These days, the occurrence of an IT security incident is less a question of "if" than "when". Meanwhile, companies' own employees are causing these events more and more often, whether by accident or with malicious intent.

The SAST SUITE's modules for identity and user access management are designed to provide the exact support you need in implementing your

authorization concept by notifying you of violations immediately - not after the damage has already been done.

With the SAST SUITE, your authorization management is sure to be consistent, comprehensive, and transparent.

"Our experience is that the effort for SAP role and authorization administration can be reduced by up to 80 % with the help of the SAST SUITE."

Steffen Maltig, Head of SAP Consulting, SAST SOLUTIONS
— Steffen Maltig

Real-time analysis of authorizations and segregation of duties.

Are you looking to implement an authorization concept that covers multiple clients and systems in your SAP landscape?

With the SAST authorization management, you can make sure your concept is comprehensive and includes strict authorization controls. This module compares all the roles and objects in your SAP systems against a segregation of duties (SoD) matrix, improving your ability to identify critical access attempts through your SAP authorization concept and detect potential SoD conflicts in real time - and most importantly, before your production system is affected.

Plus, your concept will be the only source auditors need for qualified key figures. SAST makes it possible to monitor and analyze SAP authorizations, combinations, processes, and SoD rule sets based on preconfigured or freely definable SoD matrixes.

How SAST SUITE can assist you

  • All critical authorizations and SoD conflicts are completely transparent - for all essential SAP modules delivered as standard
  • Predefined rule sets for SoD violations and critical access attempts
  • Simulation of roles for SoD conflicts and recommendations for role templates
  • Evaluation and blocking of inactive users
  • Real-time verification of your SAP transactions
  • Simplified revision audits
  • You can adopt your own policies and audits

Are you already familiar with our add-on for this module, SAST Enhanced SoD and Control Reporting? It's designed to give you a way to communicate and collaborate on the basis of Excel, which makes things easier to understand for user departments, managers, external auditors, and others who aren't experts in SAP.


Audit-compliant administration of users, roles and authorizations.

Managing a large number of user accounts often presents companies with serious challenges, especially when you consider how complicated most of the available standard tools are. It's particularly difficult when user identities need to be maintained in several systems, directory services, or databases.

The lack of an option to manage user IDs and authorizations across multiple systems in a transparent way not only leads to insufficient clarity and SoD conflicts; it also requires more effort to address these issues.

With our SAST User and Access Management module, you'll have an efficient, user-friendly, and secure means of both monitoring and managing the identities, roles, and authorizations of your SAP users.

This module will provide you with key information on authorizations and structures, help pinpoint your current risks and security vulnerabilities, and enable you to freely define the responsibilities of your organizational areas - including for HR and role managers and user and role administrators. It's also possible to configure the approval steps necessary for each individual SAP workflow.

How SAST can assist you

  • Reduces effort through automated authorization requests
  • Automated SoD analyses and user mass-requests
  • Out-of-the-box approval workflow and tailored to your needs
  • Provisioning of SAP users fully automated
  • Increases transparency by facilitating customizable authorization management and seamless tracking of all changes
  • Assesses risks and detects assignments of critical authorizations in real time
  • Fulfilment of legal demands on the documentation requirements
  • Option to integrate mobile request and approval workflows via web user interface
  • Possibility of connecting IDM or ticket systems as well as customer-specific SAP transactions
  • Workflow integrates directly into SAP
SAST SUITE: SAP Role Management

Preserve your resources by automating your SAP role generation.

Real-world situations consistently show that growing structures quickly make the assignment of authorizations difficult to manage without a significant amount of manual effort. This is particularly true when authorizations need to be assigned in a compliant manner that prevents SoD conflicts.

Enter the SAST Role Management - a secure, efficient, and cost-effective solution for optimizing your existing roles and organizing them in a clearly arranged role management system.

SAST will aid you in determining which authorizations are needed, creating new roles, and of course, handling the ongoing administration of your authorization concept. In doing so, you can decide whether to build on SAST Suite's predefined role templates or define your roles through automated analysis of your users' activities and the transactions they execute. This also means that you can easily carry out rollouts and mass changes at the object or field level.

How SAST SUITE can assist you

  • Significant reduction of effort and costs in complex authorization projects during day-to-day business
  • Reduces risk through conflict-free authorization roles and can be fully customized
  • Analyzes and manages roles across systems, automates mass role generation
  • Detailed analysis of usage incl. overview of unused roles
  • Analyzes critical authorizations and existing SoD conflicts
  • Automatically produces documentation to ensure audit security and compliance
  • Multi-system role evaluation and administration.
  • Integrates seamlessly with standard SAP software (profile generator, etc.)

