tenfold V24:
The Future of IAM

SAP Logo

SAP ERPยฎย User Lifecycle

tenfold's SAP ERPยฎ plugin is used for managing SAPยฎ permissions and roles.

What Does the SAP ERPยฎย User Lifecycle Plugin Do?

SAP’s ERP software (SAP ERP Central Components) covers many central business processes. It is used for storing important information about products, orders, financial data and personal customer data. Business IT departments must ensure that critical data is well protected against unauthorized access. Employees who need access to SAP must therefore be provided with user names and passwords to authenticate themselves and log in to the software. Every new user must be created manually in SAP and receive specific permissions (transaction SU01).

Users and permissions in SAP must be managed parallel to users and permissions in Active Directory, consuming disproportionate amounts of time as it means double the workload, while also increasing the risk of human error significantly. To complicate things further, there is no reporting tool available that is both user-friendly and able to provide a visual summary of access rights for both systems. All of this is detrimental to data security.

With tenfold’s SAP ERP User Lifecycle Plugin, you can create, delete and modify users in SAP through tenfold, assign and retract permissions, and generally automate all of the tasks required for successful and faultless access management – all from within one central platform.

required license
Enterprise Edition

System Requirements:

  • SAP ERPยฎย Central Components

  • RFC connection between tenfold Server and NetWeaver Server

  • Service account for tenfold with BAPI permissions for BAPI_USER_*

Features

Create & Manage Users
  • Create, modify and lock SAPยฎ users and assign access rights to them.

  • Set user fields in SAPยฎ automatically, based on configurable mappings.

  • Define usernames automatically based on configurable rules.

  • Scan for duplicates in Active Directoryย and SAPยฎ systems.

  • Initial passwords:ย tenfoldย usesย one-time secrets (OTS)ย to guarantee aย safe transmission of initial passwords.

Lock & Delete Users
  • Deactivate user accounts.

  • Remove access roles.

  • Lock or delete users upon arrival of the set leaving date.

Password Reset
  • Reset own SAPยฎ password via web portal.

  • User authentication via secret questions and/or SMS tokens.

Synchronization
  • Regular synchronization with SAPยฎ in order to register changes that were not made viaย tenfold.

Connect Systems
  • Connect individual systems and CUA (central user administration) as well as combinations thereof.