End to End Identity Management in a Cloud-First Landscape

Transcript

1. End to End Identity Management in a Cloud-first Landscape Sascha

   Wenninger http://slides.sufw.me/e2eidentity

2. A Long Time Ago… Image credit: Henry de Saussure Copeland

3. More Recently… Image credit: Linux Screenshots

4. 👹 🧑💻 👨💻 👩💻 🏴☠ 👺 👑 🐉

5. 👹 🧑💻 👨💻 👩💻 🏴☠ 👺 👑 🐉

6. 👹 🧑💻 👨💻 👩💻 🏴☠ 👺 👑 🐉

7. 👹 🧑💻 👨💻 👩💻 🏴☠ 👺 👑 🐉

8. 👹 🧑💻 👨💻 👩💻 🏴☠ 👺 👑 🐉

9. 👹 👑 🧑💻 👨💻 👩💻 🏴☠ 🐉 👺

10. 👹 👑 🧑💻 👨💻 🏴☠ 🐉 👺 👩💻

11. Identity is the new Perimeter + Image credit: Tim Reckmann

    and Shankar S.

12. Lots to Consider… • Who works in the company? •

    Onboarding • Access provisioning • Authen:ca:on • Monitoring • Data security • O=oarding 👩⚕👨💼👩💼🧟👩🏭 🧕👷👷🧑⚕👩💻 🧑🏭👩💻👩🔧👨💼🥷 👩🔬🧑💼👨💻👩💼🧑💻 ?
13. None

14. In 2016 🧑💻 👨💻 👩💻 👑

15. User Provisioning (2016) Service Now Office 365 SAP ECC Etc.

    👩💼 👩💻 👨💻 🧑💻 Ac6ve Directory

16. The Problem • Extremely manual • Leaky o=oarding process •

    “Copy from template user” approach • IT Security seen as a board-level enterprise risk

17. The Opportunity

18. The Opportunity 25-year old system ➧ Greenfield system Dis-integrated processes

    ➧ Integrated processes within & across systems Undocumented processes ➧ All processes modelled in BPMN 0 workflows ➧ 54 workflows Security by copying users ➧ Deterministic security Username/password login ➧ Single Sign-On everywhere

19. IBP C4C 🧑💻

20. Technology is the Easy Part… Login accounts & Office 365

    ➧ SailPoint Identity IQ SAP User accounts ➧ SAP Identity Management Single Sign-On ➧ SAML & Azure AD Segregation of Duties ➧ SAP GRC

21. Technology is the Easy Part… relatively

22. Technology is the Easy Part… relatively

23. Technology is the Easy Part… Technology Process Data

24. Data One single org structure covering all workers. ! "

    # $

25. Data One single org structure covering all workers. …including contractors!

    ! " # $ %

26. Data 34 HR/Payroll systems ➧

27. Process How to make sure data is maintained? 🤔

28. Process How to make sure data is maintained? Imperative Processes!

29. Process How to make sure data is maintained? Make it

    easy to do the right thing Make it hard to do the wrong thing

30. Process How to make sure data is maintained? Must be

    in SuccessFactors to get a Login Single Sign-On everywhere Access to SAP systems determined by Job and Org assignment Automated provisioning - no manual exceptions

31. Change is Hard! • HR didn’t want contractors in “their”

    SuccessFactors • No business owner for identity • Some people didn’t “need” logon account • Exceptions – “we are special”

32. Executive Support Technology Process Data Exec Support

33. Executive Support We are changing how people work.

34. Art by Hugh MacLeod: www.gapingvoidart.com/gallery/dinosaur

35. What Worked for us • Influence from Non-HR Execs whose

    processes rely on accurate Org Data • Multiple systems run workflows • Compliance monitoring of safety training for all workers • Audit pressure

36. User Provisioning (2020) SuccessFactors Office 365 SAP S/4HANA etc. 👩💼

    👨💻 Active Directory Fieldglass SAP IdM SailPoint IIQ ServiceNow SAC IBP SAP GRC AC etc. SCCM AD Groups 🖥

37. One Source of Truth SuccessFactors Office 365 SAP S/4HANA etc.

    👩💼 👨💻 Ac0ve Directory Fieldglass SAP IdM SailPoint IIQ ServiceNow SAC IBP SAP GRC AC etc. SCCM AD Groups 🖥

38. Make it Imperative SuccessFactors Office 365 SAP S/4HANA etc. 👩💼

    👨💻 Active Directory Fieldglass SAP IdM SailPoint IIQ ServiceNow SAC IBP SAP GRC AC etc. SCCM AD Groups 🖥

39. You may have > 1 Tool… SuccessFactors Office 365 SAP

    S/4HANA etc. 👩💼 👨💻 Ac0ve Directory Fieldglass SAP IdM SailPoint IIQ ServiceNow SAC IBP SAP GRC AC etc. SCCM AD Groups 🖥

40. SAP IdM vs. SailPoint IIQ

41. SAP IdM vs. SailPoint IIQ Different strengths Different licensing models

    Skill availability Pick your battles…

42. SAP IdM vs. SAP Cloud Identity Services • SAP IdM

    is abandonware, but known & extensible • SAP Cloud Iden:ty is new & unknown è Use the boring tool. Is this where you want to spend your innova2on budget? ⚖ 👺 👹

43. Challenges • SAP IdM Skills Availability • Missing connectors to

    SaaS systems à custom Java code • Incomplete APIs in SaaS systems à clunky provisioning • Mindset shift for Support and End Users

44. Future Opportunities Manage Identities Protect Iden00es Protect Data Secure BYOD

    etc.

45. Enabler for More: Data Protection

46. Summary Data One Org Chart Process Make it hard to

    do the wrong thing Executive Sponsorship From outside IT and HR! Tooling Be pragmatic – use what works Change Management for IT Change Management for Business users

47. How to Connect with Me E: [email protected] M: +65 8799

    1446 Li: linkedin.com/in/saschawenninger @sufw