What is most valuable?
The most valuable aspect of the product is the provisioning of a lot of SAP systems. It offers automated provisioning.
It works for the standard AD provisioning, Active Directory provisioning, from Microsoft.
The integration capabilities are good. It works well for other SAP products, however, there is some gap between the non-SAP systems, all of the non-ABAP system, to be specific.
What needs improvement?
The automated provisioning only works well with the SAP products and there are some problems with the non-SAP products. Even if it is SAP, if it is a non-ABAP system, it is a little bit problematic.
We find it hard to translate things into the SAP world.
SAP has introduced IAG, Identity Access Governance. That piece does the risk analysis, as far as I know, however, the IAM doesn't do that. The risk analysis is doing the checks of whether you have access to set up things which have conflicts, like creating an employee and paying the employee. That kind of access. The IAM is basically not doing the same kind of checks as the IAG.
I have heard that IAG can do risk analysis, however, what we have done at one client is we have the IAG management solution from SAP, and then it was tied to a solution of SAP called GRC, GRC Access Control, and then we were running the risk analysis from there. There are multiple levels of interfaces involved, it's not a one-stop solution. It is overly complex.
You have to interface IDM with SAP and GRC, and then GRC will check into the actual plugin system. Due to the fact that it is multiple levels of interface that you need to deal with, sometimes, if something fails, it's very hard to troubleshoot.
You do need to be knowledgeable about the solution. It's not a good product for beginners, especially in terms of deployment.
How was the initial setup?
The initial setup is a bit complex. You need to know a bit about SAP. It's not something a beginner should try. You need experience, especially from a security perspective.
What other advice do I have?
We are a partner. I'm working for a consulting firm and we provide our services.
While we mostly deal with hybrid cloud deployments on AWS, we have seen clients go completely to the cloud and use Azure as well.
We're largely happy with the solution, however, if the risk analysis was a one-stop-shop, that would be really great. Otherwise, from the administrative point, if it is made a little bit simpler for someone to understand, it would not require a lot of experience to implement it from the security standpoint. It's a little complex to understand for a beginner.
Overall, I would rate the solution at an eight out of ten.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)