From Nostalgia to Excitement: The Impending End of SAP IDM

From Nostalgia to Excitement

In our article “From Nostalgia to Excitement: The Impending End of SAP IDM,” we delve into the current developments in SAP Identity Management, spotlighting the imminent end of the SAP IDM era. Discover how Xiting tackles these challenges head-on, from the collaboration between SAP and Microsoft Entra ID to tailored security solutions addressing connectivity and authentication concerns.

In collaboration with our partners, we offer personalized consulting tailored precisely to the specific needs of our customers. Explore our elaborated migration strategies, designed to navigate the end of maintenance and facilitate the transition to on-premise solutions. Learn how we support various industries in mastering the transition through automation. Dive into our article for a comprehensive insight into the SAP security landscape.

The Looming Curtain Call for SAP IDM

At Xiting, our journey with SAP IDM has been like a long, deep relationship, almost akin to an old marriage. We’ve navigated through a myriad of projects with various clients, gathering profound experiences along the way, and we’re proud of the lasting loyalty we’ve built. Our client roster reads like a Who’s Who of the DACH region: from the roaring engines of the automotive industry to the colorful aisles of retail, and the sparkling circuits of electrical engineering. Not to forget the brilliant minds in education and research, and the pharmaceutical sector – all have placed their trust in SAP IDM.

These companies are as diverse as a well-stocked candy shelf: each with its own complex processes, technical demands, and unique flavors. It’s not as simple as snapping your fingers and declaring, “Here’s the one-size-fits-all solution for you all!”

The announcement from SAP to phase out support for SAP IDM by the end of 2027/2030 rings like a bell signaling the end of an era. Over 1,500 customers worldwide are already gearing up to develop migration strategies for alternative platforms. This news has created quite the buzz among IDM manufacturers, ramping up their marketing machines – and rightly so. It’s like a relay race: the end of SAP IDM is the starting shot for an exhilarating race to win over customers. Let the games begin!

Migration, Here We Come!

Let’s be honest: since the debut of SAP NetWeaver Identity Management 7.0 on July 15, 2007, the world has moved on a bit. The IDM marketplace is now sparkling with many new, shiny stars. Yet, SAP IDM is like the MacGyver of IDM solutions – not everyone’s cup of tea, but hey, some love Linux, others swear by Windows. In the end, a system is truly secure and efficient only if you know it like the back of your hand.

So, we’re heading for new shores, maybe towards Entra ID… Or maybe not entirely, as Azure Active Directory (ah, the good old days) is almost crowded already. But to call Entra ID the true successor of SAP IDM? More on that in the next chapter.

The real burning question is: What’s the cost of the new IDM solution? Where and how will it be operated? Have my requirements changed, and does the feature set match? Whether it’s One Identity, Omada, SailPoint, or whoever else – the big players in the market often offer a fairly similar feature menu, and connectors for SAP systems are kind of a standard side dish. So, what really matters? Support, operating possibilities as SaaS, in the cloud or on-prem, and, of course, the pesky question of licensing costs.

In any case, migrating from SAP IDM after all these years is a real opportunity to thoroughly renovate the IT kitchen: redefining technical requirements and processes without being hindered by old baggage. It’s like a major spring cleaning in IT – a process that takes time but also offers a fantastic chance to bring fresh wind into the sails.

SAP and Microsoft Entra ID: The Next Step in SAP Identity Management?

In early 2024, SAP announced an active collaboration with Microsoft, aiming to develop guidelines to help customers transition their identity management scenarios from SAP IDM to Microsoft Entra ID. However, details on this initiative remain sparse. This announcement positions Microsoft Entra ID as the strategic successor to SAP IDM. In a synergistic cooperation, SAP and Microsoft are working to provide companies with practical assistance and guidelines during this transition. Yet, despite the promise of this initiative, many questions still linger.

Microsoft Entra ID, known for its cloud-based management of identities and access, has already established a firm place in many companies. SAP’s decision to go down this path seems logical, but important questions remain. For instance, how will SAP IDM be replaced, especially in terms of specific business roles, workflows, and integration into SAP systems through its connectors? It’s noteworthy that the features characteristic of Azure/Entra ID have not yet covered the same breadth as SAP IDM. Previously, Entra ID was not considered a complete IDM, but offered basic provisioning frameworks with support for new cloud APIs, yet without comprehensive coverage, especially in relation to SAP’s on-prem world.

As SAP emphasizes its Identity Access Governance (IAG) and SAP GRC Access Control, it’s important to recognize that these applications also do not offer a complete replacement for SAP IDM. For the new cloud world, SAP has long positioned itself with the Cloud Identity Services, whose integration into Entra ID (now also Entra ID Governance) can bridge into the BTP/SaaS world. However, this does not aid SAP IDM companies that rely on ABAP, S/4HANA, and Java systems, surrounded by all the wonderful extensions that have been lovingly scripted and developed.

So, it’s a time of waiting and hoping, but also of active looking forward. We at Xiting, of course, keep a close eye on Entra ID(M) and eagerly await experiences from the network and updates from the efforts of the DSAG working group. It’s an exciting time for identity management.

Our Commitment to Long-Term Success and Security

Here at Xiting, we want to start by emphasizing that we will continue to actively support our loyal SAP IDM customers – and that for at least the next 6 years until the end of the extended maintenance phase.

Our consultants, who possess in-depth knowledge of SAP landscapes and their specific requirements, are ready to assist in reassessing and optimizing systems, processes, and workflows. Our services include technical support for SAP IDM during the migration phase to ensure a smooth transition and assist our customers in their transformation. More on this in the final section.

Over time, Xiting has established itself as a reliable partner for SAP security topics, with a now wide range of software solutions and services. These are divided into four main pillars represented by our Consulting Units: Authorization Management (AUT), Cybersecurity & Security Monitoring (CSM), Governance, Risk & Compliance (GRC), and Identity & Access Management (IAM). Each pillar forms an integral part of our holistic approach to offer our customers the best support and expertise.

Our focus is on standing by our customers in these turbulent times of digital transformation, not just supporting them, but actively leading them into the future – with security, reliability, and innovative strength.

Pioneering Rather Than Following

At Xiting, we’re more than just a creative player in the big SAP security circus. Instead of challenging the big players in a classic David-vs-Goliath scenario with clever tricks, we see ourselves more as a dynamic food truck – or perhaps even a nimble speedboat – complementing the offerings of the big chains where specialized know-how and flexibility are needed. We’re not here to steal the wind from the industry’s oil tankers but to enrich the menu, both for our clients and for SAP, Microsoft, and other major players.

Our focus is on what we do best: creating exceptional taste experiences in the SAP security world. To this end, we rely on our proven recipes, like the innovative Xiting Authorizations Management Suite (XAMS) in the backend, which offers significant advantages. We’re bringing the topic of calculating business roles back to the table, an area where we stand out as an independent SAP Security provider. Our delicacies like XAMS, Xiting Central Workflows (XCW), and our SIEM Connector seamlessly integrate into our Xiting Security Platform (XSP), our SaaS flagship.

We’ve also realized that sometimes less is more – especially in smaller companies that mainly focus on SAP systems. For them, a standard SAP IDM would be like an oversized professional oven in a studio apartment. Here we rely on solutions that are ready for use in no time and provide exactly what is needed to satisfy the hunger for efficiency and security.

Our Innovative Roadmap for SAP Security

To clarify our future vision in SAP security, we’d like to highlight that although there’s currently no dedicated solution available as a direct successor to SAP IDM from Xiting, we’re still on an exciting development journey with the Xiting Security Platform (XSP), our leading product in the GRC area. This roadmap focuses on the integration of IAM connectors and the gradual integration of lean IDM functionalities.

