tenfold V24:
The Future of IAM

SAP Logo

SAP ERP® User Lifecycle

tenfold's SAP ERP® plugin is used for managing SAP® permissions and roles.

What Does the SAP ERP® User Lifecycle Plugin Do?

SAP’s ERP software (SAP ERP Central Components) covers many central business processes. It is used for storing important information about products, orders, financial data and personal customer data. Business IT departments must ensure that critical data is well protected against unauthorized access. Employees who need access to SAP must therefore be provided with user names and passwords to authenticate themselves and log in to the software. Every new user must be created manually in SAP and receive specific permissions (transaction SU01).

Users and permissions in SAP must be managed parallel to users and permissions in Active Directory, consuming disproportionate amounts of time as it means double the workload, while also increasing the risk of human error significantly. To complicate things further, there is no reporting tool available that is both user-friendly and able to provide a visual summary of access rights for both systems. All of this is detrimental to data security.

With tenfold’s SAP ERP User Lifecycle Plugin, you can create, delete and modify users in SAP through tenfold, assign and retract permissions, and generally automate all of the tasks required for successful and faultless access management – all from within one central platform.

required license
Enterprise Edition

System Requirements:

  • SAP ERP® Central Components

  • RFC connection between tenfold Server and NetWeaver Server

  • Service account for tenfold with BAPI permissions for BAPI_USER_*


Create & Manage Users
  • Create, modify and lock SAP® users and assign access rights to them.

  • Set user fields in SAP® automatically, based on configurable mappings.

  • Define usernames automatically based on configurable rules.

  • Scan for duplicates in Active Directory and SAP® systems.

  • Initial passwords: tenfold uses one-time secrets (OTS) to guarantee a safe transmission of initial passwords.

Lock & Delete Users
  • Deactivate user accounts.

  • Remove access roles.

  • Lock or delete users upon arrival of the set leaving date.

Password Reset
  • Reset own SAP® password via web portal.

  • User authentication via secret questions and/or SMS tokens.

  • Regular synchronization with SAP® in order to register changes that were not made via tenfold.

Connect Systems
  • Connect individual systems and CUA (central user administration) as well as combinations thereof.