SAP Migration To MyID - 2023-11-30

Sessa, Fabio (Grp SD Operations Manager)
What I mean by that when you join under a job profile, you get automatically assigned some groups
and some software.

Is this what we are trying to to achieve eventually?
Delaney, Michael (Tech Specialist - IAM)

So that would be like in the future after like that, it would be definitely possible if SAP was on the
system to like attach it to like business rules. But I think this this project is to get SAP on my ID and
then have it like you know at stations. So being able to add and remove people from groups basically.

Why I was saying Donald just joined at the right time is because we need to understand technically, if
actually there is a connector between my idea and SAP that when we add the group or the add, the
group is added on my ID, it can automatically removed or added on SAP and Donald that's already
say that for certain rules we need the segregation of duties and stuff. So we we need to understand if
there's a smart.
Cumming, Donald (Operations Manager)

Yeah. So I'm guessing this this meeting was put on on the back of a discussion that that we had with
Iris and the my ID team about the requirement to basically enrol.

Cyber Ark, amongst other things as well, Fabio that we need to do things like the system users,
technical users, automatic rotation of of passwords and all this kind of stuff.
And I obviously said that there's a number of users in SAP and other applications as well that would
perhaps be deemed privileged.
And so much as they can change the configuration of the application.

And we've got got the steer that the access control around that would need to be managed via my ID
so.
Basically, what what we've said is group ERP at the moment is that we can't do anything.Before year
end, because we just have so much on. And it was, it wasn't planned.
To deliver this, but the early in the new year, we'll hopefully put. A project in place, so we'll have
APM and we might have some resources assigned to it that will hopefully.Across all our platforms,
not just SAP, all the different scenarios. So where we use privilege users where we have technical
user system users need all rotation. So we'll detail all the scenarios and then we'll have to engage
with the my ID team.To determine whether or not they can address all these scenarios with kind of
connectors so you know, I know that.There is possibility to connect to SAP.
Using Cyber Ark and, you know manage access, you know it can the same be said for business
objects for the Hanna database, for other applications as well. So so we're going to have to go with
each of these scenarios and see if technically the tool can facilitate.
Then once we've determined if it can facilitate, we have to go through some testing.
0:4:14.610 --> 0:4:14.810

Mm hmm.
0:4:14.270 --> 0:4:15.830
And then we have to look at.
0:4:17.70 --> 0:4:31.750

In in practical terms, how will be implemented so from a service desk perspective, Fabio, I mean I'm I
suppose I'm thinking that we'll need to clearly define which roles are assigned to users, will deem
them to be a privileged user.
0:4:33.390 --> 0:4:43.750

And then your team will need to understand that when those roles are assigned to that user, that
they perhaps need to be provisioned with A-2 account.
And their access will need to be managed via Cyber Ark into SAP.
What we deem as as as privileged, don't know if it's kind of group or ERP and so on. Do you know like
you know with ability to access SE 38 and run programmes directly in the system and adjust roles
and you know change authorisation and you know then maybe 30 or 40 users.
OK. No. OK. So so that that's that's that's much easier than what I thought initially because there was
another dispatcher going on with Gareth, which was can we can we automatically instead of raising a
ticket and someone will manually add the rules to you know the the finance guy in GF4 for instance
or the share service centre as it was called before instead of doing that. Can we automate that part?
So I thought she was that but actually is the is the privileged users.
Yes. Yeah, I mean, I know I know there's been discussions with the Idam team about whether or not
we could.
Automate the assignment of roles to users via Spark
0:6:31.30 --> 0:6:34.190

Spark, I will say spark with yeah, yeah.
0:6:37.630 --> 0:6:38.190

Henrik de Jong
Guys.
0:6:35.370 --> 0:6:39.130

Yeah, but it's not been so very week, yeah.
0:6:37.60 --> 0:6:40.500

Sorry, Henrik, I know you've had your call your hand up for a while, so.
0:6:42.890 --> 0:6:43.330

Henrik de Jong
Yeah.
0:6:43.370 --> 0:6:50.10
Henrik de Jong
It's a polite way of allowing you to finish your story, and then I'll can probably continue.
0:6:50.970 --> 0:6:51.290

Henrik de Jong
All right.
0:6:51.730 --> 0:6:57.370

Henrik de Jong
I'll, I'll take my hand down. Alright. OK. Yeah. So I'm hearing already several scenarios. Several.
0:6:58.650 --> 0:6:59.930

