SAP Product Road Map SAP Identity Management Road Map Revision: 2016.09.15 Customer Template Revision: 20160104 v4.1
Legal disclaimer The information in this presentation is confidential and proprietary to SAP and may not be disclosed without the permission of SAP. This presentation is not subject to your license agreement or any other service or subscription agreement with SAP. SAP has no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation and SAP's strategy and possible future developments, products and or platforms directions and functionality are all subject to change and may be changed by SAP at any time for any reason without notice. The information in this document is not a commitment, promise or legal obligation to deliver any material, code or functionality. This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a. This document is for informational purposes and may not be incorporated into a contract. SAP assumes no responsibility for errors or omissions in this document, except if such damages were caused by SAP s willful misconduct or gross negligence. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions. Customer 3
Introduction to product road maps Purpose Product road maps are designed to support the product adoption planning activities of SAP customers. A product road map helps a customer match short term and long term goals with technology plans. A product road map describes how the feature / function capabilities in an SAP product or technology are planned to progress over time, in general: Today = changes in the current release version Planned Innovations = changes planned in one or more upcoming development releases (up to 12-18 months). Future Direction = proposed themes for a product or technology beyond the planned releases Complementary resources For a more general description of the business problems / processes being solved and supported by SAP, refer to Solution Road maps. For more detailed technical information please refer to the Product Availability Matrix, Ramp-up Knowledge Transfer materials and product documentation. Customer 4
Table of contents Product Overview Product description Key trends and customer needs Road map overview and major product updates Product Road Map Today Planned Future Appendix Customer 5
Product Overview Product description Key trends and customer needs Road map overview and major product updates
Product description Use centralized software to lower risk and manage the full identity lifecycle of users. Keep operations running efficiently and affordably, while protecting applications and data. Provide user access according to current business roles. Workflows and user interface are highly flexible and configurable without the need for development skills 1. Lower IT support costs and reduce risk with centralized user identity management across SAP, non-sap, various IT and cloud solutions 2. Improve productivity with self-services such as automatic password resets and rules-driven workflows 3. Improve insight and compliance with centralized, integrated logging and reporting 4. Boost flexibility with standards-based functionality that integrates fully with company processes Customer 7
Compliant identity and access management 4 SAP Access Control 5 Risk analysis Risk mitigation 3 6 Forward request for risk analysis Risk status SAP applications Request role assignment 1 SAP Identity Management 2 8 7 Manager approval Non-SAP applications Notification to user and manager Provisioning to target systems SAP SCM Java Active Directory E-mail SAP ERP HCM SAP HCP Legacy Web app SAP ERP Portal OS SAP SuccessFactors Database Customer 8
In the SAP security portfolio SAP Cloud Applications Manage access, users and compliance in the cloud SAP HANA Cloud Platform Identity Authentication SAP HANA Cloud Platform Identity Provisioning* SAP Cloud Identity Access Governance, access analysis service SAP S/4HANA SAP Business Suite SAP Single Sign-On Make it simple for users to do what they are allowed to do SAP Identity Management Know your users and what they can do SAP Access Control Ensure corporate compliance to regulatory requirements SAP Enterprise Threat Detection Counter possible threats and identify attacks Add-On for Code Vulnerability Analysis Find and correct vulnerabilities in customer code 3 rd Party Systems Platform Security Make sure that SAP solutions run securely SAP HANA Cloud Platform SAP HANA SAP NetWeaver Application Server Customer 9 * This is the current state of planning and may be changed by SAP at any time.
Product Road Map Today Planned Future
Product road map overview - key themes and capabilities Today SAP Identity Management Full Identity lifecycle management REST API for SAPUI5 Web user interface administration Dynamic roles management, user interface and workflows Eclipse based development environment Harmonization of development infrastructure Graphical workflow designer Configuration packaging and authorization concept New SAP integration capabilities Full identity lifecycle covered with SAP SuccessFactors integration SAP HANA connector Available on SAP Adaptive Server Enterprise (ASE) database SAP Cloud Identity Planned Innovations Rapid-Deployment Solution package Identity, governance and administration Enhanced integration with SAP GRC to deliver an identity, governance and administration suite User Interface Extensions to the REST API Enterprise readiness Installation with Software Provisioning Manager Further enhance ease of operations Integration Hybrid deployment model: SAP cloud services for identity and access management as extension for SAP Identity Management SAP HANA connector enhancements SAP SuccessFactors connector enhancements Connector Development Kit 2.0 Future Direction Hybrid identity management SAP HANA Cloud Platform Identity lifecycle across on premise and cloud Extend integration with SAP cloud services for identity and access management identity authentication service identity provisioning service access analysis service Integration SAP Ariba SAP Travel Management Solutions (a.k.a. Concur) SAP Hybris SAP Hybris Cloud for Customer SAP S/4HANA Reporting enhancements (Release 8.0, SP3) Customer 12 This is the current state of planning and may be changed by SAP at any time.
