Enhanced Identity and Access Management through SAP BTP Implementation by oXya

In the current technological landscape, businesses are constantly expanding the volume of online operations.  At the same time, the number of stakeholders for every company keeps increasing, irrespective of company size. Although having increased visibility and access to data is beneficial, it also attracts threat actors. These threat actors may be looking to access confidential business data through information systems. One major attack vector is identity theft, which is then used to break into systems that may have vulnerabilities.

It is even more important to protect SAP systems that a company uses because they contain sensitive data, which are crucial at both the operational and tactical levels. Any data leak from SAP systems can lead to a wide range of issues from espionage to CEO frauds, in which threat actors impersonate the CEO to get funds wired offshore.

Identity and Access Management for SAP BTP

SAP Business Technology Platform (BTP) with advanced identity management features, through Identity and Access Management (IAM) provides the solution to this problem. oXya, a cloud service provider for SAP products, offers a comprehensive integration of SAP BTP, with a customized IAM Architecture leading to enhanced access control. The single sign-on protocols of OpenID Connect and SAML2 (Security Assertion Markup Language) enable authentication and SCIM2 (System for Cross Domain Identity Management) is used for user replication. With oXya’s implementation of SAP BTP IAM, business risk is reduced through Cloud Identity services which adopt policies given by the SAP Authorization Management service and is also used for identity provisioning and access control.

SAP BTP security is fully compatible with SAP ECC, and it does not require SAP S/4HANA or RISE with SAP. SAP BTP security facilitates providing the right authorization to global account, subaccount, individual application, and directory based on the role of the user. It effectively helps to distinguish between platform users from business users. Through a default or custom identity provider, SAP BTP security ensures advanced protection. A replication of the user is created, which is used to initiate authentication requests to SAP BTP, and it is forwarded to the identity provider.

OpenID Connect protocol and Identity Authentication service enable global accounts and administrators to get authorized to SAP cloud Identity service for platform users. For accessing multiple applications including SAP Build Work Zone, SAP Build Apps and SAP Ariba Buying, the recommended way is to use the one-click integration mechanism, ‘Establish Trust’. This makes investment in SAP BTP security and IAM even more significant and beneficial.

In a recent presentation by SAP, it was emphasized that strategy for data protection at company level should include a risk management framework, which is in alignment with objectives and business value drivers.

In January 2024, oXya was rated Gold by CyberVadis for its information protection performance. oXya can facilitate companies to realize the advanced capabilities of SAP BTP security and IAM, leading to protection of identity.