Henrik de Jong
Kind of, yeah.
0:7:1.650 --> 0:7:2.50

Henrik de Jong
Cases.
0:7:3.810 --> 0:7:4.530

Henrik de Jong
I think.
0:7:6.210 --> 0:7:12.930

Henrik de Jong
Did this whole thing about this application is, I think initiated by a few findings.
0:7:14.210 --> 0:7:14.930

Henrik de Jong
Based on the audit.
0:7:16.450 --> 0:7:37.370

Henrik de Jong
So on one side we have the the findings which and and and then the solution for that would be. Then
in general quotes on boarding the application to my ID and then second. I also heard you're talking
about. So what? What can my ID do for SAP in terms of?
0:7:38.320 --> 0:7:40.880

Henrik de Jong
Provisioning user.
0:7:42.610 --> 0:7:45.250

Henrik de Jong
Relations and and all these kind of things.
0:7:46.690 --> 0:7:57.130

Henrik de Jong
I know for a fact that my ID which is 1 identity in, has several sorts of connectors which can also
connect to SAP.
0:7:58.770 --> 0:8:8.490

Henrik de Jong
And these connectors can pretty much do everything when it comes to creating user sub users can
creating roles.
0:8:10.490 --> 0:8:13.210

Henrik de Jong
Relation between roles.
0:8:13.730 --> 0:8:18.290

Henrik de Jong
And and and sub users groups subparameters.
0:8:19.690 --> 0:8:26.90

Henrik de Jong
All these kind of things, it's all managed, it's it's gonna be all managed by by using this this connector.
0:8:31.550 --> 0:8:32.670

Henrik de Jong
Yeah. So.
0:8:34.190 --> 0:8:57.710

Henrik de Jong
The question is on one side we have those findings which initiated this discussions, I think and 2nd I
also hearing that there were also some discussion in the past about other things where mighty can
come into place when about requesting excesses in SAP or creating accounts in SAPI. Also here
talking about birthright roles, which is all about someone.
0:8:59.350 --> 0:9:5.30

Henrik de Jong
Arriving in the system or, you know, start working for Sky. And then because of certain conditions.
0:9:16.200 --> 0:9:16.240

M.
0:9:6.660 --> 0:9:18.860

Henrik de Jong
Requires a accounting SAP and also a few basic roles. For example, this all can be managed within my
idea. That's what I would like to to touch on right now.
0:9:20.360 --> 0:9:21.680

No, I appreciate.
0:9:20.290 --> 0:9:32.570

And and and my and my apology as well. I think some of what I said there was in relation to Cyber
Ark, not my ID when I was talking about passwords, rotation and so on. So my apologies.
0:9:31.460 --> 0:9:32.620

Henrik de Jong
Yeah, that, that's about.
0:9:33.810 --> 0:9:36.850
Henrik de Jong
Yeah. OK, that that that's a separate track, I would say.
0:9:39.290 --> 0:9:53.650

Henrik de Jong
I don't see yet the full picture about how that fits into my ID cyber. I call it then. OK you you store
passwords there in a Safeway and also about possible rotation and these kind of things.
0:9:54.900 --> 0:9:55.100

Yeah.
0:9:55.0 --> 0:10:3.120

Henrik de Jong
Looks to me like a separate process that also needs to be set up for. Yeah, I'm privileged user
accounts for example.
0:10:4.530 --> 0:10:9.530

Henrik de Jong
Yeah. So we have then I probably have two tracks. One is my idea, the other is cyber.
0:10:10.530 --> 0:10:10.690

Yeah.
0:10:11.100 --> 0:10:13.540

Henrik de Jong
And and we are more on the error of cyber.
0:10:10.400 --> 0:10:13.840

Yeah, I think Corey's working on the Cyber Ark side.
0:10:15.800 --> 0:10:17.120

Henrik de Jong
So sorry, can you say again?
0:10:15.440 --> 0:10:21.720

Yeah, Corey's working on the Cyber Ark side. Cody's working on the Cyberkite for everything, yeah.
0:10:21.810 --> 0:10:23.330

But Donald.
0:10:20.520 --> 0:10:23.880

Henrik de Jong
Yeah, yeah, right. And we are under my idea, yeah.
0:10:24.990 --> 0:10:41.270

So don't. How does he work with the single sign on? Because today when you launch launch the GUI,
he automatically log you in with your normal account. So if people will have a normal account for
certain activity and dash 2 for others, how do they log in?
0:10:40.650 --> 0:10:45.970

Yeah, that's what it's like. That's what I would like to understand. I mean, how how it works, I mean,
yeah.
0:10:44.550 --> 0:11:4.950

So, yeah, so Cyber Ark, Cyber Ark, when you put your account into it, you log in with your normal
account and then if you wanted to access a system like SAP, you would have that that like account for
SAP and Sky Vault where you would like press connect and connect to the SAP system with that
account.
0:11:8.250 --> 0:11:9.210

And and what?
0:11:5.940 --> 0:11:10.300

So that's how it would work on Sky Vault, so it'd all be connected to your normal account.
0:11:10.930 --> 0:11:23.730

And what does it so does it then launch the GUI on your local laptop or does it launch the GUI on a
kind of like a jump post? Or like what? What what? What does it do? Do you do you know?
0:11:23.530 --> 0:11:31.130

So. So that said, that's different for all the systems. So that said, like that'll be cyber Ark side, I think
there was talks about like.
0:11:32.350 --> 0:11:36.990

Getting for like SQL and that I'm not sure what like how SAP works but SQL.
0:11:35.970 --> 0:11:47.770

No, no, so so so. So for. So let's just talk about the application side. So you, my idea is what we're
going to use to log privileged users in. And as I said, you might have 30 or 40 users that might be
deemed.
0:11:46.720 --> 0:12:11.760

So, so so the my the side of The thing is basically will pull the information from SAP and have a
connection between like all the users on SAP and all the groups on SAP. And then that'll be attested.
So say I'll go to like to the line manager of whoever the user is. So that's completely different from
the Cyber Ark side of getting it managed.
0:12:13.980 --> 0:12:15.900
The yes.
0:12:10.20 --> 0:12:17.140

OK. And Cybar will be the one that actually provisions that, that allows them the the login
mechanism, right? OK.
0:12:24.860 --> 0:12:26.180

So the my idea.
0:12:17.10 --> 0:12:27.330

Yes, so so that's that's as far like the attitudes, a connection to SAP and then connecting that to my
ID, yeah.
0:12:27.260 --> 0:12:29.180

So the my ID party will basically.
0:12:29.140 --> 0:12:37.380

Henrik de Jong
Right, it's it's right. It's cyber arc is then using for for provisioning while midi's only for doing at
station.
0:12:39.820 --> 0:12:40.60

So.
0:12:39.425 --> 0:13:8.945

So the the I'll be like connected. So I'll be like the all the systems will be like on the user's profile. So
you'll be able to see this person has SAP that that SAP has like an account and sky vault. So all be like
connected to the person and eventually like like when at the station comes up it'll be a case of does
this person still need this access if he doesn't need it my D will remove the access from that person.
0:13:9.925 --> 0:13:22.805

Henrik de Jong
Yeah, I understand that, but I I just thinking about what it's been said shortly about Cyber Ark being
in charge of.
0:13:24.965 --> 0:13:31.525

Henrik de Jong
Provisioning accounts and then these kind of things, is that what Cyber Ark should do?
0:13:31.885 --> 0:13:39.805

Henrik de Jong
While my ID mainly is gathering all this data and then allowing to run particular attestations on this
data.
0:13:42.175 --> 0:13:52.655
Henrik de Jong
And even and and and as well as when certain access are not required anymore. That's this. All will
go through Cyber Ark. When it comes to depressioning.
0:13:54.465 --> 0:13:57.545

Henrik de Jong
That is, that's what I'm taking right now. But if that's right.
0:14:13.235 --> 0:14:14.275

Henrik de Jong
Yeah, alright.
0:14:0.115 --> 0:14:33.355

See, that's what, like I think Gareth said that he was going to join the call, so it would have been good
if he did. But I think I think the case is like mighty needs permissions to like add and remove people
from groups. And then like in a future project, we could get it like added on to the like the mydi store
supervision like users and accounts and get them added to Sky Vault and all that. But like for this
project, it was a case of just get the connection, get at station sorted while Cory's working on.
0:14:34.35 --> 0:14:36.115

Getting the Dash 2 sorted. Getting there.
0:14:37.105 --> 0:14:40.185

Sky Vault site sorted for all the platforms and connections.
0:14:41.615 --> 0:14:42.335

