SAP NetWeaver Identity Management is the software acquired by SAP from MaXware for identity management (IdM).
N/A
WatchGuard AuthPoint
Score 9.0 out of 10
N/A
AuthPoint Total Identity Security provides businesses with a solution to protect user accounts and credentials. With
multi-factor authentication, password management, and dark web credential
monitoring, AuthPoint mitigates the risks associated with workforce credential
attacks.
AuthPoint adds an extra layer of security by monitoring for
potential credential exposure in the dark web for both personal and corporate
accounts.
SAP Identity Management manages organization identities centrally with a great amount of flexibility and efficiency. Compared to the conventional SAP solution of central user administration (CUA), SAP IDM (version 7.2/8.0) delivers a great number of benefits like: 1. Availability of connectors for non-SAP application identity management,
2. Modular/granular access management in the form of context-based business role definition.
3. It can be integrated with the SAP HR system for making entire user identity management automatic.
Watchguard Authpoint is well suited to both small and large companies and scales well. It can be adapted to a number of token delivery methods, and mutliple methods (Push, QR code, OTP) can be used simultaneously to support users in different authentication contexts. The geokinetics function allows for real control of international travelers distinguishing them from random individuals using stolen credentials in random remote locations.
In my previous organization, to achieve the granularity of access based on organization restrictions, we implemented enabler role-based security roles. Provisioning the enabler roles through the SAP GRC was a great challenge (realistically improbable). Here came the SAP IDM to our rescue. It has a peculiar feature of context-based business role provisioning feature.
Customized context & its association with security roles & user HR attributes, give us unique ability to achieve granularity of access provisioning.
SAP IDM integrates with the SAP HR system and identity management becomes automatic.
SAP Identity management should come up with connectors for almost all not SAP applications, which will enable the use of SAP IDM as a one-stop solution for organizations' identity management.
Today to ensure our ISO 27001 certification it is important that we maintain this solution. Today it is part of the way any employee within the organization works, we no longer have any other way of working and it is the simplest way to ensure that access to the workstation is done with MFA.
After initial setup, it practically runs itself. Onboarding new users is fast and easy as it should be. The AuthPoint mobile app is small and simple to use. The only reason I do not give it a 10 is that I frequently get complaints from end users that the AuthPoint app is "constantly downloading". In fact, it's not downloading anything and that what the users are seeing in the app is a timer for the 6-digit code that changes every minute.
As IDM heavily relies on JAVA/SQL as a development language, finding skills resources sometimes becomes challenging. But SAP has strong support available for this product which makes it reliable for long term use within an organization.
WatchGuard support is always quick and reliable. They have urgency levels that you are able to select when creating your support ticket, and they respond in accordance to the severity that you have set. I have never had an issue with getting someone on the phone in the same business day, even for very low priority issues.
It was an Onsite demo at the ditributor with the benefits of Watchguard Authpoint. Was very nice to see the abilities of the product. This Demo was a few years back, since then Authpoint changed allot. It is very nice for partners that you can get this demo without any aditional cost.
We use the online training for all our employees. There are both sales and technical trainings available and there even is a technical certification. You can use this for the Watchguard Partner Program which can give you aditional benefits. Every now and then you have a webinar that discusses multiple Watchguard products.
the first time it takes more effort. It is helpful to already understand how each authentication type works. Then it's much easier to understand the MFA solution that you implement. It is useful to check the release notes from time to time and update the key parts of the Watchguard Authpoint. Authpoint Gateway, Logon App, RDWeb... Also, it's useful to set up notifications when something goes wrong or sometimes check the statistics of how many requests are being approved/denied, etc.
SAP IDM offers a great deal of benefits/features compared to conventional access provisioning with SAP.
1. Conventional SAP user administration solution like CUA has great limitations. e.g. only SAP systems can be managed. Low-performance issues, unreliable access provisioning, and risk analysis were missing.
2. SAP IDM integrates with SAP GRC solution to perform the reliable risk analysis before access provisioning. Its context feature allows granular access provisioning.
I would slot Authpoint as better than ESET but not Duo. ESET has the same limitations as Watchguard in the OTP support. It also is an on-prem installed console rather than a cloud, which increases cost and maintenance requirements. The duo now supports standard OTP for admin accounts, so it can be managed by a team.
SAP IDM has the huge potential to minimize risks arising out of disorganized identity management within an organization. As all identities are managed centrally, there is very little room for manipulation of an identity.
As this solution has the ability to integrate with SAP GRC, risk analysis becomes mandatory before any access provisioning takes place.
As the solution is automatic, hiring to employee exits is managed with a minimal margin of error.
Our end uses found this product very easy to use. Using one overview session, I have not had to follow up with users to access the product.
Once deployed, other users in our environment heard about the ease of use. We then had a 25% increase in requests for the product.
This product has added to the overall satisfaction of users having to work offsite, attend conferences and other travel while still being able to stay connected to their work product.