Product road map overview - key themes and capabilities Today SAP Identity Management Full Identity lifecycle management REST API for SAPUI5 Web user interface administration Dynamic roles management, user interface and workflows Eclipse based development environment Harmonization of development infrastructure Graphical workflow designer Configuration packaging and authorization concept New SAP integration capabilities Full identity lifecycle covered with SAP SuccessFactors integration SAP HANA connector Available on SAP Adaptive Server Enterprise (ASE) database SAP Cloud Identity Planned Innovations Rapid-Deployment Solution package Identity, governance and administration Enhanced integration with SAP GRC to deliver an identity, governance and administration suite User Interface Extensions to the REST API Enterprise readiness Installation with Software Provisioning Manager Further enhance ease of operations Integration Hybrid deployment model: SAP cloud services for identity and access management as extension for SAP Identity Management SAP HANA connector enhancements SAP SuccessFactors connector enhancements Connector Development Kit 2.0 Future Direction Hybrid identity management SAP HANA Cloud Platform Identity lifecycle across on premise and cloud Extend integration with SAP cloud services for identity and access management identity authentication service identity provisioning service access analysis service Integration SAP Ariba SAP Travel Management Solutions (a.k.a. Concur) SAP Hybris SAP Hybris Cloud for Customer SAP S/4HANA Reporting enhancements (Release 8.0, SP3) Customer 13 This is the current state of planning and may be changed by SAP at any time.
Full identity lifecycle Today How long does it take for new employees to receive all permissions and become productive in their new job? How can you remove permissions automatically if employees change their position? Are permissions automatically adjusted if someone is promoted to a new position? How long does it take to remove ALL permissions of an employee? And how can you ensure that they were properly removed? Who has adequate permissions to fill in for a coworker? Customer 14
Various reporting options Today Basic Reporting Focus: Static, printable reports Report creation on database level Extended Reporting with SAP Business Warehouse (SAP BW)* Focus: Dynamic reports, offering more, highly detailed, and customizable reporting options Data is extracted on a regular basis (as per defined job) Predefined report templates available, custom reports can be defined filtering, sorting, export to MS Excel, CSV, PDF, send via e-mail, etc. Reporting with SAP BusinessObjects Lumira** Focus: Customer-specific reports/analyses for identity management Rich graphical capabilities for visualizing and utilizing reported data Low integration and maintenance efforts Easy extension Change history up to the time of last synchronization * SAP BW is not part of the SAP Identity Management license ** SAP Lumira, desktop edition license is included Customer 15
Dynamic roles management, user interface and workflows Today Automated generated user interfaces, flexible workflows and context based roles simplify adjustments based on changing business requirements Flexible workflows for permission requests Automatic generated user interfaces Creation and customization of user interface attributes Automatic user interface structures Context and rule based permission and role assignment Reduction of business roles Better usability for end users by requesting permissions Unlimited role hierarchies Customer 16
Eclipse based development environment Today New development authorization concept UME based user access Fine grained access controls Multi-user environment Harmonization of development JavaScript language support Revision-control Development lifecycle Graphical workflow design Configuration package concept Web user interface administration Web-based management interface Improved usability Standardization Customer 17
Configuration packaging and authorization concept Today SAP Identity Management delivers a framework and connectors as configuration packages, allowing version and transport management and supporting different roles managing the application Configuration packages are now version controlled, logged and reversible Easy to transport Several developer users can work in parallel on different packages Developer, administrators and support have various roles and authorizations Customer 18
SAP SuccessFactors integration Today Business process integration with SuccessFactors 1 Personnel action in HR New hire, termination, change of position etc. 5 At relevant date Provisioning of role and authorization information to relevant target systems 2 3 Based on organizational 4 data in HR automatic Event-based extraction role assignment of personnel data possible SAP ERP HCM Manager approves the assignment SAP ERP HCM SAP CRM HR Operations SAP Identity Management Line Manager SAP Portal Customer 19
