SAP ERP® User Lifecycle Plugin

The tenfold SAP ERP® plugin is used for managing SAP® access rights and permission roles.
The ERP software by SAP (SAP ERP Central Components) is a sophisticated program that covers all central business processes. It is used for storing important information about products, orders, financial data and personal customer data. Business IT departments must ensure that critical data are protected from unauthorized access. Employees who need access to SAP must therefore be given user names and passwords for authentication purposes. Every new user must be created manually in SAP and be given specific access rights (transaction SU01).
Users and access rights in SAP must be managed parallel to users and access rights in the Active Directory. There is no form of data exchange between the two systems, which means that users and access rights must always be created, modified and deleted twice – once in SAP and once in AD. Not only does this procedure consume tremendous amounts of time, it also ups the likelihood of errors. Transparency as to how, when and to whom access rights were assigned is maintained by documenting all steps in yet another, external solution – manually, of course; and, to complicate things further, there is no reporting tool available that is both user-friendly and able to provide a visual summary of access rights for both systems. This is detrimental to data security.

tenfold SAP Plugin Features

User Creation and Management

  • Create, modify and lock SAP® users and assign access rights to them.
  • Uniform and automatic setting of user fields in SAP, based on configurable mappings.
  • Automatic definition of usernames on the basis of configurable rules.
  • Consolidated check for duplicates across Active Directory and all SAP® systems
  • Set initial passwords.

Lock and Delete Users

  • Deactivate user accounts.
  • Remove access roles.
  • Lock or delete users upon arrival of the set leaving date.

Password Reset

  • Own SAP® password can be reset via web portal.
  • User validation achieved via secret questions and/or SMS tokens


  • Regular synchronization with the actual data in SAP® to record changes that were not processed via tenfold.

System Connections

  • Connection of individual systems and CUA (central user administration), as well as combinations thereof, are possible.

Any changes made to users and permission roles are transferred automatically to SAP® by tenfold. This eliminates manual tasks and thus saves time.

The intuitive HTML5 interface allows users to request accounts and permission roles for SAP® themselves. Details are managed by adjusting settings and individual access rights.

Keep track of which users have access to permission roles or which permission role an individual user has access to.

Permission roles can be grouped together with resources and access rights from other target systems and linked to organizational units. Permission roles are assigned to users automatically and can be withdrawn again when required.

Approval Workflows
Both single-level and multi-level workflows can be established. Escalations and substitutes are easy to configure.

Data owners can review permission roles regularly to ensure that they are up-to-date and mark obsolete entries for removal. tenfold then removes the permission role assignments automatically.

Changes made in SAP® are documented automatically. Historical data can be accessed at any time to see who has access to sensitive data.

Integration of data owners
Define data owners from different departments for SAP® who are responsible for approving requests and for reviewing permission roles on a regular basis.

Download data sheet

System Requirements

  • SAP ERP® Central Components
  • RFC interface between tenfold Server and NetWeaver Server
  • Service account for tenfold with BAPI permissions for BAPI_USER_*

Required License



Request free trial

It has never been easier to manage and keep track of your users and their access rights in one centralized software. Administrators, managers and your company as a whole will benefit from tenfold, as it provides a transparent overview of all access rights. tenfold can help you comply with standards, like ISO 27000, BSI, etc., and offers worthwhile features for managing users and access rights.

Request trial