Stage 1: Risk Analysis and Identity Consolidation

In the first step, we aim to enable risk analysis for IDM manufacturers through a connector, to analyze risks for cloud solutions and close security gaps in hybrid landscapes. The Identity Consolidation in our Xiting Security Platform (XSP) allows the amalgamation of users from different applications into a global identity, enabling comprehensive risk analysis and cross-application provisioning of business roles. The Cross-System SOD uses these consolidated identities to effectively identify function separation conflicts, and with our XAMS in the backend, we optimally utilize our SAP proximity.

Stage 2: Connectors and Community Platform Approach

We’re also working on further developing our app connectors for SAP Access Control (GRC), playing an important role in the integration of the hybrid landscape. This connector provides an effective and simple solution for risk minimization and user management for companies already using SAP Access Control. Particularly, the combination with our Xiting Security Platform (XSP) allows both provisioning for SAP’s cloud applications and non-SAP applications that can be addressed via the SCIM standard, as well as risk analysis for selected SAP cloud applications. We look forward to 2026, when a new version of SAP GRC Access Control based on S/4HANA will be released. Our XSP/AC connector will be designed to be compatible with this version as well.

The next step in our development strategy focuses on the IAM connectors to enable extended risk analyses for IDM providers. Through custom-designed user interfaces, we optimize the maintenance of GRC rule sets and redefine modern risk management.

Our vision for the future includes transforming our Xiting Content Platform (XCP) from a pure rule set library into an open, versatile platform. This platform will not only offer rule sets but also SIEM patterns, security concepts, and templates for business roles. With a community platform approach, we will not only provide these resources but also continuously develop them.

Through open integration via APIs, we increase our flexibility and dynamism to enhance the offerings of the big chains where specialized know-how is lacking. Our agile “food truck or speedboat mentality” represents our adaptability and speed, qualities we believe are now particularly in demand in the market.

Stage 3: Progress through Integration and Adaptability

In the third phase of our roadmap, we focus on further integration. Our goal is to ensure harmonious and seamless functionality in hybrid system landscapes, paying special attention to compatibility with solutions like Entra ID and other leading IDM solutions.

A key component is the integration of additional selected features into the XSP. By taking this step, we enable our customers to efficiently implement central workflows and provisioning functions in hybrid SAP environments with the usual speed. This strategic integration reflects our commitment to continuously work on the development and improvement of our tools. With this roadmap, we welcome IDM manufacturers and look forward to shaping the future of SAP security together. It’s going to be an exciting journey, and we can’t wait to see what lies ahead!

Partnership as a Paving Stone for Future Success

Our guiding principle, “Everyone is an expert in their field,” motivates us to provide you with tailor-made and independent consulting, precisely tailored to your needs. Instead of seeing ourselves as competitors to established IDM providers, we view ourselves as a valuable addition to the diverse ecosystem of SAP security.

We’re committed to offering you a detailed analysis of your current SAP IDM solution. In close cooperation with our partners, we provide deep insights and are always ready for dialogues and initial coordination talks. Collaborating with experienced partners allows us to ensure objective, manufacturer-independent consulting and involve experts with specialized experience in the migration of IDM systems. We invite you to explore the future with us and our partners. Together, we work on an analysis and migration service that delivers effective and targeted results.

We’ll keep you updated on all developments and look forward to a lively exchange about your current preferences regarding tool selection, as well as your perspectives and any initial experiences.

With a smile into the future: We celebrate the old, welcome the new, and look forward to many exciting adventures in the vast world of SAP security. The excitement continues. Stay tuned!
Carsten Olt

Get in touch with us!

Do you have questions about our products?

+41 43 422 8803
[email protected]
+49 7656 8999 002
[email protected]
+1 855 594 84 64
[email protected]
+44 1454 838 785
[email protected]

Attend our live webinars and learn more from our experts about SAP authorizations, XAMS, SAP IDM and many other topics in the context of SAP security.

Register now