Solutions Overview

Access Risk Manager (Identify Risk)

Analyse SAP systems and identify access risks that could potentially lead to fraud or security breaches. User-friendly dashboards display easy-to-consume information, making SAP access risk identification and remediation effortless. 

Find out more about Soterion’s Access Risk Manager

Organisational Level Controls

Many organisations focus their security efforts on ensuring that SAP users are restricted from performing certain functions, transaction codes or Fiori applications. Less emphasis is placed on ensuring SAP users can only perform those functions for the correct Organisational Level such as Company Code, Plant, Purchase Organisation or Sales Organisation. Soterion allows organisations to analyse each function that SAP users can perform in the SAP system, and for which Organisation Level.

Find out more about Soterion’s Access Risk Manager

SuccessFactors

With the move from SAP HCM to SuccessFactors Employee Central and Employee Central Payroll, organisations need the ability to analyse access from these solutions and highlight any access risk violations. Soterion provides an “out-the-box” rule set for SuccessFactors which allows companies to gain visibility on the access risks. Furthermore, ‘What-if’ simulations enable the organisation to proactively manage its access risk by allowing business users to review and approve change requests prior to these changes being applied in SuccessFactors.

Find out more about Soterion’s Access Risk Manager

Access Risk Manager (Get Clean)

Ensure SAP users have appropriate access using Soterion’s powerful risk remediation and role clean-up functionality and significantly reduce the effort required by business users to carry out user access reviews. 

Find out more about Soterion’s Access Risk Manager

Access Risk Manager (Stay Clean)

Control the SAP access (change) request process with Soterion’s ‘What-If’ simulation functionality, allowing the organisation to determine the risk impact of any proposed role change prior to applying it in SAP. 

Find out more about Soterion’s Access Risk Manager

Access Risk Manager (Stay in Control)

Document and monitor mitigating controls. Graphically track the mitigation status of identified risks and control compliance activities by prompting controllers to perform the controls. 

Find out more about Soterion’s Access Risk Manager

Basis Review Manager

SAP Basis Configurations provide system-level controls to secure an SAP system. The Basis Review Manager compares your SAP Basis Configuration to an industry best-practice set of rules. Since these Configurations usually form part of an annual external audit, our Basis Review Manager allows you to be prepared, and will establish complete compliance to avoid adverse audit findings.

Find out more about Soterion’s Basis Review Manager

Central Identity Manager

The Central Identity Manager introduces the Business Role concept to improve efficiencies in the SAP user provisioning process. Standardisation of job functions across the organisation reduces complexity, and reduces the effort required to manage and review SAP user access.

The Central User Administration functionality further reduces the support effort and cost to manage user access across the SAP landscape, including non-productive SAP systems.

Find out more about Soterion’s Central Identity Manager

Role Modelling

Improperly defined Business Roles or SAP Composite Roles can lead to significant over-allocation of access, potentially granting users inappropriate access to applications that they should not have. This can pose a serious fraud risk to organisations and make compliance tasks such as User Access Reviews, more difficult and time-consuming. With Soterion’s Role Modelling functionality, organisations can create Business or SAP Composite Roles based on the actual usage of a group of users..

Find out more about Soterion’s Central Identity Manager

Central Identity Manager

The Central Identity Manager introduces the Business Role concept to improve efficiencies in the SAP user provisioning process. Standardisation of job functions across the organisation reduces complexity, and reduces the effort required to manage and review SAP user access. 

The Central User Administration functionality further reduces the support effort and cost to manage user access across the SAP landscape, including non-productive SAP systems.

Find out more about Soterion’s Central Identity Manager

Continuous Controls Manager

Soterion’s Continuous Controls Manager enables organisations to identify risks where an SAP user has not only performed the conflicting functions but has done so for the same document. This ability to continuously monitor materialised risk violations enables the organisation to move from manual controls to an automated and alert-based approach. By extensively scrutinising the SAP transactional data, continuous control monitoring enables organisations to monitor access risks that materialise, ensuring a more effective access risk management capability..

Find out more about Soterion’s Continuous Controls Manager

Data Privacy Manager

Manage personal data in SAP and monitor which users in SAP have access to sensitive personal information. Soterion’s Data Privacy Manager analyses all tables in SAP and highlights those that contain fields with personal or sensitive information, categorising the data by Data Domain (such as bank details, email addresses and ID numbers) and per Data Subject (business partner, vendor, customer, employee and SAP user).

Find out more about Soterion’s Data Privacy Manager

Elevated Rights Manager

The Elevated Rights Manager grants sensitive fire-fighting access in an automated workflow-driven process, and enables your management team to perform a structured review of any activities that were performed during the Elevated Rights Access period.

Find out more about Soterion’s Elevated Rights Manager

Password Self-Service

Soterion provides users with the ability to reset their SAP passwords which reduces the burden on the authorisation support team and associated costs. 

The self-service functionality reduces business down-time by empowering users to reset passwords instantly.

Find out more about Soterion’s Password Self-Service Manager

Periodic Review Manager

The Periodic Review Manager allows business users to review access in the context of risk and business processes, ensuring informed and effective decision making. 

This business-friendly process is easily managed using progress dashboards to expedite the review process. Besides this process being an audit and statutory requirement in many business environments, this module also significantly enhances insight into your GRC environment.

Find out more about Soterion’s Periodic Review Manager

SAP License Manager

With SAP’s recent changes to user licensing in S/4HANA and SAP Cloud ERP Private (formerly RISE with SAP), where user classification is now based on assigned SAP authorisations, it is no longer feasible to separate access control from licensing. To manage your SAP licenses effectively, your access control solution must also incorporate robust licensing capabilities. 

Soterion’s powerful SAP License Manager analyses actual system usage to determine the optimal number of SAP user licenses (FUEs) required by your organisation. This helps you avoid unnecessary licensing costs resulting from poorly designed roles—ensuring you only pay for what you truly need.  

Find out more about Soterion’s SAP License Manager