Increased SAP Security thanks to IAM
Security in the SAP system
Reliably manage permissions and increase your system security in both on-prem and cloud environments!

Increase your system security and reliably manage permissions

Security is an issue that is becoming increasingly important in all sectors. SAP Security should always form part of companies’ and SAP customers’ IT security strategy if they are to significantly reduce the risk of security breaches. As IT systems are becoming ever more complex, so too are internal and external transparency, risk management and compliance requirements, and thus also identity and access management (IAM) requirements. The system landscape’s security and compliance can only be reliably guaranteed if it is systematically and regularly checked for vulnerabilities and unauthorized access.

Make your permissions management activities in SAP efficient

Preparing SAP permissions

Which user is allowed to access what in the SAP system, and what are the differences between the various roles? Have critical permissions been granted, or do separation of duties violations exist? Are there any missing permissions in the system? Have you asked these questions yourself?

Permissions generally regulate system users’ access to data in the system, and they are an important factor with regard to developing a holistic security concept. Providing each user with the appropriate permissions in the system for their tasks in accordance with the rules is particularly relevant if the possibility of risks is to be excluded to the greatest extent possible. Efficient access management is therefore an essential investment in any company’s security and protection.

The SAP Authorization Concept forms the foundation of an SAP system’s security. It can be used to comprehensively secure access to important company information and data, not to mention programs and transactions in the SAP system. A company’s organization and access privileges are mapped as accurately as possible. The multitude of functions in the SAP system (e.g. in SAP ERP/ S/4HANA) results in a high level of complexity with respect to creating roles and a securely established authorization concept. Additionally, it is important to examine and include the company’s internal and external aspects accordingly. If appropriate access privileges and permissions assigned to users in your SAP system are not regulated, you are putting both security and secure operation to the test.

Protect your company from unauthorized access and increase your IT security with efficient identity management and the right authorization concept! We help you – from the planning process to implementing your individual SAP permissions management solution. By implementing best practices, we effectively speed up project terms, cutting implementation costs.

Redesigning SAP permissions

Over the years, SAP systems in companies often develop into a confusing construct. Users with more extensive permissions than they need to complete their everyday work aren’t the only problem. Other issues might be that you have lost track of overviews, and framework conditions are changing. This allows the security vulnerabilities in the system to become larger and larger.

So redesigning and managing SAP permissions is a vital and important component of SAP Security and a complex and ambitious challenge for any company. There can be a great many reasons why a company might choose to redesign SAP permissions, including the likes of the role concept being unclear, or changing over to SAP S/4HANA in a timely manner.

By conducting a systems analysis beforehand, we show you the ideal way of effectively redesigning your SAP users! The findings obtained from the analysis form the foundation of the overall project scope and the estimation of the project duration. With our consultants’ know-how, we assist you with permissions for your users, making sure that you are playing it safe.

We offer you a free initial audit of your SAP infrastructures’ security! Learn during a live demonstration which security vulnerabilities may exist in your system and whether your authorization concept meets the legal requirements, your personal requirements and your internal control system (ICS) requirements. During the design process, we always keep sustainability and investment protection in mind. We aim to keep your administration and audit costs low in the long term.

SAP system security – uncovering risks and securing systems

Cyber attacks are no longer uncommon nowadays. Increasingly complex SAP infrastructures offer a large attack surface for hackers to gain unauthorized access. In many cases, companies still greatly underestimate the risk since they are not fully aware of security as an issue and due to the fact that responsibilities are unclear. So conducting regular system monitoring and audits is important if you are to protect your company in the long term. Here, all levels of the SAP environment must be viewed holistically – because even a small security vulnerability can lead to a high risk. By bringing ORBIS on board, you are protecting your SAP systems and interfaces from unauthorized access and are consistently securing your systems in accordance with DSAG and BSI audit guidelines.

In addition to dealing with the topic of cybersecurity, companies must also undertake to fulfil legal requirements and operate systems properly.

We perform numerous audits to increase your SAP Security

Our comprehensive audits include an audit of your system environment, an audit of RFC interfaces and an audit of permissions. In particular, interfaces in SAP systems are often not fully taken into account. However, securing them is a highly relevant issue. In our experience, almost every audited system contains unprotected interfaces, making them an attractive target for hackers. The figure below provides a detailed overview of the scope of our audits.