Fabio.
0:14:57.285 --> 0:14:57.565

Yeah.
0:14:44.615 --> 0:15:5.215

So I've come at this probably from more the Cyber Ark side that from a cyber ark perspective, the
privileged users need to log in using Cyber Ark. And my assumption was attestation. I don't know if
there's a wider steer here which is maybe your initial concern around attestation of all users.
0:15:6.895 --> 0:15:12.895

And I see because I know that it's a really onerous and manual process to do that attestation across
finance.
0:15:14.695 --> 0:15:22.335

And I suppose, yeah, there is a question there. Whether or not it would be preferable to do.
0:15:22.355 --> 0:15:25.355
You know that attestation via my idea going forward.
0:15:28.385 --> 0:15:29.425

Yeah. OK.
0:15:42.285 --> 0:15:42.525

Yeah.
0:15:45.765 --> 0:15:46.5

Yeah.
0:15:24.805 --> 0:15:52.845

I actually, yeah. Yeah, that that was my steer, to be honest, you know, because we removed the
burden for our controls basically there is manual and you know every every quarter I believe an e-
mail is sent I think I think you go at this. I don't know if you got a decision for your team as well to do
on my ID but you know you know the process is quite a the the the line manager is responsible for
that and that will save us for lots of.
0:15:54.405 --> 0:15:55.205

Controls and.
0:15:58.285 --> 0:15:58.485

Yeah.
0:16:0.675 --> 0:16:0.835

Yeah.
0:15:55.945 --> 0:16:3.225

And audit as well. So that's why I thought stay, you know, we could do for everyone rather than.
0:16:12.55 --> 0:16:12.455

Yeah, yeah.
0:16:12.305 --> 0:16:13.825

Yes, this Yep.
0:16:2.625 --> 0:16:14.145

Yeah, so so ignore, ignore my kind of suggestion. It was just privileged because. Sorry, I'm. I'm getting
confused between these. These identity management systems.
0:16:14.605 --> 0:16:17.45
Henrik de Jong
Yeah, I see from me. Yeah, I see from me.
0:16:15.155 --> 0:16:45.795

Nothing but but but so if I can, if I can just summarise. So basically someone with request access on
my ID, my ID and Michael. Correct me if I'm wrong, my ID will send a request to the manager, the
manager approve, the person will get the role and it will be attestated every quarter of every year. I
don't know whatever then that person to access the tool so SAP will need to log in with the user
name.
0:16:46.5 --> 0:16:58.805

Password the the normal username and password on Cyber Ark and within Cyber Ark there will be a
button say connect to SAP and that where is the password is rotated.
0:17:0.245 --> 0:17:11.925

Every I don't know 24 hours or whatever. So this is basically the flow Donald to give you just a very
incorrect me if I'm wrong guys, if I'm if I'm, if I don't say something.
0:17:11.275 --> 0:17:31.315

So. So the only the only part about that is I'm not sure like about the groups like us adding the groups
yet I could because that's that's adding something to the store before that even we get to that part
we need to be able to see SAP and get all the connections.
0:17:32.465 --> 0:17:37.825

Tusap so we can do all of that like what you said, but.
0:17:39.5 --> 0:17:39.445

OK.
0:17:39.345 --> 0:18:4.825

The main the main goal is to just get all the information on Mighty 1st and just a test. So remove
groups. Basically if they're not needed, that's the main goal. But again, like we can add the extra have
a shop where somebody raises a request for access, it goes to Sky Vault. You'd be able to connect to
SAP to Sky Vault, so that's all possible, but the main goal is to.
0:18:5.985 --> 0:18:9.25

Get SAP attested from ID basically.
0:18:9.835 --> 0:18:11.675

Yeah, I think this. I think this this.
0:18:10.475 --> 0:18:14.155
Henrik de Jong
Yeah, that I totally agree with that. Yeah, so.
0:18:16.455 --> 0:18:24.895

Henrik de Jong
And then, knowing that mighty has a connector for SAP, it's just a couple of minutes to fill in all the
required.
0:18:26.535 --> 0:18:33.695

Henrik de Jong
Connection details like credentials, URLs and stuff like that. And then you simply can onboard every
data that's in the system.
0:18:35.275 --> 0:18:44.435

Henrik de Jong
It's just with a hit of a person and it then starts fetching all the data from SAP, bring it into my ID and
that's where you can start working on at the stations.
0:18:47.195 --> 0:18:47.795

