Does anyone have any experience leveraging access via IAM to ERP tools and the permissions can be so granular that there would be an extreme amount of options in an IAM tool?

Applications & PlatformsActive Directory
2k viewscircle icon1 Upvotecircle icon5 Comments
Sort by:
Director, Special Projects, IT/OT Security in Energy and Utilitiesa year ago

We use an IAM tool that provisions roles in a few hundred applications including the main ERP system. It detects SODs between systems or within other systems (outside of ERP).  

We only include the ERP (SAP) Security roles in the IAM tool and not the permissions. IAM feeds the request into SAP GRC to workflow. The ERP role permissions are tracked and validated for SODs between roles in the SAP GRC system.

Chief Information Security Officer in Healthcare and Biotech2 years ago

It depends on the IAM and ERP if both the tool support open API or have rest API then it can be achieved easily 

Senior Director, Information Technology in Software2 years ago

An IAM tool is an extension of the ERP tool's roles/permissions capability.   The ERP tool is where you define and assign granular permissions to specific roles and job responsibilities.   Keep in mind the amount of effort to maintain these granular permissions (and their assignments) if your organization has regular permissions change requests.

CEO2 years ago

There are newer identity governance applications that are addressing these challenges effectively - notably Clarity Security. There are likely others that can help find SOD conflicts, orphaned accounts, weak authentication challenges, etc. 

CIO in Education2 years ago

It’s crucial to establish a role-based access control (RBAC) model, assign permissions based on job responsibilities, and regularly review access to ensure appropriate privileges. Robust user provisioning and deprovisioning processes, segregation of duties, monitoring, and auditing mechanisms are essential. Educating users about data security and fostering a security-conscious culture is also important. Although challenging, effective IAM implementation in ERP systems ensures secure access while maintaining data integrity and compliance.

Content you might like

What's your most indispensable cloud infrastructure tools to use in addition to what you get from GCP, AWS, Azure?

HashiCorp (Terraform, Vault, Packer, etc.)22%

Cloud infra automation (Ansible, Puppet, Chef, etc.)56%

APM (Datadog, AppD, SignalFX, NewRelic, etc.)10%

Others?10%

View Results

How often do you asses your IAM infrastructure?

Every Month20%

Every Quarter57%

Every Year19%

Other (comment below)2%

View Results

We are dealing with a specific issue in our VDI non-persistent environment, which operates using Omnissa Horizon (formerly VMware). We are employing a hybrid join for authentication that integrates ADFS and Entra ID.   Here are the details of our problem:   1. **Environment**: VDI non-persistent using Omnissa Horizon 2. **Authentication Method**: Hybrid join with ADFS and Entra ID 3. **Issue**: Users are experiencing difficulties authenticating to Microsoft 365 apps within the virtual machine. The authentication process gets stuck in a loop when attempting to access the smartcard. I would appreciate any insights or experiences from others who have encountered similar issues or have a similar environment working successfully.

Has anyone implemented Zelle directly with EWS (Enterprise Web Services) instead of going through a reseller-hosted experience? What were the biggest architectural, compliance, and operational challenges you encountered, and how did you address them? Can you please share your views on below...

1. Integration Complexity (How did you handle real-time messaging and settlement flows with Zelle via EWS & what middleware or orchestration layers were required?)

2. Compliance & Risk: What additional regulatory or fraud controls did you need to implement without the buffer of a reseller? How did you manage OFAC screening, KYC, and transaction monitoring?

3. Customer Experience: Were there any trade-offs in terms of UI/UX or mobile app integration? How did you handle customer support and dispute resolution? 
4. Operational Overhead: What internal capabilities did you need to build or scale (e.g., 24/7 support, reconciliation, exception handling)? How did you manage updates and changes to the Zelle network?  
5. Cost-Benefit Analysis: Was the direct integration more cost-effective in the long run? How did you measure ROI compared to a hosted solution?

6. Vendor & Network Relationships: What was your experience working directly with Early Warning Services (EWS)? Were there onboarding or certification hurdles?

What do you think are the top 3 enterprise-level social media management tools that can compete with Sprinklr?