SAP ERP® User Lifecycle Plugin

What Does the SAP ERP® User Lifecycle Plugin Do?

SAP‘s ERP software (SAP ERP Central Components) covers many central business processes. It is used for storing important information about products, orders, financial data and personal customer data. Business IT departments must ensure that critical data is well protected against unauthorized access. Employees who need access to SAP must therefore be provided with user names and passwords to authenticate themselves and log in to the software. Every new user must be created manually in SAP and receive specific permissions (transaction SU01).

Required License

System Requirements

  • SAP ERP® Central Components
  • RFC connection between tenfold Server and NetWeaver Server
  • Service account for tenfold with BAPI permissions for BAPI_USER_*

Users and permissions in SAP must be managed parallel to users and permissions in Active Directory. There is no form of data exchange between the two systems, which means that users and permissions must always be created, modified and deleted twice – once in SAP and once in AD. Not only does this task consume disproportionate amounts of time, it also significantly increases the risk of mistakes. Transparency as to how, when and to whom access rights were assigned must be maintained by documenting all steps in yet another, external solution – and manually, of course;  to complicate things even further, there is no reporting tool available that is both user-friendly and able to provide a visual summary of access rights for both systems. All of this is detrimental to data security.

tenfold and SAP


  • Create, modify and lock SAP® users and assign access rights to them.
  • Set user fields in SAP® automatically, based on configurable mappings.
  • Define usernames automatically based on configurable rules.
  • Scan for duplicates in Active Directory and SAP® systems.
  • Initial passwords: tenfold uses one-time secrets (OTS) to guarantee a safe transmission of initial passwords.
  • Deactivate user accounts.
  • Remove access roles.
  • Lock or delete users upon arrival of the set leaving date.
  • Own SAP® password can be reset via web portal.
  • User authentication via secret questions and/or SMS tokens.
  • Regular synchronization with SAP® in order to register changes that were not made via tenfold.
  •  Individual systems and CUA (central user administration) as well as combinations thereof can be connected.
  • Automation: Changes made to users and permission roles are transferred to SAP automatically by tenfold. This saves time as manual tasks are eliminated.

  • Reporting: Keep track of which users have access to permission roles or which permission role an individual user has access to. Learn more about tenfold´s reporting.

  • Profiles/Roles: Permission roles can be grouped together with resources and permissions from other target systems and linked to organizational units. Permission roles are assigned to users automatically and can be withdrawn again when required.

  • Approval workflows: Both single-level and multi-level workflows can be established. Escalations and substitutes are easy to configure.

  • Self-Service: The intuitive HTML5 interface allows users to request accounts and permission roles for SAP themselves. Details are managed by adjusting settings and individual access rights. Learn more about tenfold´s self-service.

  • Recertification: Data owners can review permission roles regularly to ensure that they are up-to-date and mark obsolete entries for removal. tenfold then removes the permission role assignments automatically. More information about recertification in tenfold.

  • Auditing: Changes made in SAP are documented automatically. Historical data can be accessed at any time to see who has access to sensitive data.

  • Integration of data owners: Define data owners from different departments for SAP who are responsible for approving requests and for reviewing permission roles on a regular basis.

Want to learn more?

Our video demo covers the full range of features
included in our powerful IAM solution.

View Demo

Want to learn more?

Our video demo covers the full range of features
included in our powerful IAM solution.

View Demo

Visit our blog for more tips & tricks on cyber security!