Likelihood to Recommend The system is great for enterprise or larger IT departments or teams where temporary or full access may be given using privileged IDs. Requirements for needing local admin access is also eliminated which can help with specific Windows workstation related tasks. It can be very useful when working with remote teams or contractors who may need temporary access to a system when required.
Read full review SAP Identity Management manages organization identities centrally with a great amount of flexibility and efficiency. Compared to the conventional SAP solution of central user administration (CUA), SAP IDM (version 7.2/8.0) delivers a great number of benefits like: 1. Availability of connectors for non-SAP application identity management,
2. Modular/granular access management in the form of context-based business role definition.
3. It can be integrated with the SAP HR system for making entire user identity management automatic.
Read full review Pros Automatically discover new servers on the network and take control of the local admin password by vaulting it and ensuring nobody knows the password. A different password on every server. Automatically roll the password in a configurable manner - after each use, after a certain period of time, etc. Track and govern sensitive account usage by ensuring only properly authorized users can access the vault and obtain the credentials and then monitor usage. Read full review In my previous organization, to achieve the granularity of access based on organization restrictions, we implemented enabler role-based security roles. Provisioning the enabler roles through the SAP GRC was a great challenge (realistically improbable). Here came the SAP IDM to our rescue. It has a peculiar feature of context-based business role provisioning feature. Customized context & its association with security roles & user HR attributes, give us unique ability to achieve granularity of access provisioning. SAP IDM integrates with the SAP HR system and identity management becomes automatic. Read full review Cons GUI - right now everything is on one page/dashboard. Some level of folder/Safe type view would be great More options when storing passwords - especially for network based passwords Better integrations with vendors like Cisco so that admins dont need to really get the password from the vault (think Last Pass type add on) Read full review SAP Identity management should come up with connectors for almost all not SAP applications, which will enable the use of SAP IDM as a one-stop solution for organizations' identity management. Read full review Support Rating Customer support and technical support have always been great when we require assistance. Especially when we come across issues that we're not familiar with.
Read full review As IDM heavily relies on JAVA/SQL as a development language, finding skills resources sometimes becomes challenging. But SAP has strong support available for this product which makes it reliable for long term use within an organization.
Read full review Alternatives Considered It is known as one of the safest products in the market. It has good support and is also available as on-premise. You can run it virtually on VMWare (and probably on other hypervisors as well). You can have a second instance on bare metal and that makes it a very safe system.
Read full review SAP IDM offers a great deal of benefits/features compared to conventional access provisioning with SAP.
1. Conventional SAP user administration solution like CUA has great limitations. e.g. only SAP systems can be managed. Low-performance issues, unreliable access provisioning, and risk analysis were missing.
2. SAP IDM integrates with SAP GRC solution to perform the reliable risk analysis before access provisioning. Its context feature allows granular access provisioning.
Read full review Return on Investment Decreased the probability of an external cyber attack to privileged accounts.. Management can control privileged account life cycle management more effectively Recording privileged sessions allows our organization to play back exactly the point of a breach or malicious behavior Automated system to manage and verify passwords, as privileged accounts are constantly created and deleted Automatic PWD change functionality will substantially decrease probability of PWD theft or misuse. Read full review SAP IDM has the huge potential to minimize risks arising out of disorganized identity management within an organization. As all identities are managed centrally, there is very little room for manipulation of an identity. As this solution has the ability to integrate with SAP GRC, risk analysis becomes mandatory before any access provisioning takes place. As the solution is automatic, hiring to employee exits is managed with a minimal margin of error. Read full review ScreenShots CyberArk Privileged Access Management Screenshots