Journey to the cloud: How SailPoint and SAP are helping enterprises secure access to critical SAP resources

Author: Jody Paterson, Sr. Director, Technology Alliances

The development, implementation and maintenance of SAP applications ranks as one of the most critical and ongoing IT investments for today’s enterprises.

SAP’s introduction of cloud-based S/4HANA as a replacement for on-premises SAP ERP Central Component (SAP ECC) and the company’s expanded focus on cloud-based applications like Ariba, Concur and SuccessFactors further underscores that cloud migration is a priority for SAP.

This represents a significant sea change for SAP customers – and a critical planning dilemma: How to secure access to key SAP applications and protect considerable internal SAP investments while also making the transition to the cloud?

SailPoint and SAP: Identity security for key SAP applications

Today’s enterprise environments are comprised of many applications with different architectures and deployment models, delivered by a host of different vendors and service providers, making securing access to business assets a challenge for most organizations.

At SailPoint, we support more than 1,100 enterprise applications and 20,000 custom applications. Our technology allows customers to extend, connect, and integrate core identity security capabilities with the critical business applications they use every day, all under a single identity umbrella, which is essential in jumpstarting identity security time-to-value.

SailPoint’s strategic technology collaboration with SAP is an example of this. SailPoint develops comprehensive integrations for a range of SAP applications that align with both industry best practices and SAP technical requirements to help organizations secure critical access – and help provide peace of mind as they transition to the cloud. SailPoint Identity Security Cloud is a unified, AI-powered approach with a scalable SaaS architecture that is designed to meet identity security needs for every type of identity at every phase of the identity security lifecycle. SailPoint Identity Security Cloud is a market-tested solution for SAP Identity Management (SAP IDM) customers as they prepare for the end of maintenance of SAP IDM in 2027.

Journey to the cloud: Focus on best practices, alignment with SAP architecture

SailPoint’s approach to identity security for SAP applications aligns with SAP’s strategic vision, reference architecture, product offerings, integration landscape, methodologies, and roadmap. Our integration with SAP’s Identity Provisioning Service (IPS) gives customers the ability to quickly extend identity security to the most widely used SAP cloud applications. This core identity security functionality includes access requests, access approvals, lifecycle management, internal certifications, and insights to provide deep governance for critical SAP applications, whether on-premises or cloud.

According to SAP’s System Integration Guide, SAP Cloud Identity Services are a group of services within the SAP Business Technology Platform (BTP) that operate as an interface to integrate identity and access management (IAM) between systems. The goal is to provide a seamless user access management experience across systems while also ensuring secure access.

The SAP Local Identity Directory serves as the central repository for storing user and group information within SAP Cloud Identity Services (CIS). As the authoritative source for SAP ecosystem users, it holds crucial data accessible through both APIs and the Identity Authentication service UI.

Graphic source: SAP CIO Guide: Identity Lifecycle in SAP Landscapes, p. 30

SailPoint anticipates continued expansion and integration with SAP applications and systems for efficient management of users and entitlements. This extends to SAP cloud applications, on-premises systems and other non-SAP applications in the customer’s ecosystem to deliver a unified perspective and governance of their entire organizational landscape.

Strategic SAP connectivity available today

SailPoint has helped hundreds of enterprises secure their most critical SAP resources as they make the transition to the cloud. SailPoint Connectivity for SAP includes:

• Core SAP applications: Integrated identity security solution that lets organizations easily manage and auto-provision access and perform access certifications for select, core SAP systems, including HR/HCM data, ECC, Enterprise Portal, S/4 HANA on-premises, and the HANA database.
• SAP cloud applications & systems: Includes a comprehensive suite of integrations for key SAP cloud applications, including SAP Fieldglass, SAP Concur,SAP Analytics Cloud, SAP Ariba, SAP SuccessFactors, S/4HANA Public Cloud, S/4HANA Private Cloud, HANA database and othersviaSAP IPS Proxy. SailPoint connectivity provides easy extensibility where necessary to help meet customer requirements for deeper context and governance via REST, SCIM, and other standard connectivity options.
• SAP GRC: Includes a deep integration with SAP GRC for provisioning to GRC-connected SAP applications and provides risk analysis of access requests to enforce governance controls around logical access and separation of duties (SoD) conflicts.

Using well-established industry standards and SAP best practices, SailPoint delivers an integrated, holistic approach in partnership with SAP to build effective integrations for IT environments and help organizations secure access to key SAP applications.

Learn more

SailPoint can help organizations manage access to important SAP applications, improve security postures, satisfy compliance requirements, deliver a clear view of access across the organization, and securely transition to the cloud.

• Learn more about how SailPoint integrates with SAP applications
• Find out more about Identity Security Cloud and how we can help you jumpstart or continue your identity security journey