SAP ASE database support Today SAP Identity Management running on SAP software Optimized performance Based on SAP s acquisition of Sybase with many years of relational database experience License advantages running all SAP applications on SAP databases (SAP HANA, SAP ASE, SAP IQ) Database NEW: SAP ASE IBM DB2 Microsoft SQL Server Oracle Customer 20
Integration with SAP HANA Cloud Platform Identity Authentication Today Integration between SAP Identity Management and SAP HANA Cloud Platform Identity Authentication can provision users and enables access to cloud applications Loading users and their attributes to and from SAP HANA Cloud Platform Identity Authentication service Creating and updating users Setting a productive password for a user De-provisioning users SAP HANA Cloud Platform Identity Authentication Cloud On premise SAP Identity Management Customer 21
Product road map overview - key themes and capabilities Today SAP Identity Management Full Identity lifecycle management REST API for SAPUI5 Web user interface administration Dynamic roles management, user interface and workflows Eclipse based development environment Harmonization of development infrastructure Graphical workflow designer Configuration packaging and authorization concept New SAP integration capabilities Full identity lifecycle covered with SAP SuccessFactors integration SAP HANA connector Available on SAP Adaptive Server Enterprise (ASE) database SAP Cloud Identity Planned Innovations Rapid-Deployment Solution package Identity, governance and administration Enhanced integration with SAP GRC to deliver an identity, governance and administration suite User Interface Extensions to the REST API Enterprise readiness Installation with Software Provisioning Manager Further enhance ease of operations Integration Hybrid deployment model: SAP cloud services for identity and access management as extension for SAP Identity Management SAP HANA connector enhancements SAP SuccessFactors connector enhancements Connector Development Kit 2.0 Future Direction Hybrid identity management SAP HANA Cloud Platform Identity lifecycle across on premise and cloud Extend integration with SAP cloud services for identity and access management identity authentication service identity provisioning service access analysis service Integration SAP Ariba SAP Travel Management Solutions (a.k.a. Concur) SAP Hybris SAP Hybris Cloud for Customer SAP S/4HANA Reporting enhancements (Release 8.0, SP3) Customer 22 This is the current state of planning and may be changed by SAP at any time.
Identity, governance and administration Planned Innovations SAP Identity Management and SAP Access Control as a seamless integrated identity, governance and administration solution Unified business role management Centralized audit of provisioning and governance processes Access Control as Business Role Modeling tool SAP Access Control Audit Identity Management provisioning to all connected systems Access Control manages authorization governance Roles User interface SAP Identity Management Customer 23 This is the current state of planning and may be changed by SAP at any time.
Enterprise readiness ease of operation Planned Innovations Supportability and monitoring Provisioning monitor presenting workflows and processes execution Analyzing potential erroneous situations Proposals for forward actions for pending steps Installing and updating with SAP SWPM* tools SAP standard installation and update toolset usage Automation of the manual steps Post installation configuration simplification Ensured integrity of all product components SAP SWPM = SAP Software Provisioning Manager Customer 24 This is the current state of planning and may be changed by SAP at any time.
Integration Planned Innovations New integration scenarios for on premise and cloud solutions SAP cloud services for identity and access management SAP HANA connector enhancements SAP SuccessFactors connector enhancements Connector Development Kit 2.0 Customer 25 This is the current state of planning and may be changed by SAP at any time.
rapid-deployment solution Solution components and service approach Planned Innovations Short project times Reduced TCO Standard solution Simplify assignment and management of roles and privileges to users Connection of 1 source- and 2 target systems Automatic authorization assignment Approval workflows Implement best practices out-of-the-box with a fixed scope, most important and common scenarios, e.g. defined set of customer specific configuration, connection of source and target systems, provisioning, etc. Pre-configured functionality of SAP Identity Management in a development system Mass user administration jobs Support of system specific attributes Enhanced error handling Predefined HTML based reports E-mail notification framework New web UI tasks Step-by-step guide, describing each activity during deployment Solution can be extended with additional scope options Scope option 1: Go-live support Scope option 2: Connection to one additional SAP target system multiple scope options 2 for the connection of multiple additional SAP target systems can be selected. Scope option 1: Additional Go-Live support Scope option 2: Connection to additional SAP systems Customer 27 This is the current state of planning and may be changed by SAP at any time.
Product road map overview - key themes and capabilities Today SAP Identity Management Full Identity lifecycle management REST API for SAPUI5 Web user interface administration Dynamic roles management, user interface and workflows Eclipse based development environment Harmonization of development infrastructure Graphical workflow designer Configuration packaging and authorization concept New SAP integration capabilities Full identity lifecycle covered with SAP SuccessFactors integration SAP HANA connector Available on SAP Adaptive Server Enterprise (ASE) database SAP Cloud Identity Planned Innovations Rapid-Deployment Solution package Identity, governance and administration Enhanced integration with SAP GRC to deliver an identity, governance and administration suite User Interface Extensions to the REST API Enterprise readiness Installation with Software Provisioning Manager Further enhance ease of operations Integration Hybrid deployment model: SAP cloud services for identity and access management as extension for SAP Identity Management SAP HANA connector enhancements SAP SuccessFactors connector enhancements Connector Development Kit 2.0 Future Direction Hybrid identity management SAP HANA Cloud Platform Identity lifecycle across on premise and cloud Extend integration with SAP cloud services for identity and access management identity authentication service identity provisioning service access analysis service Integration SAP Ariba SAP Travel Management Solutions (a.k.a. Concur) SAP Hybris SAP Hybris Cloud for Customer SAP S/4HANA Reporting enhancements (Release 8.0, SP3) Customer 28 This is the current state of planning and may be changed by SAP at any time.
Strategy Future Direction SAP Identity Management will integrate further with new and innovative solutions SAP HANA Cloud Platform SAP Identity Management will support cloud environments via an integration with SAP cloud services for identity and access management or direct via cloud connectors Customer 29 This is the current state of planning and may be changed by SAP at any time.
Summary SAP Identity Management is managing the full identity lifecycle to support heterogeneous system landscapes. A recent enhancement is the design time user interface based on Eclipse to configure and enhance the solution. Furthermore there are new connectors for SAP landscapes available and SAP Identity Management now also runs on the SAP ASE database. Other cloud apps In the future SAP plans to improve the integration with SAP Access Control, make it easy to install and operate and enable new integrations with additional SAP solutions The vision is an integrated and hybrid deployed security suite of SAP Identity Management, SAP Access Control, SAP Cloud Identity Access Governance services and SAP Single Sign-On to support customers IT landscape strategy in the coming years SAP cloud IAM services SAP Identity Management Cloud On premise Customer 30 This is the current state of planning and may be changed by SAP at any time.
Key links for more information For customers and partners Related roadmaps and key links Road maps on SAP.com www.sap.com/roadmaps SAP Single Sign-On SAP Enterprise Threat Detection SAP Solutions for Governance, Risk, and Compliance (for SAP Access Control content) SAP Community Network http://scn.sap.com/community/idm http://scn.sap.com/community/security http://scn.sap.com/community/sso Where to go to provide product feedback and ideas SAP Idea Place https://ideas.sap.com/sapidm Influence programs http://service.sap.com/influence SAP User Groups http://www.sapusergroups.com/ Customer 31
Thank you Road map contacts for customers and partners Plamen Pavlov Plamen.Pavlov@sap.com 2016 SAP SE or an SAP affiliate company. All rights reserved.
Acronym glossary Acronym Full Text SAP IdM SAP GRC SAP HCP SAP HCM SAP ASE SAP SWPM SAP UI5 REST API SAP Identity Management SAP Governance Risk and Compliance SAP HANA Cloud Platform SAP Human Capital Management SAP Adaptive Server Enterprise, formerly SAP Sybase ASE SAP Software Provisioning Manager SAP UI5 is based on OpenUI5, an JavaScript application framework (open source project), designed to build cross-platform business applications Application Programming Interface (API) to the Representational State Transfer (REST), a web services programming paradigm Customer 33
2016 SAP SE or an SAP affiliate company. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. Please see http://global12.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices. Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP SE or its affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP SE or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation, and SAP SE s or its affiliated companies strategy and possible future developments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forwardlooking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions. Customer 34