Efficient, audit-compliant monitoring of your emergency users.

Even the best system sometimes requires extended support. This is why SAP systems provide for firefighter users that have expanded authorizations for special circumstances - authorizations that include the ability to access sensitive data. To ensure your compliance with the due diligence required by law, extensive documentation of such activities is essential.

Luckily, the SAST Superuser Management is available to help you deal with this challenge. It maps your entire superuser process, checks all privileged access attempts in real time, and documents all related activities with full audit security. From user authorization assignment and convenient administrative tools to the documentation of support cases based on dual logging access, everything is covered in this module.

How SAST SUITE can assist you

  • Transparent and audit-compliant documentation of all critical activities
  • Prevents unnecessary "SAP_ALL" authorizations
  • Traceability of critical activities
  • Integrated authorization and unsubscription process including single sign-on functionality for your privileged users
  • Automatically notifies your auditor when a support activity is complete
  • Logs users through passive monitoring as external consultants or SAP EarlyWatch
  • Fast installation and implementation through predefined processes as well as the possibility of integration into your own Workflows
SAST SUITE: Safe Go-Live Management for trouble-free authorization projects

Carry out faster, smoother authorization projects.

Are you developing a new authorization concept or planning to redesign your SAP authorizations, for example in the context of a S/4HANA migration? If so, our SAST Safe Go-Live Management can save you a tremendous amount of time and organizational effort.

Our software starts by analyzing your users' behavior at the outset of your project. It automatically identifies all the authorizations they utilize and incorporates them into your new model without any additional effort. If users are missing authorizations they had before the transition, they can activate a fallback function to have their privileges restored right away. Meanwhile, the main advantage you'll enjoy is that your day-to-day business will continue on uninterrupted.

How SAST SUITE can assist you

  • Implements tailored roles with clean authorizations at the click of a mouse
  • Significantly accelerates projects involving new or redesigned concepts
  • Protecting your resources thanks to highly automated processes
  • Lower project costs and no additional licensing costs for reference and fallback users
  • Makes it possible to overhaul authorizations without disruptions and enables your daily business to continue unhindered

Our consultants will be happy to lend a hand in preparing and implementing an authorization concept that meets your specific requirements.


Reduce your rol(l)es almost by itself.

It's a well-known fact at every company that has SAP systems: User authorizations are continually being optimized. But what doesn't happen nearly often enough is the removal of transactions no longer in use in the roles. This is a completely avoidable cause of risks related to separation of duties, an unnecessary drain on admin resources and, of course, an untapped source of potential savings for SAP licenses.

SAST Self-Adjusting Authorizations has a "slimming" effect on your roles. After applying these authorizations, based on concrete usage analyses, each role will contain only those transactions that are truly necessary for performing a business process. Unused transactions are blocked.

This allows you to achieve optimally lean roles without limiting your day-to-day business in any way. And, almost without trying, you'll also be in the best position possible for your next SAP license audit.

How SAST SUITE can assist you

  • Ensuring clean authorizations with tailored roles - with no interruption to your day-to-day business
  • Demand-oriented role profiles based on real usage analyses
  • Saving of your resources due to automatic optimization and with no need for coordination with your divisions
  • Less potential for segregation of duties
  • Increased security through improved transparency
  • Significantly reduced effort for your administrators
  • Setup of a knowledge database for the redesign of your authorization concept

For the initial work and an implementation tailored to your individual requirements, you can rely entirely on our team of GRC experts.

SAST SUITE software tool for an easy SAP password reset

Take the pressure off your user helpdesk.

With this SAST module, you can simplify the process of resetting passwords and implement stricter password guidelines.

It gives your employees a secure, user-friendly way to reset their passwords themselves through your intranet no matter where they are. This will save your helpdesk personnel time and they can devote to their core tasks.

How SAST SUITE can assist you

  • A fast return of invest
  • Compliance-conform standard process
  • New passwords generated automatically
  • Syncs with SAP and/or active directory to verify users
  • Logs all requests
  • Easy-to-use via intranet

That's what our customers say:

“Just a few weeks with SAST Self-Adjusting Authorizations was enough to massively relieve pressure on our IT department. In addition, streamlined authorizations have reduced the risk of internal data misuse and allowed us to use concrete work profiles to improve our workflow in SAP.”

