SAP Identity Management Review

Automatic user provisioning is valuable but could use better cloud integration connectors

What is our primary use case?

Our primary use case is basically focused on SAP landscape, the complete SAP User Lifecycle. We're currently using SailPoint and SAP Identity Management. As part of a dissertation I'm working on to evaluate whether it's possible to have the complete User Lifecycle in our company with one tool, or whether it makes sense to have one IDM system only for SAP work and another one for everything else.

How has it helped my organization?

Automatic provisioning by designed workflows are valuable in any authorization audit. Information can be retrieved very quickly who approved which authorization when. Further it helps reducing help desk calls / Tickets as standard tasks like Password Reset will be deliverd as Self Service to every user in the organization. Paper based requests are nearly gone and roles will be requested thru SAP IDM.

What is most valuable?

The valuable feature for me is the automatic user provisioning. It provides basic automatic user administration and role provisioning to save time. It also provides other reset features and has a self-service for end users.p>

What needs improvement?

I believe they could make a lot of improvements on SAP IDM. The user interface is not satisfactory and is only available in Web Dynpro and you need Fiori to maybe get some enhancements, but that's not so easy. There is also a lack of startup connectors to different systems, and they could have better cloud integration connectors for SAP IDM. If you want to connect to a third-party system, you have to customize which is not really SAP standard. They could really have more and better connectors.

If you compare it to SailPoint, they have documented 50+ how to guides for connecting different systems. IDM has only few standard connectors so there's room for improvement.

For how long have I used the solution?

My company has been using SAP IDM since 2010 or 2011, and I've been using the product for four years.

What do I think about the stability of the solution?

I cannot really comment on stability because it's hosted by a third-party vendor and not by us, and stability of the software depends on them. They had some bugs in the SP5 implementation so that some scripts were not pulled correctly. But with the latest SP upgrade to SP7, they fixed a lot of that.

How are customer service and technical support?

We've used technical support. SAP's ticket system takes some time before you really get a developer who can help you, because at first you have the ticket ping pong, and then it takes some time to get the real help if you're not directly approaching the Quality Manager of SAP. It initially took two weeks to get good support but after that I was satisfied.But it takes some time to get the guy who can help you.

How was the initial setup?

I think setup would be easy if you're using the standard product, but then you're very limited. If you're not using the 100% standard, it's complex to do the upgrade. We upgraded from 7.2 to 8.0 last year, and it was pretty complex but we rebuilt it completely.

What other advice do I have?

I would suggest carrying out some requirement engineering before choosing any system. If you're really SAP-dominated, it makes sense to go to SAP IDM, because it's more or less a niche product. But if you have a really hetero system landscape, it makes sense to evaluate other systems because I think the effort for having connectors developed or customized for non-SAP systems can be huge. You can save time and money if you really choose a vendor or application which has mostly standard connectors. If you use SAP around 70%-80% of the time in your company, it makes sense to have SAP IDM. Everything else needs evaluation.

I would rate this product a seven out of 10.

Which deployment model are you using for this solution?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment