BetterCloud is well suited for small to medium sized companies where a small technology support team can exponentially improve their capacity thru the available automation. When a company's data set starts to grow larger than 50-60 million objects and ~30k+ users there is still a good return on the investment but the population that BetterCloud has catered to for so long does not seem to be plentiful and shared experiences and community are just not there. Where a company that size might have a handful of technically capable team members that push for functionality that doesn't seem niche, there isn't much of a crowd to bounce those large scale ideas off of.
SAP Identity Management manages organization identities centrally with a great amount of flexibility and efficiency. Compared to the conventional SAP solution of central user administration (CUA), SAP IDM (version 7.2/8.0) delivers a great number of benefits like: 1. Availability of connectors for non-SAP application identity management,
2. Modular/granular access management in the form of context-based business role definition.
3. It can be integrated with the SAP HR system for making entire user identity management automatic.
Allows us to quickly audit and assign delegates to email account, something that's completely missing in Google as an administrative function
Allows us to automate offboarding of a Google account
Allows us to perform bulk actions, like assigning email signatures and forwarding to hundreds of accounts at a time
Allows us to audit Google Drive files. Orphaned files are very common in Google Workspace, and BetterCloud allows us to find them and take ownership of them.
In my previous organization, to achieve the granularity of access based on organization restrictions, we implemented enabler role-based security roles. Provisioning the enabler roles through the SAP GRC was a great challenge (realistically improbable). Here came the SAP IDM to our rescue. It has a peculiar feature of context-based business role provisioning feature.
Customized context & its association with security roles & user HR attributes, give us unique ability to achieve granularity of access provisioning.
SAP IDM integrates with the SAP HR system and identity management becomes automatic.
SAP Identity management should come up with connectors for almost all not SAP applications, which will enable the use of SAP IDM as a one-stop solution for organizations' identity management.
Support for BetterCloud is excellent. They have fantastic email support who are very responsive and knowledgeable, but more importantly they have chat support that are absolutely top-notch. They have not only the knowledge to answer and help, but the capability to solve without escalations or runarounds. These support folks are the real deal.
As IDM heavily relies on JAVA/SQL as a development language, finding skills resources sometimes becomes challenging. But SAP has strong support available for this product which makes it reliable for long term use within an organization.
BetterCloud has a much more friendly UI when it comes to building workflows as I've mentioned before. Our team has visited Okta workflows a number of times but it was incredibly difficult to replicate our current BetterCloud workflows into Okta because the Okta UI for workflow building is hard to follow and create
SAP IDM offers a great deal of benefits/features compared to conventional access provisioning with SAP.
1. Conventional SAP user administration solution like CUA has great limitations. e.g. only SAP systems can be managed. Low-performance issues, unreliable access provisioning, and risk analysis were missing.
2. SAP IDM integrates with SAP GRC solution to perform the reliable risk analysis before access provisioning. Its context feature allows granular access provisioning.
SAP IDM has the huge potential to minimize risks arising out of disorganized identity management within an organization. As all identities are managed centrally, there is very little room for manipulation of an identity.
As this solution has the ability to integrate with SAP GRC, risk analysis becomes mandatory before any access provisioning takes place.
As the solution is automatic, hiring to employee exits is managed with a minimal margin of error.
