Simplifying Identity Management in your SAP ABAP Landscape: Discover the Power of Xiting Central Workflows
Xiting Central Workflows (short: XCW) is a simple yet modern software solution based on standard SAP workflows, which automates user provisioning and manages the entire user lifecycle in your SAP ABAP systems. This blog will introduce you to XCW and will describe what this software solution can do for your company’s identity management.
Issues Companies Face Without a User Provisioning Tool
Many companies still handle user creation and role designation manually. End users send out manual user and authorization requests via e-mail or telephone, which are then processed or executed by admins. The requests which admins usually get sound like this: “I need the same roles as Mrs. Doe.” or “The user must have suitable authorizations to work in accounting.” In most cases, there are no specific approval procedures or roles in place. Nevertheless, the lack of such approval procedures or request records makes the auditing of user provisioning nearly impossible.
Moreover, once the end users’ accounts are locked or they forget their password, they must either submit a service request to the helpdesk or have the administrator unlock their accounts manually and reset the password. This proves the need of companies for self-service solutions to help unburden the customer support or the admins from repetitive tasks and enable these to redirect valuable time into other projects.
Over the years, companies have become more and more aware of the issues mentioned above, so we, as Xiting, decided to develop XCW.
About this solution: XCW
XCW is a standalone product in the SAP ABAP Landscape. Implementing XCW requires no additional hardware. Customers decide to implement XCW for various reasons: Some would like to automate their processes, while others would like to develop a structure for their support team or relieve end users. Customers can also use XCW in a transitional phase before the implementation of SAP IDM.
One notable advantage of XCW is its quick configuration and implementation time, which typically takes only one to three days. In contrast, IDM projects may require months, if not years, to complete. This efficiency makes XCW an attractive choice for organizations seeking rapid deployment and immediate benefits in workflow optimization and access management.
Moreover, XCW can be licensed together with the Xiting Authorizations Management Suite (XAMS) in the Extended Version and is planned to become a module of the XAMS in the future. This integration allows for seamless collaboration between XCW and XAMS, providing customers with a comprehensive solution for their workflow and access management needs.
User and Role Owner
Defining role owners and user owners is essential for the segregation of duties and the two-person rule. User owners approve or deny user creation and change requests, while role owners oversee role assignment and revocation applications.
Functions and Services
XCW offers the following use cases:
- User creation and user change: create new or modify existing users – The user owner is the approver.
- Role assignment and revocation: assign roles to users or revoke roles from these – The role owner is the approver.
- User creation and role assignment – The user and role owner must approve.
- Self-Service workflows: Unlocking Users
- Self-Service workflows: Password Reset
- Identifying critical roles and SoDs with the help of CRAF (Critical Authorization Framework) – A part of our Xiting product: The Xiting Authorizations Management Suite (XAMS)
- SOAP gateway for other systems
XCW: An Experience Worth Having
This is an example of the new XCW Interface requesting User creation and role assignment.
With the new Service Pack 4 release with Fiori, XCW introduces a redesigned interface that embraces a block-themed overview. This redesign enhances the user experience by providing a more organized and visually appealing interface.
Navigating through different sections and tabs becomes intuitive, allowing users to find the information they need quickly.
At the top of the interface we can select a user owner.
The user owner can be a manager, department head, team leader, or any individual responsible for managing users within the system.
With the ability to extend fields and utilize value helpers, represented by the “clipboard symbol”, data entry becomes more efficient and intuitive. Moreover, XCW seamlessly integrates information from SAP systems, while also offering the flexibility to manage dynamic fields such as Function and Department directly within the XCW platform. This combination of functionality and adaptability empowers users to create and maintain user profiles with ease.
The configuration of user fields goes beyond what is displayed in the screenshot, encompassing a comprehensive setup of user information that extends to all the available Fields in the SU01.
Efficiently Managing Subsystem Assignments and Roles with our Fiori Wizards.
Our newly implemented wizards simplifies the process of assigning subsystems and Roles to users, guiding them through each step seamlessly.
By selecting the user, specifying the relevant subsystem, and conveniently reviewing the assignments in the overview, the process becomes streamlined, ensuring efficiency and minimizing errors.
