SAP-Compliant Identity Management

As a strategic partner of SAP, we offer our customers SAP Solution consulting, management and support in the SAP authorization environment.

Audit-proof access concepts increase data security, reduce risk and support the fulfillment of reporting and audit requirements. As a long-standing SAP partner, we have built up comprehensive know-how in all aspects of the complete SAP user lifecycle, as well as sustained project experience in leading positions with well-known customers in the implementation of identity management and compliance solutions in complex IT landscapes.

Efficient, time- and cost-reducing: this is what KOGIT stands for in this demanding field and where we play a leading role in the market.

We are already looking back on more than 10 years of partnership with SAP. During this time, we have implemented numerous projects for our customers from a wide variety of industries. Since 2019, we are no longer a SAP SilverPartner but a proud SAP GoldPartner.


Years of SAP experience


Years of SAP partnership


Experienced specialists



Using various SAP Identity Management solutions, we offer our customers central user data and authorization management. The result of a centralized authorization management is independent of an SAP or non-SAP environment.

As a SAP Solution Consultant, we implement Compliant Identity Management in conjunction with SAP Access Control. The SAP component is responsible for user provisioning. At the same time, SAP Access Control automatically checks the risks of rights assignment. We advise our customers on all security and legal issues and meet the requirements of auditors. A complete record is kept of decisions regarding the granting and withdrawal of authorizations.

SAP Identity Management:

  • Central control of the complete provisioning of all IT users
  • Integration of all personal data as well as authorizations in the complete heterogeneous system landscape of a company
  • Automated assignment of required roles and permissions by the software when creating a new account
  • Authorization assignment via approval workflow: employees for themselves, superiors for their employees
  • Central frontend enables, for example, authorizations for predefined time periods
  • Complete Compliant Identity Management through additional use of SAP Access Control
  • Connector framework provides connection to numerous target systems and databases (e.g. LDAP-based directories and Java Database Connectivity (JDBC))
  • Integration of applications and directory services such as Microsoft Active Directory and Microsoft Exchange
  • Role-based access control based on the role-based access control standards of the National Institute of Standards and Technology (NIST)
  • Heterogeneous applications and services can be connected to SAP Identity Management in a standardized way via the Service Provisioning Markup Language (SPML).
  • Identity virtualization for cross-network exchange of identity data and access rights
  • Data synchronization between all connected applications
  • Reporting and auditing functions

Audit-compliant and efficient: Smart SAP Access Management

We offer our customers the option of Smart SAP Access Management especially for the SAP area. Our services include:

  • SAP – Security Check
    • Testing the security relevant basic settings of the SAP production system to reduce risks
    • Checklist, both for the implementation of a security concept and for the development of a monitoring concept
    • Documented recommendations for security-relevant settings and adjustments
    • SoD check
  • LRM – Lean Role Management
    • Best practice approach to SAP role creation after previous evaluations
    • including role documentation and responsibilities
  • EAM – Extended Access Management
    • Support case and emergency user concept for SAP
    • Logging of critically-classified processes
    • Control and approval functions
  • Audit- and review-handling
    • Identify and optimize existing authorization checks
    • Accelerate new SAP authorizations and quality verification
    • Documentation of your SAP security concept and system comparison
    • Test of new permissions – unnoticed in production – with revolutionary test simulation (pTs)
    • Integrated change management functions

Upgrade to SAP NetWeaver Identity Management 8.X

SAP has discontinued support for SAP NetWeaver Identity Management (SAP IdM) 7.2 in December 2018. Version 7.2 is still used much more frequently than the successor version 8.0, which presents many companies with the challenge of upgrading their IdM system in good time so as not to lose important support services. KOGIT helps companies to use the upgrade to revise their Identity Management System as a whole.

Take advantage of the upgrade opportunities

An upgrade from SAP IdM 7.2 to version 8.0 can, however, be an opportunity for many companies to finally tackle long-planned innovations in the IdM system – such as clearing out the role model or introducing automation of user administration.

In addition, SAP IdM 8.0 offers some fundamental advantages over the previous version. Development and configuration can now take place in packages, whereby the development of the individual packages does not interfere with each other. For example, granular access control allows a user to see developments but not change them. With the graphical designer, processes can finally be set up in the same way as with other programs, and jobs can be started or configurations adapted via the extended administrative web interface. In addition, the speed and performance of the newer version is significantly better.

SAP IDM 8.0 has finally grown into the SAP world. Since SAP bought the IdM software from MaXware in 2007, it has become more of an SAP product with each release. With version 8.0, the Identity Management Developer Studio development environment no longer runs on Windows, but rather on Eclipse, a platform-independent platform – just like the other SAP products. In addition, SAP IdM can also be controlled via SAP HANA or even run on HANA for the first time.

Upgrade strategies

When upgrading to SAP IdM 8.0, different strategies can be pursued – depending on how close the installation is to the SAP standard and how intensively IdM is used in the company. KOGIT advises on the choice and implementation of the right strategy. However, companies must be prepared to make their own resources available for the upgrade, internal know-how building and testing.

For some companies, a minimum solution with comparatively little effort is the best option. Such a solution would be to simply patch the system. The entire content, such as global constants, connectors, scripts and forms, is then in one package. This approach is initially cost-effective. But it also has some disadvantages. This means that testing and future developments will require a great deal more time and effort. In addition, the features that come with version 8.0 cannot be used. This is because SAP IdM 8.0 now has a number of standard mechanisms that previously required complex, customer-specific adaptations in the IdM installation. In order to make the upgrade sensible and future-proof, the resulting large package would have to be dismantled and individual functionalities handled separately.

For a thorough update, KOGIT offers two different strategies. On the one hand, a completely new system can be set up, into which the data can be imported. However, this means that the history is lost. Alternatively, the system can be further developed on the basis of a copy of the productive system in a test environment. During a workshop, KOGIT’s IDM experts can discuss the best upgrade strategy with you.

Learn more
We would be happy to advise you on how you can guarantee security, reduce costs and optimize services with KOGIT and SAP Identity Management.