SAP is teaming up with IBM and Sun to combine identity management software with tools that ensure proper segregation of duties, a necessary part of regulatory compliance.
SAP built about a dozen new Web services for SAP GRC (governance, risk and compliance) Access Control to connect the program with IBM Tivoli Identity Manager and Sun Java System Identity Manager.
Say you’ve hired a new employee. IBM and Sun’s identity manager software will interact with human resources and other systems to create a new user account providing access to financial information, e-mail, ERP or other applications. The IBM and Sun products have the technology needed to build the user accounts and provide access to folders, active directories and so forth.
The SAP GRC Access Control makes sure those user accounts comply with regulations by ensuring proper segregation of duties, which is a key for financial accounting and guarding against fraud and mistakes. The new Web services, which are free add-ons to GRC Access Control customers, allow the IBM and Sun identity managers to call the GRC system to find out whether new access rights for an employee introduce potential risk.
GRC Access Control is part of SAP’s NetWeaver platform. The new Web services and partnership with IBM and Sun were announced this week at SAP TechEd ’07 in Las Vegas. The Web services are available immediately.