Global Foods Manufacturer

S3 recently partnered with a Fortune 500 global foods manufacturer comprised of multiple brands, with operations in the US and abroad. This company engaged S3 to help them mature their identity security program through implementation of the SailPoint IIQ solution set.

Prior to engaging S3, their client managed all user provisioning manually. Access Certification campaigns took weeks to prepare and facilitate, and were out of date the moment the reports were prepared. The organization struggled with remediating audit findings in addition to known process deficiencies, including known instances of terminated users retaining system access.

Their client lacked a centralized identity store to view and manage all users’ access. This contributed to the inefficiency in the manual deprovisioning process upon user termination.

Over the course of their engagement, S3 was successful in expanding the integration footprint of their client’s IIQ system, streamlining their access provisioning and automating access deprovisioning upon termination. SailPoint implemented by S3, provided the client with a single pane of glass through which to view users and access assigned, in addition to a user-friendly portal to automate access certification campaigns.

SAP GRC INTEGRATION

The engineers at S3 are not only expert SailPoint practitioners; they bring a wealth of SAP technical knowledge to the table. This uniquely enables S3 to integrate SailPoint solutions with SAP ERP, Manufacturing and GRC platforms.

Their client had a long history of use of SAP platforms. S3 was able to leverage the roles generated in SAP GRC to generate organizational roles in SailPoint, provision automatically, notify IAM administrators when a user’s access profile resulted in SOD conflicts.

The integration with the SAP GRC and ERP platforms enabled the Client to include SAP access in their quarterly access certification campaigns, enhancing the utility of their access review process and improving their overall security posture.

“With S3’s expertise in implementing SailPoint’s IIQ, we’ve been able to finally centralize and automate our identity processes across the enterprise. User access is properly governed, segregation of duties violations are prevented, and we have full visibility for audits. Most importantly, it has bolstered our security posture while making our people more productive and efficient.” Client IAM Director

IMPLEMENTATION HIGHLIGHTS:

• Configured IIQ to aggregate users, roles, and policy entitlements from SAP platforms
• Built roles and approval workflows aligned to their client’s governance model
• Automated account creation, changes, and terminations
• Enabled periodic access reviews and certifications across the identity lifecycle

MEASURABLE TRANSFORMATION

The SAP-SailPoint integration brought measurable benefits to the client and has enabled the organization to transform its identity governance through an integrated platform. With IIQ integrated with SAP and with other applications, the client achieved oversight and control over user entitlements across the identity lifecycle. Automating user provisioning reduced time to provision by an estimated 37%. Through automated SOD monitoring and notifications, the client reduced toxic combinations of access that violated their policy and strengthened their security position.