Meet the Authors

Key Takeaways What you need to know
  1. oXya's B4S4 pre-migration methodology addresses the custom code remediation and clean core challenges that SAPinsider's 2026 ERP Migration research identifies as the top S/4HANA deployment barriers.

  2. A cascade AI agent architecture with OAuth-based SAP identity inheritance offers enterprise architects a governance-first blueprint for deploying agentic AI in SAP environments.

  3. The acquisition of axl & trax creates a dedicated SAP cybersecurity, GRC, and identity access governance practice, meeting the surge in demand that SAPinsider's GRC research tracks through 2025.

SAP Sapphire 2026 delivered a sweeping set of announcements, including the Autonomous Enterprise vision, Joule Work, the Autonomous Suite, Industry AI, and the SAP Business AI Platform. The common thread: AI is moving from surfacing recommendations to executing business processes end-to-end. For enterprise SAP leaders, the question is no longer whether AI will reshape their ERP landscapes. It is whether those landscapes are ready to support it.

oXya, a global managed services and cloud solutions provider for SAP environments with more than 25 years of experience, used its SAP Sapphire 2026 analysis to make a pointed argument: The Autonomous Enterprise only works if your SAP landscape is stable, clean, and well-monitored underneath it. AI on a poorly maintained system creates faster failures, not faster outcomes.

Foundation Before Transformation: The B4S4 Approach

oXya’s argument rests on a concrete methodology. The company’s B4S4 (Before S/4HANA) pre-migration optimization bundle provides a six-step roadmap designed to simplify migration, reduce cost, and set organizations up for long-term success. The steps span architecture and performance optimization, user license optimization, data archiving, clean core implementation with change management enablement, SAP Business Technology Platform (BTP) strategy definition, and additional tooling and automation.

Explore related questions

The rationale is straightforward. Moving from ECC to SAP S/4HANA and SAP Cloud ERP Private (formerly RISE with SAP) is a significant undertaking. Without proper preparation, costs escalate, delays accumulate, and ROI erodes. oXya’s approach focuses on optimizing the existing SAP landscape before migration, enabling organizations to move to RISE with SAP confidently and efficiently.

This aligns with findings from the SAPinsider ERP Migration and Transformation 2026 benchmark report, which found that 38% of respondents are focused on modernizing or eliminating custom processes to streamline the transition and provide more agility for future updates, while 36% are prioritizing modernizing reporting and business intelligence strategies. The biggest deployment challenge continues to be adapting and remediating custom code, with concerns such as access, authorizations, and cybersecurity planning increasing in importance.

Bridging AI Agents from Prototype to SAP Production

Beyond Sapphire commentary, oXya has taken a technical position on how AI agents should be deployed in SAP environments. In an April 2026 blog, the company outlined a cascade architecture for enterprise-grade AI agent deployment, built on the open-source Google Agent ADK framework and Vertex AI.

The architecture uses a three-layer model: a triage layer that employs lightweight models to classify intent and anonymize sensitive data; a reasoning layer that performs deeper analysis only for complex tasks; and an execution layer that translates AI decisions into concrete actions via trusted sources. For SAP environments specifically, oXya described an MCP (Model Context Protocol) connector based on OAuth that allows AI agents to operate strictly within a user’s SAP roles for tasks such as inventory lookup and order validation, without excess privileges.

This governance-first approach to agentic AI in SAP reflects a broader industry need. SAPinsider’s AI Adoption and Maturity research found that 69% of respondents require strong AI governance, risk, and compliance management as a prerequisite for scaling AI, while the average maturity score across the sample was just 44 out of 100. The SAPinsider Technology Leaders’ Strategic Agenda for 2026 benchmark report further noted that only 16% of respondents use AI to a significant extent, with planned use concentrated in intelligent automation (40%) and predictive analytics (40%). oXya’s architecture, which treats agents as high-criticality software products with robust CI/CD pipelines, Terraform orchestration, and continuous observability, addresses the governance gap that keeps many organizations stuck in pilot mode.

Strengthening SAP Cybersecurity Through Strategic Acquisition

oXya’s ambitions extend beyond managed services and migration. In December 2025, the company announced the acquisition of the axl & trax group, a Benelux-based consulting firm recognized as one of the largest dedicated SAP Cyber-Security, GRC, and IAG (Identity and Access Governance) consulting firms in Europe, serving more than 300 international enterprises. Combined with oXya’s earlier acquisition of ArtimIS in August 2024, the move created what oXya describes as a new major player in SAP Cyber-Security, GRC, and Identity Access Governance.

In January 2026, oXya France also earned SAP PartnerEdge Sell certification, authorizing it to advise, sell, and implement the full portfolio of SAP Cloud ERP Public Edition and SAP Cloud ERP Private Edition. This end-to-end positioning, from advisory and licensing to implementation and run services, reflects a strategic effort to cover the entire value chain for SAP transformations.

The cybersecurity dimension is particularly relevant. SAPinsider’s State of the Market GRC in SAP Environments research found that cybersecurity, fraud, and risk exposure surged to 60% as the dominant factor driving GRC investment by 2025. With the SAPinsider 2026 ERP Migration and Transformation report confirming that SAP announced more high-severity security notes during 2025 than in any previous year, oXya’s investment in dedicated SAP security consulting capacity through axl & trax addresses a growing gap between the complexity of SAP access governance and the available expertise to manage it.

What This Means for SAPinsiders

Pre-migration optimization is no longer optional for credible SAP S/4HANA business cases. ERP program managers and CIOs building business cases for SAP S/4HANA migrations should evaluate oXya’s B4S4 methodology as a framework to reduce costs and compress timelines. A structured pre-migration assessment that addresses architecture, licensing, data archiving, and clean core readiness can strengthen the ROI story and remove the objections that stall board-level approval. Organizations should begin with a landscape assessment before committing to a migration partner or timeline.

AI agent governance in SAP environments demands architecture, not just policy. Enterprise architects evaluating agentic AI for SAP workflows should study oXya’s cascade architecture as a reference model for secure, cost-optimized deployment. Teams should insist on OAuth-based identity inheritance for any AI agent interacting with SAP systems, enforce least-privilege access at the connector level, and build FinOps observability into the agent stack from day one. Treating AI agents as high-criticality software products, with CI/CD pipelines and drift monitoring, is a prerequisite for scaling beyond pilot.

SAP cybersecurity expertise must keep pace with the expanding attack surface of SAP S/4HANA migrations. CISOs and SAP security leaders should recognize that migration and modernization projects significantly expand the attack surface, particularly in access controls, role design, and integrations. oXya’s acquisition of axl & trax and formation of a dedicated SAP Cyber-Security, GRC, and IAG practice reflects a market signal: specialized SAP security consulting is becoming a distinct competency, not a subset of general managed services. Organizations should assess whether their current SAP security resources have the depth to address application-layer vulnerabilities, not just infrastructure-level controls.

Events

29Oct
SAPinsider Summit New Orleans 2026New Orleans, Louisiana, United States
View All