SailPoint ISC capabilities & features supported for SAP systems

bhuvi_kpmg · July 15, 2024, 11:00am

I have specific questions for SailPoint ISC supported features & capabilities when it comes to integration with SAP systems :

What are the SAP platforms integration (provisioning and de-provisioning of account and access) supported by Sailpoint IDN ?
Do Sailpoint supports provisioning and de-provisioning of SAP TCodes, & Authorization objects also also or it just supports only at SAP roles ?
Can Sailpoint IDN talk to SAP GRC for SoD check when a user request for access in SAP, then dynamically request for SAP security team/SAP owner approval when conflicting access is requested (if no conflicting access requested do not send it to such team)
If SoD is found, can the mitigating controls be applied from Sailpoint console which can apply in SAP GRC through connector or we need to apply mitigation control in Sailpoint + SAP GRC
Can we configure all SoD rules in Sailpoint IDN and perform SoD check within Sailpoint instead of checkingin SAP GRC?
Can Sailpoint IDN support cross applications SoD (SAP + no-SAP applications) ?

udayputta · July 15, 2024, 12:48pm

Can Sailpoint IDN talk to SAP GRC for SoD check when a user request for access in SAP, then dynamically request for SAP security team/SAP owner approval when conflicting access is requested (if no conflicting access requested do not send it to such team) - Yes SailPoint can raise a request to GRC for access request made in ISC. There should be approval workflows in GRC to validate SOD checks and assigne to mitigation owners. ISC can only raise request to GRC, if you are looking to do SOD checks for request dynamically then you need to bring in all the SOD policies. Which will be a duplicate effort.
If SoD is found, can the mitigating controls be applied from Sailpoint console which can apply in SAP GRC through connector or we need to apply mitigation control in Sailpoint + SAP GRC - Yes if you bring in SOD to SailPoint you need to also create mitigration control in SailPoint.
Can we configure all SoD rules in Sailpoint IDN and perform SoD check within Sailpoint instead of checkingin SAP GRC? - This depends on the design and what client need after doing pro’s and cons check
Can Sailpoint IDN support cross applications SoD (SAP + no-SAP applications) ? - Yes SailPoint supports cross app SoD check with SAP and non-SAP systems.

Thanks,
Uday

system · September 13, 2024, 12:49pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
SAP process orchestration integration ISC Discussion and Questions identity-security-cloud , connectors	2	16	October 1, 2024
Supported Managed Systems Connectivity Documentation Feedback va-con-docs , sap-con-docs	1	6	November 4, 2024
SAP GRC Connector - Connection Method ISC Discussion and Questions identity-security-cloud	4	93	October 5, 2024
Which SAP connector supports SAP Business intelligence ISC Discussion and Questions identity-security-cloud , connectors	1	19	October 18, 2024
SailPoint IDN PAM Requirement ISC Discussion and Questions identity-security-cloud	3	145	June 15, 2024