System environment auditRFC interfaces auditPermissions audit
  • Operating systems
  • Databases
  • Network configurations
  • SAP® ABAP Stack, JAVA Stack and HANA instances
  • SAP® Parameters
  • SAP® Mobile
  • SAP® BW configuration
  • Basic settings in the FI and HR modules
  • Registered SAP® Software Change Registration (SSCR) objects
  • Reports without a permissions check
  • Modified objects
  • Transport with critical content
  • Analysis of incoming and outgoing RFC connections
  • Analysis of incoming and outgoing HTTP connections
  • Database connection analysis
  • Trusting relationship analysis
  • Evaluation of system traces
  • Generation of suitable RFC roles at the push of a button
  • Support for SAP® Gateway protection
  • Analysis to ensure compliance with legal regulations
  • Analysis to ensure compliance with corporate regulations
  • Analysis to ensure SOX compliance (compliance with the Sarbanes-Oxley Act)
  • Analysis of conflicts (segregation of duties)

SAP Cloud Identity Services – reducing security risks in the cloud

Cloud solutions are becoming increasingly important. The issue of security in particular plays a major role here, and should not be disregarded under any circumstances. Hybrid landscapes – such as a two-tier approach – combine both on-prem and private and public cloud solutions. The implementation of security functions is absolutely indispensable here too! If a suitable identity access management strategy is not implemented, this can quickly cause confusion and result in risky security vulnerabilities.

Identity and Access Management (IAM) generally describes the central management of identities and access privileges on different systems and applications. IAM is thus capable of efficiently granting and revoking users’ access privileges. Central permissions management leads to a better complete overview. IAM consists of the areas of identity management and access management.

SAP Cloud Identity Services provide basic user authentication and provisioning functions. The aim is for only authorized SAP users to be granted access to the cloud and local resources and for corresponding SAP permissions to be allocated.

Based on the Business Technology Platform (BTP), SAP offers various cloud identity services for access management. The most relevant services are the SAP Cloud Identity Authentication Service (IAS) and the SAP Cloud Identity Provisioning Service (IPS). There is also the SAP Cloud Identity Access Governance (IAG) Service. SAP IAS and SAP IPS are provided as components of SAP Cloud Identity Services.

Identity Authentication Service (IAS)

The Identity Authentication Service is the central point for authentication of every SAP cloud application and performs a great many functions. Some SAP cloud solutions – such as SAP Analytics Cloud, Integrated Business Planning or SuccessFactors – are already pre-integrated with Identity Authentication by default. However, SAP IAS offers a range of more interesting features that a traditional identity provider cannot provide. It can assume the role of identity provider and centrally manage users. Alternatively, it can also be operated as a proxy (an intermediary within a network) to other corporate identity providers (such as AzureAD, ADFS or LDAP servers).

IAS is a cloud service that enables single sign-on for SAP applications in the cloud. It also provides authentication, identity federation and user management services.

Identity Provisioning Service (IPS)

The Identity Provisioning Service provides comprehensive user management throughout the user’s entire lifecycle. The service is used to create users in all systems and provide them with the permissions and roles they need. Together with the IAS, which ensures user authentication in particular, this service provides an end-to-end solution for identity and access management, thereby meeting an important requirement for all modern IT integration or extension scenarios. SAP IPS is particularly suitable for use in hybrid system landscapes and can also integrate non-SAP systems.

Our experts find the ideal solution for your SAP security

Do you need help with securing your systems? Our consultants will show you the ideal approach based on your individual needs and individual processes. From a non-binding consultation and an initial security check to implementation – we offer you holistic advice on the topics of SAP system security, SAP authorization concept and Identity and Access Management (IAM). Individual security solutions for your SAP infrastructure!

Are you interested in receiving more information? Feel free to contact us!
Florian Six, ORBIS Group, SAP Solutions

I am here for you

Florian Six (Sales SAP)

Tel.: +49 4131 28 757 41
E-Mail: florian.six(at)

Matching Webcasts
Learn more about the optimal protection of your SAP systems and a holistic user access management in just 30 minutes.
Tel.: +49 681 9924-0