Yeah.
0:18:58.325 --> 0:18:58.765

Henrik de Jong
Right.
0:19:2.715 --> 0:19:3.595

Henrik de Jong
Exactly.
0:19:19.885 --> 0:19:20.85

Henrik de Jong
Thank.
0:18:47.165 --> 0:19:21.125

Yeah. So we would just need that like the information to connect to SAP then and then decide how
that stations are going to work. Like, do you want it by line manager or like manager of groups, stuff
like that. So and then after after all that set up, we'll be able to get like other stuff added to the shop,
like create an account. But for the create an account and all that stuff, that's this cyber ark stuff
needs to be completed first. So at station first for our side and then for side by our side, do you need
a platform first?
0:19:21.765 --> 0:19:23.5

And then we can create a shop item.
0:19:22.325 --> 0:19:31.245

Henrik de Jong
But it's. But it's Cyber Ark used for all types of uses or only the high privilege users.
0:19:31.965 --> 0:19:32.805
That's pretty much.
0:19:29.745 --> 0:19:33.65

I think it's just privileged. I think it's just a high privileged.
0:19:32.225 --> 0:19:33.105

Henrik de Jong
Only the privilege.
0:19:34.415 --> 0:19:35.215

Henrik de Jong
Yeah, right.
0:19:33.515 --> 0:19:47.635

Yeah, well, it could. It could be used for like you could put any any type of SAP users on it. Like you
could add your own. It's needs to be for privileged, but normal users can use it as well.
0:19:49.85 --> 0:19:50.565

I think we, I think regards.
0:19:49.405 --> 0:19:54.525

Henrik de Jong
Yeah, but, but, but do you do normal uses required to use SAP?
0:19:56.115 --> 0:19:56.795

Yes.
0:19:56.345 --> 0:19:56.985

Yes.
0:19:58.135 --> 0:19:58.895

Henrik de Jong
OK and.
0:19:58.255 --> 0:20:0.335

The other finance team for his needs.
0:20:8.735 --> 0:20:8.895

OK.
0:20:8.985 --> 0:20:9.945

Henrik de Jong
Username and password.
0:20:10.755 --> 0:20:11.755
Single sign on.
0:20:12.595 --> 0:20:14.315

Henrik de Jong
I was thinking sign alright, OK OK.
0:20:12.955 --> 0:20:15.395

Using a client? Yeah, yeah. Using a client? Yep.
0:20:15.355 --> 0:20:17.475

Henrik de Jong
OK, OK, OK. OK.
0:20:17.195 --> 0:20:19.675

I mean, I think I think.
0:20:19.795 --> 0:20:24.435

To understand the requirement for privileged users using it, using it.
0:20:24.515 --> 0:20:31.315

We would need to understand what the benefit would be for wider than that using cyber because
I'm not sure what implications would be.
0:20:30.175 --> 0:20:42.895

Yeah, there's like there there, there's like, it's just in case you want like, all the stuff on Sky Vault, it's
like it's something that you could do rather than you have to do like personal preference kind of
thing.
0:20:43.745 --> 0:20:44.65

Yeah.
0:20:44.145 --> 0:20:54.665

So yeah, that privilege accounts I think definitely need to be on it. But there's no no reason why you
couldn't add a normal account and you access it for Sky Vault.
0:21:9.115 --> 0:21:9.715

Yeah.
0:21:15.745 --> 0:21:17.105

Yes, I think that's.
0:20:57.365 --> 0:21:18.965
Also, say you know Michael, we should you, we should be able to do more than just attestation on on
my ID because if it becomes just another things that people needs to do, you know people with a
look. So we should have if we can manage all the process within my ID people will be happy to do
that you know that.
0:21:19.255 --> 0:21:24.775

Yeah, I think so. I think that's the end goal. Just the starting line is still gets app.
0:21:30.875 --> 0:21:31.35

Henrik de Jong
Good.
0:21:31.455 --> 0:21:32.295

Henrik de Jong
Yeah, yeah.
0:21:43.585 --> 0:21:43.865

Henrik de Jong
Yeah.
0:21:25.855 --> 0:21:45.575

Able to be attested and for Skyvault site get SAP as a platform once both of them are completed then
we can get something that creates the accounts, add them to skyvall gets that, tested everything and
then after further downline we can even have them as birth rates. When Craig's finished his stuff or
birthright stuff.
0:22:9.285 --> 0:22:9.765

Yeah.
0:21:47.135 --> 0:22:11.55

Henrik de Jong
Right, yeah, totally agree. But just not a question. How is the because in in the in the recent past I did
an onboarding of an A sub central user administration. How is this configured within Sky? Is it that
we have to connect to each individual client or is it also an CUA?
0:22:10.945 --> 0:22:16.425

