Organizations in numerous, disparate industries use enterprise resource planning (ERP) systems to optimize their business processes; systems that can assist with tracking business resources, such as cash, raw materials, production capacity, as well as the status of business obligations including service and purchase orders, and payroll. The solutions also assist with sharing data across several different departments, including production, purchasing, accounting and sales. Though ERP systems became popular through their use by big organizations, small businesses have recently began seeing the benefits are quickly adopting their use in their daily activities.
One of the most commonly used ERP systems is SAP. Organizations often use several different SAP modules to meet their organizational needs. However, though SAP can be extremely beneficial to organizational streamlining, there also are some IT headaches the system can produce, especially for small businesses, which tend to have leaner IT departments.
Each time an employee needs a new SAP account, setting up and managing the process can be labor intensive, and requires time-consuming manual actions. Additionally, when a new employee starts working, he needs to have an account created with the correct permissions and access set up so he is able to perform his required work. Additionally, workforce changes that occur throughout an employee’s employment — such as a new office, a departmental change or a new job title – may result in changes to the various systems. Finally, when an employee leaves the organization, her access needs to be revoked in a timely fashion.
Manual implementation of these changes in the SAP systems can be extremely complex and expensive. Additionally, license costs make it important to implement these changes in a complete and timely fashion so that the organization is paying for the correct number of licenses. When dealing with these issues, many organizations choose to integrate SAP with Active Directory to help provide more convenient, cost-effective service.
Automated account management systems that can integrate an HR application with Active Directory and SAP are commercially available today. IT leaders can start integrating by synchronizing with an HR application. Changes in the HR system will then automatically trigger changes across the network (Active Directory, Exchange, etc.), as well as in other SAP systems, such as user facilities and functionality assignment. This allows admins to easily make changes to the roles, access rights and employee information for SAP. This also eases the process when it comes time to de-provision accounts for employees who are no longer with the organization.
It’s also possible to ensure the ease of use of SAP for end users through the use of password solutions. By allowing employees to sync their passwords from Active Directory, they only need to remember a single password for both Active Directory and SAP. This also allows them to sync their password resets so that when they change their password it is reflected in both systems.
SAP and other ERP solutions are quite beneficial for nearly every organization, and partnered with an identity and access management solution they can ensure ease of use and less work for both IT and the end user.
Dean Wiech is managing director of Tools4ever, a global provider of identity and access management solutions.
Tools4ever’s User Management Resource Administrator (UMRA) includes a complete Identity and Access Management environment. You will benefit from creating, updating and deleting user accounts rapidly and uniformly in a wide range of applications and systems. If desired, this may be delegated to the helpdesk, end users and managers.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.