These days, the occurrence of an IT security incident is less a question of "if" than "when". Meanwhile, companies' own employees are causing these events more and more often, whether by accident or with malicious intent.

The SAST SUITE's modules for identity and user access management are designed to provide the exact support you need in implementing your

authorization concept by notifying you of violations immediately - not after the damage has already been done.

With the SAST SUITE, your authorization management is sure to be consistent, comprehensive, and transparent.

"Our experience is that the effort for SAP role and authorization administration can be reduced by up to 80 % with the help of the SAST SUITE."

— Steffen Maltig
Head of SAST CONSULTING
SAST AUTHORIZATION MANAGEMENT

Real-time analysis of authorizations and segregation of duties.

Are you looking to implement an authorization concept that covers multiple clients and systems in your SAP landscape?

With the SAST authorization management, you can make sure your concept is comprehensive and includes strict authorization controls. This module compares all the roles and objects in your SAP systems against a segregation of duties (SoD) matrix, improving your ability to identify critical access attempts through your SAP authorization concept and detect potential SoD conflicts in real time - and most importantly, before your production system is affected.

Plus, your concept will be the only source auditors need for qualified key figures. SAST makes it possible to monitor and analyze SAP authorizations, combinations, processes, and SoD rule sets based on preconfigured or freely definable SoD matrixes.

How SAST SUITE can assist you

  • All critical authorizations and SoD conflicts are completely transparent - for all essential SAP modules delivered as standard
  • Predefined rule sets for SoD violations and critical access attempts
  • Simulation of roles for SoD conflicts and recommendations for role templates
  • Evaluation and blocking of inactive users
  • Real-time verification of your SAP transactions
  • Simplified revision audits
  • You can adopt your own policies and audits

Are you already familiar with our add-on for this module, SAST Enhanced SoD and Control Reporting? It's designed to give you a way to communicate and collaborate on the basis of Excel, which makes things easier to understand for user departments, managers, external auditors, and others who aren't experts in SAP.

SAST USER ACCESS MANAGEMENT

Audit-compliant administration of users, roles and authorizations.

Managing a large number of user accounts often presents companies with serious challenges, especially when you consider how complicated most of the available standard tools are. It's particularly difficult when user identities need to be maintained in several systems, directory services, or databases.

The lack of an option to manage user IDs and authorizations across multiple systems in a transparent way not only leads to insufficient clarity and SoD conflicts; it also requires more effort to address these issues.

With our SAST User and Access Management module, you'll have an efficient, user-friendly, and secure means of both monitoring and managing the identities, roles, and authorizations of your SAP users.

This module will provide you with key information on authorizations and structures, help pinpoint your current risks and security vulnerabilities, and enable you to freely define the responsibilities of your organizational areas - including for HR and role managers and user and role administrators. It's also possible to configure the approval steps necessary for each individual SAP workflow.

How SAST SAST can assist you

  • Reduces effort through automated authorization requests
  • Automated SoD analyses and user mass-requests
  • Out-of-the-box approval workflow and tailored to your needs
  • Provisioning of SAP users fully automated
  • All IDM and access control scenarios are supported and can be individually modified
  • Increases transparency by facilitating customizable authorization management and seamless tracking of all changes
  • Assesses risks and detects assignments of critical authorizations in real time
  • Fulfilment of legal demands on the documentation requirements
  • Option to integrate mobile request and approval workflows via web user interface
  • Workflow integrates directly into SAP
SAST ROLE MANAGEMENT
Preserve your resources by automating your SAP role generation.

Preserve your resources by automating your SAP role generation.

Real-world situations consistently show that growing structures quickly make the assignment of authorizations difficult to manage without a significant amount of manual effort. This is particularly true when authorizations need to be assigned in a compliant manner that prevents SoD conflicts.

Enter the SAST Role Management - a secure, efficient, and cost-effective solution for optimizing your existing roles and organizing them in a clearly arranged role management system.

SAST will aid you in determining which authorizations are needed, creating new roles, and of course, handling the ongoing administration of your authorization concept. In doing so, you can decide whether to build on SAST Suite's predefined role templates or define your roles through automated analysis of your users' activities and the transactions they execute. This also means that you can easily carry out rollouts and mass changes at the object or field level.

How SAST SUITE can assist you

  • Significant reduction of effort and costs in complex authorization projects during day-to-day business
  • Reduces risk through conflict-free authorization roles and can be fully customized
  • Analyzes and manages roles across systems, automates mass role generation
  • Detailed analysis of usage incl. overview of unused roles
  • Analyzes critical authorizations and existing SoD conflicts
  • Automatically produces documentation to ensure audit security and compliance
  • Multi-system role evaluation and administration.
  • Integrates seamlessly with standard SAP software (profile generator, etc.)
SAST SAFE GO-LIVE MANAGEMENT
SAST Safe Go-Live Management: Carry out faster, smoother authorization projects.

Carry out faster, smoother authorization projects.

Are you developing a new authorization concept or planning to redesign your SAP authorizations, for example in the context of a S/4HANA migration? If so, our SAST Safe Go-Live Management can save you a tremendous amount of time and organizational effort.

