SAP is teaming up with IBM and Sun to combine identity management software with tools that ensure proper segregation of duties, a necessary part of regulatory compliance.
SAP built about a dozen new Web services for SAP GRC (governance, risk and compliance) Access Control to connect the program with [IBM Tivoli Identity Manager] and Sun Java System Identity Manager.
IBM and Sun's identity manager software will interact with human resources and other systems to create a new user account providing access to financial information, email, ERP or other applications. The IBM and Sun products can build the user accounts and provide access to folders, active directories and so forth.
The SAP GRC Access Control makes sure those user accounts comply with regulations by ensuring proper segregation of duties, which is a key for financial accounting and guarding against fraud and mistakes. The new Web services, which are free add-ons to GRC Access Control customers, allow the IBM and Sun identity managers to call the GRC system to find out whether new access rights for an employee introduce potential risk.
"If there is a risk, the whole process stops," says Axel Streichardt, director of SAP's governance, risk and compliance business unit.
"SAP customers now can incorporate segregation of duties checking from SAP into their Tivoli Identity Manager user lifecycle management workflows prior to provisioning entitlements that would result in violations," Joe Anthony, IBM Tivoli program director for identity management, said. "Testing for segregation of duties violations after they have been established is reactive."
GRC Access Control is part of SAP's NetWeaver platform. The new Web services and partnership with IBM and Sun were announced this week at SAP TechEd '07 in Las Vegas. The Web services are available immediately.