Systematic Authorization Management

Real-time analysis of authorizations and segregation of duties.

Are you looking to implement an authorization concept that covers multiple clients and systems in your SAP landscape?

With the SAST authorization management, you can make sure your concept is comprehensive and includes strict authorization controls. This module compares all the roles and objects in your SAP systems against a segregation of duties (SoD) matrix, improving your ability to identify critical access attempts through your SAP authorization concept and detect potential SoD conflicts in real time - and most importantly, before your production system is affected.

Plus, your concept will be the only source auditors need for qualified key figures. SAST makes it possible to monitor and analyze SAP authorizations, combinations, processes, and SoD rule sets based on preconfigured or freely definable SoD matrixes.

How SAST SUITE can assist you

• All critical authorizations and SoD conflicts are completely transparent - for all essential SAP modules delivered as standard
• Predefined rule sets for SoD violations and critical access attempts
• Simulation of roles for SoD conflicts and recommendations for role templates
• Evaluation and blocking of inactive users
• Real-time verification of your SAP transactions
• Simplified revision audits
• You can adopt your own policies and audits

Are you already familiar with our add-on for this module, SAST Enhanced SoD and Control Reporting? It's designed to give you a way to communicate and collaborate on the basis of Excel, which makes things easier to understand for user departments, managers, external auditors, and others who aren't experts in SAP.

Audit-compliant administration of users, roles and authorizations.

Managing a large number of user accounts often presents companies with serious challenges, especially when you consider how complicated most of the available standard tools are. It's particularly difficult when user identities need to be maintained in several systems, directory services, or databases.

The lack of an option to manage user IDs and authorizations across multiple systems in a transparent way not only leads to insufficient clarity and SoD conflicts; it also requires more effort to address these issues.

With our SAST User and Access Management module, you'll have an efficient, user-friendly, and secure means of both monitoring and managing the identities, roles, and authorizations of your SAP users.

This module will provide you with key information on authorizations and structures, help pinpoint your current risks and security vulnerabilities, and enable you to freely define the responsibilities of your organizational areas - including for HR and role managers and user and role administrators. It's also possible to configure the approval steps necessary for each individual SAP workflow.

How SAST can assist you

• Reduces effort through automated authorization requests
• Automated SoD analyses and user mass-requests
• Out-of-the-box approval workflow and tailored to your needs
• Provisioning of SAP users fully automated
• Increases transparency by facilitating customizable authorization management and seamless tracking of all changes
• Assesses risks and detects assignments of critical authorizations in real time
• Fulfilment of legal demands on the documentation requirements
• Option to integrate mobile request and approval workflows via web user interface
• Possibility of connecting IDM or ticket systems as well as customer-specific SAP transactions
• Workflow integrates directly into SAP

Preserve your resources by automating your SAP role generation.

Real-world situations consistently show that growing structures quickly make the assignment of authorizations difficult to manage without a significant amount of manual effort. This is particularly true when authorizations need to be assigned in a compliant manner that prevents SoD conflicts.

Enter the SAST Role Management - a secure, efficient, and cost-effective solution for optimizing your existing roles and organizing them in a clearly arranged role management system.

SAST will aid you in determining which authorizations are needed, creating new roles, and of course, handling the ongoing administration of your authorization concept. In doing so, you can decide whether to build on SAST Suite's predefined role templates or define your roles through automated analysis of your users' activities and the transactions they execute. This also means that you can easily carry out rollouts and mass changes at the object or field level.

How SAST SUITE can assist you

• Significant reduction of effort and costs in complex authorization projects during day-to-day business
• Reduces risk through conflict-free authorization roles and can be fully customized
• Analyzes and manages roles across systems, automates mass role generation
• Detailed analysis of usage incl. overview of unused roles
• Analyzes critical authorizations and existing SoD conflicts
• Automatically produces documentation to ensure audit security and compliance
• Multi-system role evaluation and administration.
• Integrates seamlessly with standard SAP software (profile generator, etc.)

Efficient, audit-compliant monitoring of your emergency users.

Even the best system sometimes requires extended support. This is why SAP systems provide for firefighter users that have expanded authorizations for special circumstances - authorizations that include the ability to access sensitive data. To ensure your compliance with the due diligence required by law, extensive documentation of such activities is essential.

Luckily, the SAST Superuser Management is available to help you deal with this challenge. It maps your entire superuser process, checks all privileged access attempts in real time, and documents all related activities with full audit security. From user authorization assignment and convenient administrative tools to the documentation of support cases based on dual logging access, everything is covered in this module.

How SAST SUITE can assist you

• Transparent and audit-compliant documentation of all critical activities
• Prevents unnecessary "SAP_ALL" authorizations
• Traceability of critical activities
• Integrated authorization and unsubscription process including single sign-on functionality for your privileged users
• Automatically notifies your auditor when a support activity is complete
• Logs users through passive monitoring as external consultants or SAP EarlyWatch
• Fast installation and implementation through predefined processes as well as the possibility of integration into your own Workflows

Carry out faster, smoother authorization projects.

Are you developing a new authorization concept or planning to redesign your SAP authorizations, for example in the context of a S/4HANA migration? If so, our SAST Safe Go-Live Management can save you a tremendous amount of time and organizational effort.

Our software starts by analyzing your users' behavior at the outset of your project. It automatically identifies all the authorizations they utilize and incorporates them into your new model without any additional effort. If users are missing authorizations they had before the transition, they can activate a fallback function to have their privileges restored right away. Meanwhile, the main advantage you'll enjoy is that your day-to-day business will continue on uninterrupted.

How SAST SUITE can assist you

• Implements tailored roles with clean authorizations at the click of a mouse
• Significantly accelerates projects involving new or redesigned concepts
• Protecting your resources thanks to highly automated processes
• Lower project costs and no additional licensing costs for reference and fallback users
• Makes it possible to overhaul authorizations without disruptions and enables your daily business to continue unhindered

Our consultants will be happy to lend a hand in preparing and implementing an authorization concept that meets your specific requirements.

Take the pressure off your user helpdesk.

With this SAST module, you can simplify the process of resetting passwords and implement stricter password guidelines.

It gives your employees a secure, user-friendly way to reset their passwords themselves through your intranet no matter where they are. This will save your helpdesk personnel time and they can devote to their core tasks.

How SAST SUITE can assist you

• A fast return of invest
• Compliance-conform standard process
• New passwords generated automatically
• Syncs with SAP and/or active directory to verify users
• Logs all requests
• Easy-to-use via intranet