Our software starts by analyzing your users' behavior at the outset of your project. It automatically identifies all the authorizations they utilize and incorporates them into your new model without any additional effort. If users are missing authorizations they had before the transition, they can activate a fallback function to have their privileges restored right away. Meanwhile, the main advantage you'll enjoy is that your day-to-day business will continue on uninterrupted.

How SAST SUITE can assist you

  • Implements tailored roles with clean authorizations at the click of a mouse
  • Significantly accelerates projects involving new or redesigned concepts
  • Protecting your resources thanks to highly automated processes
  • Lower project costs and no additional licensing costs for reference and fallback users
  • Makes it possible to overhaul authorizations without disruptions and enables your daily business to continue unhindered

Our consultants will be happy to lend a hand in preparing and implementing an authorization concept that meets your specific requirements.

SAST SELF-ADJUSTING AUTHORIZATIONS

Reduce your rol(l)es almost by itself.

It's a well-known fact at every company that has SAP systems: User authorizations are continually being optimized. But what doesn't happen nearly often enough is the removal of transactions no longer in use in the roles. This is a completely avoidable cause of risks related to separation of duties, an unnecessary drain on admin resources and, of course, an untapped source of potential savings for SAP licenses.

Our SAST Self-Adjusting Authorizations have a "slimming" effect on your roles. After applying these authorizations, based on concrete usage analyses, each role will contain only those transactions that are truly necessary for performing a business process. Unused transactions are blocked.

This allows you to achieve optimally lean roles without limiting your day-to-day business in any way. And, almost without trying, you'll also be in the best position possible for your next SAP license audit.

How SAST SUITE can assist you

  • Ensuring clean authorizations with tailored roles - with no interruption to your day-to-day business
  • Demand-oriented role profiles based on real usage analyses
  • Saving of your resources due to automatic optimization and with no need for coordination with your divisions
  • Less potential for segregation of duties
  • Increased security through improved transparency
  • Significantly reduced effort for your administrators

For the initial work and an implementation tailored to your individual requirements, you can rely entirely on our team of GRC experts.

SAST SUPERUSER MANAGEMENT

Efficient, audit-compliant monitoring of your emergency users.

Even the best system sometimes requires extended support. This is why SAP systems provide for firefighter users that have expanded authorizations for special circumstances - authorizations that include the ability to access sensitive data. To ensure your compliance with the due diligence required by law, extensive documentation of such activities is essential.

Luckily, the SAST Superuser Management is available to help you deal with this challenge. It maps your entire superuser process, checks all privileged access attempts in real time, and documents all related activities with full audit security. From user authorization assignment and convenient administrative tools to the documentation of support cases based on dual logging access, everything is covered in this module.

How SAST SUITE can assist you

  • Transparent and audit-compliant documentation of all critical activities
  • Prevents unnecessary "SAP_ALL" authorizations
  • Integrated authorization and unsubscription process including single sign-on functionality for your privileged users
  • Automatically notifies your auditor when a support activity is complete
  • Logs users through passive monitoring as external consultants or SAP EarlyWatch
  • Fast installation and implementation through predefined processes as well as the possibility of integration into your own workflows

Meanwhile, don't forget to protect your sensitive personal data. With SAST HCM Read Access Monitoring, you'll gain full transparency regarding the activities of your privileged users - even in cases involving read-only access to your personal Information.

SAST HCM READ ACCESS MONITORING
SAP Security & Compliance: Safeguard your sensitive personal data with SAST SUITE.

Safeguard your sensitive personal data.

When it comes to unauthorized access, your SAP systems need to be protected not only from external attempts, but those from within, as well - especially when information as valuable as your personal master data is at stake.

Even if you have a solid concept for your SAP roles and authorizations, your data may not be fully secure. This is where the SAST HCM Read Access Monitoring can help by enabling you to detect and document every attempt made to open, modify, download, or even gain read access to your personal data.

How SAST SUITE can assist you

  • Reliable protection for your sensitive SAP HCM data
  • Provides transparency regarding the activities of your privileged users
  • Logs all access attempts - including read access!
  • Fulfills all the applicable requirements of data protection and labor law
  • Easy to order as an add-on for SAST Superuser Management

That's what our customers say:

"With the SAST SUITE, we save around 20 working days for an audit. This hugely relieves the burden on our departments and on IT security. With SAST, we therefore have greater security and compliance but spend less time to achieve it. The AKQUINET team is highly qualified and has a wealth of experience, so we were able to implement the project promptly and successfully.“

Success Story "Authorization management in real time by connecting to SAP IdM"

— Matthias Endrich
s.Oliver Group

"The SAST SUITE has given us the perfect solution for our global SAP authorization management while also providing us with permanent vulnerability monitoring for our systems. Thanks to the highly competent and motivated support provided by the AKQUINET team, we completed the project on time, in budget and at the specified level of quality.”

Success Story "SAP authorization management and system security for 50 countries"

SAST SOLUTIONS Reference: Logo Takeda
— Manfred Meier
Takeda AG

“Rather than repeatedly fixing occasional irregularities in role management, we have used the SAST SUITE to completely overhaul our authorization structures. In this way, we save time and money in the long term, and can be sure of legal compliance."

Success Story "Authorization Management - legal certainty and correctness"

— Stefan Lendzian
NORDWEST Handel AG

Modular design. Individual possibilities.

SAST SUITE for ERP or S/4HANA

Copyright akquinet AG. All Rights Reserved.