We we we don't we we don't use cuam. So there's only one ECC production system.
0:22:17.365 --> 0:22:17.565

Henrik de Jong
Mm hmm.
0:22:17.785 --> 0:22:22.145

But Fabio would probably also want it to control.
0:22:24.545 --> 0:22:27.465
As well as ECC, also business objects as well.
0:22:28.395 --> 0:22:31.875

Mm hmm, BOS, maybe I don't know if BI as well.
0:22:33.645 --> 0:22:35.725

You know sub BI or?
0:22:39.385 --> 0:22:39.465

Henrik de Jong
So.
0:22:38.225 --> 0:22:40.785

Concur. Possibly. I don't know.
0:22:41.305 --> 0:22:41.545

Henrik de Jong
So.
0:22:38.845 --> 0:22:44.45

And and what about them as well? Abby, what was that? Yeah.
0:22:42.605 --> 0:23:10.685

Yeah, we concur. Yeah. Yeah. So some pizza is a brother name for multiple, you know, system. So it's
not just one SERP. So there there's so we it depends I think I think Donald but that was that was just
AECC though the the findings they were only on sub PCC but we can broader the scope if it's possible
to get more systems in from the sub suite.
0:23:12.295 --> 0:23:12.415

Yep.
0:23:11.725 --> 0:23:17.405

Henrik de Jong
And and and. Does that mean that users will have separate accounts in each of these subsystems?
0:23:18.595 --> 0:23:18.995

And.
0:23:18.855 --> 0:23:19.935

No, I don't think so.
0:23:20.735 --> 0:23:21.255
Don't.
0:23:20.685 --> 0:23:31.285

For for business object. So if you've got an ECC account and then that's what, that's what determines
your privileges and business objects. However, you need to have an external.
0:23:32.965 --> 0:23:43.205

ID on Hannah to allow you to query the the database. So it's like a little kind of intricacy in terms of
setting up the the ECC users to allow Bob Jay access.
0:23:44.765 --> 0:23:51.125

Them the so the vendor invoice management which is like a portal that is a completely separate user.
0:23:52.515 --> 0:24:8.75

So your ECC users Bob G users are probably in the region of. I don't know, maybe about 6 or 700
users and I think your VM users are probably about maybe 1500 from users to be managed.
0:24:11.585 --> 0:24:18.345

Henrik de Jong
Yeah. So if you have an account, if if you have a sub user account in one system, you don't necessarily
have one in another.
0:24:19.335 --> 0:24:20.175

Exactly. Yep.
0:24:21.775 --> 0:24:23.855

Henrik de Jong
OK. So yeah, so.
0:24:26.715 --> 0:24:44.235

Henrik de Jong
Alright, so yeah, so each of these sub application or client sub applications we call them are treated
separately in terms of if you need an account in one system just imagine we are in the end in at the
end of the line with everything is in place.
0:24:45.555 --> 0:24:52.275

Henrik de Jong
You would then require to request an account for one system and for another system.
0:24:53.835 --> 0:24:58.395

Henrik de Jong
And not like with the central user administration. Then you just request one account and.
0:24:58.895 --> 0:25:4.855

Henrik de Jong
You assigned his account to whichever client you want to have access to, but right now it.
0:25:3.945 --> 0:25:9.985
Yeah. So we have to do on each one. Yeah. Yeah. So we don't use C way. So yeah, it would be, yeah.
0:25:8.215 --> 0:25:12.295

Henrik de Jong
Yeah. OK. Yeah. OK. OK. OK, great. Yeah.
0:25:16.595 --> 0:25:19.795

Henrik de Jong
Yeah, but then it's all about.
0:25:21.195 --> 0:25:34.115

Henrik de Jong
Making a start when and that can be done by, you know, just gathering the needed connection
details for the subsystem that needs to be on board at first.
0:25:35.835 --> 0:25:38.755

Henrik de Jong
And yeah, probably do some sort of tests.
0:25:40.575 --> 0:25:47.975

Henrik de Jong
But it's it's some production system, it's only production system, so no death or death or something
like that.
0:25:47.15 --> 0:25:49.815

Yeah, there is. There is tests as well.
0:25:53.25 --> 0:26:0.185

The way I see it, so sorry I came into this call. I almost think it was more Cyber Ark and my idea
should really read.
0:26:1.985 --> 0:26:13.225

