This document summarizes an automated SAP user provisioning solution called OneAccess. It describes the client pain points it addresses like lack of approval processes and inconsistent user data. It then outlines the solution's workflow, architecture, and features. These include automating the approval process, centralized access management, and streamlining user provisioning according to organizational hierarchies and rules. The solution is deployed on common app servers and databases and integrates with SAP systems.
2. Automating Your SAP User Provisioning Process
Contents
Client Pain-points1
Current solutions2
The OneAccess Value3
Process Workflow4
4
Architecture / Functional
45
3. Automating Your SAP User Provisioning Process
Current solutions
Band-aid
Customize third-party workflow tools like Lotus
Notes
Email based approvals or ticket-based (Remedy)
approvals
Paper-based approval
Throwing more resources
Investing in expensive third-party audits
Other high-cost tools
4. Automating Your SAP User Provisioning Process
Client Pain-points
Inadequate change control for User management
Lack of approval/audit trail as structured data
Lost time and budget remediating repeated errors
Master record inconsistencies across SAP systems
No self service for user password reset
Unapproved access for the wrong SAP users
No effective enforcement of roles
5. Automating Your SAP User Provisioning Process
Process flow
Requester registers himself and creates request
for access to SAP System
Approver denies or approves request
Approver approves request Requester account
provisioned in remote SAP system
Admin adds System/Site/SAP Role
Admin adds Approvers
Admin manages SAP system parameters
6. Automating Your SAP User Provisioning Process
The OneAccess Way
Approved access to SAP Systems
Org hierarchy-based and rule-based access control
Centralized SAP security access and policy
enforcement
Streamline and automate approval process
Delegate SAP access approval to local units
Automated creation of users in SAP System
7. Automating Your SAP User Provisioning Process
The OneAccess Value
SOX-compliant
Less resources for User management
Reduced audit costs
Stream-lined access approval
Avoid inappropriate access
Comply to corporate policy
Short Implementation
Value Pricing
8. Automating Your SAP User Provisioning Process
Architecture
Java Web application built on Spring/Hibernate
Deployed on any J2EE application server such as
SAP Netweaver, Apache Tomcat, JBoss,
Weblogic, Websphere, Sun ONE
N-tier software architecture with Domain objects,
Data Access Objects (DAO), Spring Controllers,
JSP pages, Acegi Security, Quartz scheduler, Web
2.0 (Ajax)
All passwords stored in encrypted form
Works on any JDBC-compliant database such as
mySQL, Oracle, SQL Server, Sybase
9. Automating Your SAP User Provisioning Process
SAP Certified (Expired)
Powered by NetWeaver
Product is safe to be deployed in SAP NetWeaver
Environment
Deployed by JSPM or SDM
Solution Manager Ready
Detail application Logging
10. Automating Your SAP User Provisioning Process
Feature List
Cloning users
Reset password
Peer level approval
Approval and rejection by approver
Editing Request by approver
Reports for approver
Upload users and legacy data
Change request tracking
Details reports for Administrator and Audit group
11. Automating Your SAP User Provisioning Process
Sample Process Flow
User Registers
Manager
Approval
Site Rep adds
Role and SAP
System
Status of the
Request Changes
to Approved
Role Owner
Approval
Training
Approval
OA Background
job Provisions
the user
User Created in
SAP
Email
Notification Sent
12. Automating Your SAP User Provisioning Process
Roles and responsibilities
Perform
System settings
Load master
Data
Run audit
Reports
Creates
approver
Trouble shoot
Problems
Approve or
Deny request
Create own
request
Mass approve
request
Review approval
status by system
Change Site
Reports
Register in
OneAccess
Add Request to
System
Add Role to
Request
Change Site
Reset
Password
Review status
Clone Request
Requester Approver Admin
13. Automating Your SAP User Provisioning Process
Site System relationship
Attaches to Location
ECC 6.0
BI 7.0
APO
Location
Role
Role
Role
Role
Role
Role
Approver
14. Automating Your SAP User Provisioning Process
Admin functions
Admin
Functions
Policies
and Setup Loading
Data
Trouble
Shoot
Approver
Setup