles to on-premise SAP systems and actually to SAP IAS too. Can this be achieved with the combination of ROI iAM and Entra ID?
A: Yes, you are referring to two of the scenarios, which were shown during the webinar, namely - provisioning of user access for an SAP on-premise system and for SAP Identity Authentication Service using Identity Provisioning Service as proxy.
Q: Are there any migration jobs that load data from SAP IdM to MS Entra ID or ROI iAM?
A: We wish that it was that simple, just to run a job and get things ready in the new system. Unfortunately, that is not the case. As mentioned earlier, SAP IdM is foundationally different compared to any of the other solutions offered by the 3rd party vendors. Luckily for ROI iAM things look better, since the product was designed with the SAP IdM migration in mind. However, even there a simple load job won’t do the trick. At the end of the webinar, we showed our “Migration Enabler” SAP IdM package, which helps with moving the data from SAP IdM to ROI iAM, but this is not an automated activity, nor it will be one. It must be supervised during the migration process, but, on the other hand, offers great reduction in terms of time and effort needed.
Q: What details are listed in the audit/provisioning log?
A: The audit/provisioning log in ROI iAM is called Event Log. This is because it tracks all incoming and outgoing events and their lifecycle within the product. Among the details, which it contains are incoming time of the event, type of event to be triggered, source and target system, data, which was sent from the source and how this data was transformed in the process chain before reaching the target system, then the response that was received, etc.
Q: Is there a way to automatically sync the ABAP roles to access packages in MS Entra ID?
A: Currently, there is no such functionality in MS Entra ID. However, thanks to ROI iAM this is possible and every application that was loaded in ROI iAM can be automatically enabled for provisioning, using access packages in MS Entra ID.
Q: Does MS Entra ID support Business roles or similar groups concepts?
A: MS Entra ID supports Business roles in the forms of access packages. Those can contain both single and multiple technical roles from various systems. This is the closest representation of business roles that is available right now in the Microsoft IAM solution.
Q: Where can we view the relationship between the dynamic group and the technical role/privilege in MS Entra ID?
A: The dynamic groups are assigned to the application, for which they would need to trigger. Then, within the groups we can further specify the roles/privileges assigned for that particular application. Following that approach, we can enrich the dynamic groups to have all the needed day one roles/privileges for a particular position and thus automate the provisioning process.
Q: How would MS Entra ID work with systems like Java UME, SAP HANA and SAP ABAP?
A: MS Entra ID has a library of connectors, which cover a broad range of systems. Most of them are cloud based, but even for them the default connectors are limited in scope of what they can do, how often they can be triggered and what error handling they can perform. If we move to the on-premise world the limitations and complexity of the setup are growing non-linear. With ROI iAM, the setup to MS Entra ID is always one and the same and once done, should not be changed for every new connected repository. On the other hand, our SAP BTP based solution can handle the connections to any cloud and on-premise SAP and non-SAP systems with customer-defined fields, as was shown in the webinar.