The meeting invite, but they're very similar. You know the kind of requirements are very similar. Do
you know that we need to manage you know identity and access?
0:26:14.325 --> 0:26:14.685

Henrik de Jong
Yeah.
0:26:14.865 --> 0:26:26.25

And we we have, we've pushed back because it is a finance system because we are very busy come
up to your end that we've only got a couple of weeks before we go into change freeze.
0:26:26.745 --> 0:26:43.985

I don't think this is something that we can kick off this year. I think it's something that we should roll
into that project that I suggested, Fabio, that you know that we can hopefully get APM and we can
leave both kind of streams.
0:26:45.425 --> 0:26:48.305

One for my ID and one for Cyber Ark.
0:26:49.945 --> 0:26:57.105

You know and and just just get them up and running and and, you know, save the scenarios, the
different systems, different scenarios for for each system.
0:26:58.195 --> 0:27:5.635

And you know, start start testing the feasibility. Does it work? Does it not? How will work in practise,
blah blah blah.
0:27:7.55 --> 0:27:7.535

Yeah.
0:27:9.835 --> 0:27:20.115

Yeah, I've, I've, I've, I've. I don't know how much I first will require this project, but it seems not an
easy one. Hopefully if I.
0:27:21.95 --> 0:27:30.215

Has this been raised? You know, Donald, the the project is that you were the other day is nothing to
do with this. Am I right? The the PRP that you raised the other day?
0:27:31.175 --> 0:27:33.255

Yeah, it's completely different. Yeah, yeah.
0:27:31.745 --> 0:27:39.265

Into. Yeah. Yeah. OK. So so there's no resource allocated from your team on this anyway just now.
0:27:39.115 --> 0:27:42.795

shah, kamal (Project Manager/Business Analyst)
So that that's correct. So there are two pieces of.
0:27:42.835 --> 0:27:57.635

Compliance requirement. Here. The first one is to do with the privilege access management
deficiency address, which is sort of an immediate ask. Ronald and Fabio and 2nd is a a long term
solution. What we need to migrate.
0:27:59.115 --> 0:28:17.275

30 applications to begin with, which are specifically used for a finance purposes in our environment.
OK, one of the top application is SAP into that one. OK and what we need sort of when of of course
SAP is a beast. We all know that it's it's not.
0:28:18.995 --> 0:28:20.915

A small application or with a user base of.
0:28:22.185 --> 0:28:54.305

A huge user base of thousands of users across multiple roles. So I think what we could do, Donald, I
think I will try to summarise the notes for this call and potentially we can get in touch with Edis to
understand the timeline and allocation of one of your resource from your team and then get access
to the nonproduction environment of SAP to start connecting using a connector to my ID and see
how it works and flush out all the technical details what we needed with the help of Michael and
Hendrik.
0:28:56.85 --> 0:29:2.565

Henrik de Jong
Yeah, that would be. That would require just a minimum effort on on your side, I think.
0:29:4.655 --> 0:29:5.695

Henrik de Jong
If that's OK.
0:29:4.185 --> 0:29:25.145

I don't want to. I don't want to speak for Donald, but for myself. I'm very packed at the moment with,
you know, different projects. So probably I will need, you know, either very minimum impact or a
resource possibly, but I don't know, don't know how you are on the resource.
0:29:25.825 --> 0:29:38.185

I'm I'm the same. I'll I'll be saying it'll be next year. The the kickoff or something like this. I mean, we,
we do have some budget earmarked to address things as such as this.
0:29:38.225 --> 0:29:50.265

And the intention would be that we will get APM and resource and perhaps get a contract resource
to assist with the progression of this.
0:29:51.155 --> 0:29:51.515

Yeah.
0:29:52.515 --> 0:29:52.875

Henrik de Jong
Yeah.
0:29:51.535 --> 0:29:55.55

So it's not, it's not an immediate thing that we can jump on straight away, I'm afraid, guys.
0:29:56.495 --> 0:30:12.375
Henrik de Jong
Alright, so I'll leave that to Kamal, but at least what? What I can do with you, Kamal and also Miguel
is to to you know Rep some sort of plan and and also about what what is required on our side to to
move forward.
0:30:12.735 --> 0:30:13.375

Shut, yeah.
0:30:14.495 --> 0:30:30.455

Henrik de Jong
You know, at least we we have some sort of information then and maybe there can be some e-mail
exchange as well depending on on your availability. But at least I think what we can do and I'm
speaking up for myself is to have the sort of plan and a list of what what do we need.
0:30:31.675 --> 0:30:36.395