— Frank Schröder

"We chose SAST SUITE because it is easy to use, offers real-time analyses and allows for a high degree of automation. The Suite’s modular system allowed us to optimize our SAP systems one after another, preparing them to meet today’s challenges, and to stand strong in the face of every audit, both internal and external.”

Success Story "Company-wide SAP authorization management"

Logo SAST SOLUTIONS customer Berliner Wasserbetriebe
Berliner Wasserbetriebe

"With the SAST SUITE, we save around 20 working days for an audit. This hugely relieves the burden on our departments and on IT security. With SAST, we therefore have greater security and compliance but spend less time to achieve it. The SAST team is highly qualified and has a wealth of experience, so we were able to implement the project promptly and successfully.“

Success Story "Authorization management in real time by connecting to SAP IdM"

Logo SAST SOLUTIONS customer s.Oliver
— Matthias Endrich
s.Oliver Group

"The SAST SUITE has given us the perfect solution for our global SAP authorization management while also providing us with permanent vulnerability monitoring for our systems. Thanks to the highly competent and motivated support provided by the SAST team, we completed the project on time, in budget and at the specified level of quality.”

Success Story "SAP authorization management and system security for 50 countries"

SAST SOLUTIONS Reference: Logo Takeda
— Manfred Meier
Takeda AG

“Rather than repeatedly fixing occasional irregularities in role management, we have used the SAST SUITE to completely overhaul our authorization structures. In this way, we save time and money in the long term, and can be sure of legal compliance."

Success Story "Authorization Management - legal certainty and correctness"

— Stefan Lendzian

Modular design. Individual possibilities.


Privacy settings

Click »Info« to see a list of the used cookies. You can give your consent to the required cookies or statistic cookies. The selection is optional. You can change these settings or delete the cookies in the browser at any time. If you select the »Statistics« option, your opt-in consent also extends to processing in the USA, which is considered by the European Court of Justice as a country with an insufficient level of data protection. Please find further information in our privacy statement.

In this overview you can select and deselect individual cookies of a category or entire categories. You will also receive more information about the cookies available.
Group external media
Name YEXT -Search
Technical name yext
Provider Yext GmbH
Expire in days 0
Privacy policy
Use Enables intelligent search via YEXT.
Group statistics
Name Google Repcatcha
Technical name googleRepcatcha
Provider Google LLC
Expire in days 0
Privacy policy
Use Protect from spam.
Name Google Maps
Technical name googleMaps
Expire in days 6491
Privacy policy
Use Enables the use of Google Maps.
Name ClickDimensions
Technical name cuvid,cusid,cuvon,cd_optout_accountkey
Provider ClickDimensions
Expire in days 730
Privacy policy
Use Cookie from ClickDimensions for website analysis. Generates anonymous statistical information about how the visitor uses the site.
Name YouTube
Technical name youTube
Expire in days 0
Privacy policy
Use Enables the use of the Youtube video player.
Name Google Analytics
Technical name _gid,_ga,1P_JAR,ANID,NID,CONSENT,_ga_JT5V6CR8ZH,_gat_gtag_UA_133169400_1,_gat_gtag_UA_141664271_1,_gat_gtag_UA_127185455_1,_gat_gtag_UA_127561508_1,_gat_gtag_UA_194226577_1
Provider Google LLC
Expire in days 730
Privacy policy
Use Cookie by Google for website analysis. Generates anonymous statistical data about how the visitor uses the website.
Group essential
Name Contao CSRF Token
Technical name csrf_contao_csrf_token
Expire in days 0
Privacy policy
Use Serves to protect the website from cross-site request forgery attacks. After closing the browser, the cookie is deleted again.
Name Contao HTTPS CSRF Token
Technical name csrf_https-contao_csrf_token
Expire in days 0
Privacy policy
Use Serves to protect the encrypted website (HTTPS) against falsification of cross-site requests. After closing the browser the cookie is deleted again
Technical name PHPSESSID
Expire in days 0
Privacy policy
Use PHP cookie (programming language), PHP data identifier. Contains only a reference to the current session. There is no information in the user's browser saved and this cookie can only be used by the current website. This cookie is used all used in forms to increase usability. Data entered in forms will be e.g. B. briefly saved when there is an input error by the user and the user receives an error message receives. Otherwise all data would have to be entered again
Technical name FE_USER_AUTH
Expire in days 0
Privacy policy
Use Saves information of a visitor as soon as he logs in to the frontend.
Copyright akquinet enterprise solutions GmbH. All Rights Reserved.