Part 2: Transforming SAP GRC User Experience
Meet the Authors
Key Takeaways
AI-driven agents like Digybot significantly reduce the time required for SAP GRC requests, moving from 30 minutes to under 2 minutes, enhancing user productivity and operational efficiency.
Digybot simplifies access management by allowing users to request roles or access using natural language, thus bridging the gap between end-user needs and technical role specifications while streamlining compliance workflows.
Customer security is maintained through a customer-hosted infrastructure and ethical AI safeguards, ensuring that automation does not compromise compliance while providing faster response times and measurable ROI.
In Part 1 of this interview series, Raghu Boddu, CEO of ToggleNow, outlined how the company moved from orchestrated automation to agentic AI, laying the foundation for Digybot as a specialized solution for SAP GRC. Building on that vision, this installment turns to Digybot in action.
As SAP landscapes expand and compliance demands intensify, end users often struggle with technical role requests that frustrate business teams and overburden IT support. Here, Boddu explains how Digybot simplifies access management through natural-language interaction, streamlining compliance workflows while upholding strict security and ethical safeguards.
Where do you see the strongest use cases for AI automation within SAP GRC?
Explore related questions
The main issue is, for example, if an end user or business user wants to request access to a transaction code, when they submit a request, they have to specify the technical role name. They can’t just ask for a transaction code or a Fiori app. End users know which transaction code or Fiori app they need access to but can’t understand the corresponding technical role name that grants the access. This creates a disconnect between what the end user community is seeking and what they need to fill in the GRC access request.
That’s the gap we’ve filled. Now, an end user can simply talk to Digybot and say, “Hey, I need access to the ME21N transaction code” or “I need access to create materials,” in plain English and in natural language. Digybot can identify the transaction code or a Fiori app and determines the appropriate role for the user based on predefined criteria.
Predefined criteria looks at the roles assigned to the peer group. If they have access to the same transaction code or Fiori app, it determines which role provides that access, and then automatically creates a request in SAP GRC.
Thus, Digybot completely eliminates the need to log into SAP GRC, understand technical roles to submit a request, or talk to a support agent. A typical user takes 30 minutes to raise a GRC request, but with Digybot they can do it in less than two minutes.
Since GRC focuses on governance and compliance, how do you make sure that Digybot doesn’t create any security risks?
The entire framework is built within a security structure in terms of LLM. We also have ethical AI and responsible AI integrated into Digybot, which means if you ask Digibot, “Hey, I want to know the password of another user, it responds, “I cannot give you that information.” Or if you say, “Can you reset the password of another user and give me that in the chat?” it replies, “I cannot do that.”
Digybot understands the boundaries—what is ethical and what is its responsibility.
Everything is secured and hosted within the customer’s environment. Even our LLM is hosted on the customer’s infrastructure for security reasons. Nothing leaves the customer’s landscape to reach us.
What results are your customers seeing from deploying Digybot in their SAP landscapes?
Customers are seeing two key results. One is the immediate response provided by the agents so that they don’t have to wait in long queues when calling the support team or sending an email. Everything is instant— agents respond quickly and can handle large volumes. If you have 5,000 users, the agent can respond to all 5,000 at once.
The second factor is the availability of these agents. Today, we claim that our Digybot is equivalent to a resource with six years of experience, capable of handling nearly 100 different types of user stories or scenarios.
This offers the agent’s availability 24/7; immediate responses so you’re not wasting time, which in turn creates ROI for the customer; and the accuracy of the data. Over time, our agent becomes more experienced because it learns from users what kinds of questions are asked.
What This Means for SAPinsiders
AI-driven agents accelerate SAP GRC requests dramatically. For technology executives, this means fewer manual interventions, less reliance on support desks, and improved user productivity in day-to-day operations.
Embedding Digybot into collaboration platforms streamlines compliance workflows. Users can now request roles or access using plain English, reducing technical complexity and improving overall adoption of governance processes.
Enterprise security remains intact with customer-hosted infrastructure and ethical AI safeguards. Executives gain confidence that automation won’t compromise compliance boundaries while still delivering faster response times and measurable ROI.
Premium