Henrik de Jong
From from the other team to to to get started and then, you know, take it from there.
0:30:41.755 --> 0:30:42.35

Henrik de Jong
OK.
0:30:44.35 --> 0:30:44.315

Henrik de Jong
Yeah.
0:30:45.955 --> 0:30:47.275

Henrik de Jong
Yeah. Perfect.
0:30:38.425 --> 0:30:49.945

Yep, that sounds good to me. Thanks, Henrik. Let me summarise what I understand from this call and
then probably share notes with all of you guys and we can just reconvene once we have more detail
on that one. OK.
0:30:50.885 --> 0:30:51.645

Henrik de Jong
Yeah. OK.
0:30:52.735 --> 0:30:53.855

Well, thank you.
0:30:51.635 --> 0:30:55.355

Cheers guys. Thank you for staying. Staying on the call and have a good evening. OK.
0:30:54.875 --> 0:30:56.915

Henrik de Jong
Thank you. Good evening.
0:30:55.775 --> 0:30:57.415
Perfect. Thanks. Bye, bye.
0:30:57.475 --> 0:30:58.315

Bye bye bye.
0:30:58.235 --> 0:30:58.675

Henrik de Jong
Take care. Bye.
0:30:56.365 --> 0:30:58.925

Thank you. Cheers. Bye bye.

SAP Migration To MyID - 2023-11-30

Uploaded by

Copyright:

Available Formats

You might also like

SAP Migration To MyID - 2023-11-30

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SAP Migration To MyID - 2023-11-30

Uploaded by

Copyright:

Available Formats

Sessa, Fabio (Grp SD Operations Manager)

Sessa, Fabio (Grp SD Operations Manager)

Delaney, Michael (Tech Specialist - IAM)

Sessa, Fabio (Grp SD Operations Manager)

Cumming, Donald (Operations Manager)

Cumming, Donald (Operations Manager)

And so much as they can change the configuration of the application.

Cumming, Donald (Operations Manager)

0:4:14.610 --> 0:4:14.810

0:4:17.70 --> 0:4:31.750

0:4:33.390 --> 0:4:43.750

Automate the assignment of roles to users via Spark

0:6:31.30 --> 0:6:34.190

0:6:37.630 --> 0:6:38.190

0:6:35.370 --> 0:6:39.130

0:6:37.60 --> 0:6:40.500

0:6:42.890 --> 0:6:43.330

0:6:50.970 --> 0:6:51.290

0:6:51.730 --> 0:6:57.370

0:6:58.650 --> 0:6:59.930

0:7:1.650 --> 0:7:2.50

0:7:3.810 --> 0:7:4.530

0:7:6.210 --> 0:7:12.930

0:7:14.210 --> 0:7:14.930

0:7:16.450 --> 0:7:37.370

0:7:38.320 --> 0:7:40.880

0:7:42.610 --> 0:7:45.250

0:7:46.690 --> 0:7:57.130

0:7:58.770 --> 0:8:8.490

0:8:10.490 --> 0:8:13.210

0:8:13.730 --> 0:8:18.290

0:8:19.690 --> 0:8:26.90

0:8:31.550 --> 0:8:32.670

0:8:34.190 --> 0:8:57.710

0:8:59.350 --> 0:9:5.30

0:9:16.200 --> 0:9:16.240

0:9:6.660 --> 0:9:18.860

0:9:20.360 --> 0:9:21.680

0:9:20.290 --> 0:9:32.570

0:9:31.460 --> 0:9:32.620

0:9:39.290 --> 0:9:53.650

0:9:54.900 --> 0:9:55.100

0:9:55.0 --> 0:10:3.120

0:10:4.530 --> 0:10:9.530

0:10:10.530 --> 0:10:10.690

0:10:11.100 --> 0:10:13.540

0:10:10.400 --> 0:10:13.840

0:10:15.800 --> 0:10:17.120

0:10:15.440 --> 0:10:21.720

0:10:21.810 --> 0:10:23.330

0:10:20.520 --> 0:10:23.880

0:10:24.990 --> 0:10:41.270

0:10:40.650 --> 0:10:45.970

0:10:44.550 --> 0:11:4.950

0:11:8.250 --> 0:11:9.210

0:11:5.940 --> 0:11:10.300

0:11:10.930 --> 0:11:23.730