compliant sap access management - xiting
TRANSCRIPT
Presentation title, date, author 2
• Family-owned pharmaceutical company
• Founded 1885 in Ingelheim, Germany
• Focus on Human Pharma, Animal Health and Biopharmaceutical Contract Manufacturing
• Around 51,000 employees worldwide
• R&D expenses of almost EUR 3.5 billion
• 28 R&D sites worldwide for Human pharmaceuticals and Animal Health
• Net sales of EUR 19 billion
• 175 affiliated companies worldwide
• Investment in tangible assets: EUR 1,073 million
Status: 31.12.2019
Boehringer Ingelheim in brief
Presentation title, date, author 3
Features5
3 Integration of Training Compliance (LOS/SF)
1 Simplify SAP AM using Business Roles
2 Results QG3 – Update Open pointsHow to define compliant SAP AM Approval Workflow
4 Integration of Access Risk Compliance (SAP GRC AC)
Agenda
Presentation title, date, author 4
Role 3
What is a SAP IdM Business Role?
It’s a container for
1. SAP application roles
2. Other attributes that can be used for workflow process steps or other process steps Role 2
Role 1
A
Role 1
B
Role 2
Role 1
C
Approver Training
SAP IdMBusiness Role
Simplify SAP AM using Business Roles
Presentation title, date, author 5
Simplify SAP AM using Business Roles
Role 1
Role 2
Ariba
1. Reduce complexity of application roles
2. Reduce redundant requests for different systems
MISSION
Role 1
Global SAP ERP
Role 1
Global SAP BW
Role 1
MDG
Role 1
SolMan
SAP IdMBusiness Role
Presentation title, date, author 6
How to define a compliant SAP AM Approval Workflow
1. Automatize manual processesa) Provisioning of users to SAP
systemsb) Trainings compliance related
to SAP access
2. Improve compliance (e.g. leavers, traceability)
3. Prevent access risks
MISSIONTraining
Compliance SoD
Audit
Organization
GxP
Roadmaps
Costs
Presentation title, date, author 7
Boehringer Ingelheim Central user directory
SAP Identity Management
Web-basedUser Interface(Standard SAP
Portal)
User Master Data
Role request
Manager approval
End of Workflow
Yes
End of Workflow
No
SAP BackendSystems
SAP BackendSystems
BackendSystems
Role Owner
approval
End of Workflow
No
Yes
LOS checkGRC checkGRC critical risk analysis
End of Workflow
Yes
How to define a compliant SAP AM Approval Workflow
Presentation title, date, author 8
Integration of Training Compliance (LOS/SF)
LOS check • Custom integration with End-user training platform Learning One Source (LOS)
• Automatic LOS curricula assignment (and removal)
• Full traceability between SAP IdM and LOS
• Part of Successfactors
Training
SAP IdMBusiness Role
Presentation title, date, author 9
Integration of Access Risk Compliance (SAP GRC AC)
GRC check • Custom GRC integration to enable preventive access risk check
• Automatic rejection for requests generating access risks with risk level critical
• GRC mitigation workflow for access risks with risk level high
SAP IdMBusiness Role
SAP ERP
User
Presentation title, date, author 10
Features – SAP IdM UI5
Role request process in user friendly shopping cart mode
Intuitive approval UI
Presentation title, date, author 11
Features – User Access Review
Automated yearly SAP User Access Review with integrated
reporting
Presentation title, date, author 12
Features – Firefighter Requests
Same entry point for SAP Firefighter requests
Boehringer Ingelheim Central user directory
SAP Identity Management
Web-basedUser Interface(Standard SAP
Portal)
User Master Data
FF request
Manager approval
End of Workflow
Yes
End of Workflow
No
SAP GRCRole
Owner approval
End of Workflow
No
Yes
LOS check