The Role Assignment Wizard in the new XCW release improves the process of assigning roles to users.
With this wizard, users can easily select the user, assign appropriate roles, define validity periods, and obtain a clear overview of the assignments.
This streamlined approach ensures that users have the necessary permissions and access to perform their tasks effectively.
Role selection plays a crucial role in defining user access and permissions within a system. It ensures that users have the appropriate level of authority and functionality.
Users can conveniently select roles using the following searchable options:
A well-defined role naming convention, descriptive role titles, transaction codes associated with each role, and a reference user model for setting up role permissions and settings.
The newly improved interface provides users with a comprehensive overview of the inputted data. This visual representation allows users to review and validate the accuracy and completeness of the information before finalizing user management operations. With this enhanced overview, the risk of errors is significantly reduced.
This feature facilitates collaboration and documentation by allowing users to add relevant attachments and leave comments pertaining to specific user management operations. This enhances communication, provides valuable context, and streamlines the overall user management process.
After submitting the request, users receive a notification containing a unique work item ID, allowing them to easily search and track the progress of their request within the system.
As mentioned above, XCW can be installed, configured, and ready to use in under a week. You can implement XCW whether you have a CUA or not. Once you have implemented XCW, all users have no choice but to follow the rules defined in the configuration for user creation and role assignment. Approvers (role and user owners), their absence substitutions, additional approvers, risk managers, and admins are all pre-defined. The configuration introduces structure and order into your user and role management processes. In addition, services such as password self-service workflows take pressure off your help desk and admins.
In this section, we will describe the benefits and advantages of XCW.
- SAP GUI and Fiori User Interface: XCW is available via SAP GUI and the more modern and user-friendly Fiori user interface.
- XAMS CRAF Integration: by using our solution XAMS (Xiting Authorizations Management Suite), you can integrate CRAF (Critical Authorizations Framework) in XCW to automatically identify SoDs and critical roles.
- Multi-Stage Escalation Procedure: you can define additional or substitute approvers.
- Password Self-Service: XCW offers a password self-service function. Users can reset their passwords by using this service.
- Various Implementation Options: you can implement XCW with or without a CUA.
- SAP Standard: we have developed XCW based on SAP standard workflows and RFC connections.
- Dashboards: you can easily view user and role request statuses via dashboards.
- Role Owner Concept: you can define role owners fitting your needs and company’s structure.
- Standardized Workflows: The user and role requests in XCW can all be carried out automatically as standardized SAP Workflows.
- Segregation of Duty: Defining role owners and user owners helps with duty delegation and documentation.
XCW is a tool that can help you as a company and your team members with a variety of tasks. XCW offers you excellent service management with workflow automation; it helps you improve the user experience and enables your customer support to handle more requests.
This blog post was created in collaboration by Negah Bremer and Hazhan Salih.
With the HR extraction, department heads are automatically set as approvers and have to process user and role requests sent via HR extraction.
No, with the new Service Pack 4 it is possible to automatically approve changes of users that are coming from the HCM, as long as the initial approval was made. The reason for that is to let the HCM be the leading system for the identity information.
The HR extraction can be planned as a regular job. The job frequency depends on your company’s size and on whether your systems include various locations with differing time zones. This automation helps you with different tasks regarding the employee lifecycle.
With the new release of XCW ticket systems can create users, request roles and receive workflow status.
By defining user and role owners, admins and the help desk no longer have to process user and role requests. With XCW, you can also use the HR extraction and therefore eliminate the process of user and role requests. The XCW password reset self-service portal helps unburden the help desk and admins. Furthermore, auditing can be done in a couple of minutes with a few clicks.
A SOAP gateway for a ticket system provides an effective way to integrate and communicate with the system. SOAP (Simple Object Access Protocol) is a protocol that allows structured data to be exchanged between different applications.
XAMS or Xiting Authorization Management Suites is a Xiting product. “With the XAMS, Xiting has developed a software that uses its innovative tools to support companies in their security projects by automating costly and time-consuming tasks, improving compliance and reducing the risk of errors.”