Xiting Central Workflows: New features with SP4 

During the first quarter of 2023, we released Service Pack 4 (SP4) for our product Xiting Central Workflows (XCW). Our product offers you standardized workflows based on SAP best practices for the most important application scenarios in user management of SAP-ABAP systems, built upon our experience. With SP4 you can still use the trusted workflows for authorizations management, user creation/modification, assigning and revoking authorizations, as well as their combinations. In addition, the password self-service and Fiori interfaces remain available.

We will now introduce some of the new features and optimizations in SP4.

XAMS CRAF interface in Xiting Central Workflows

With the release of SP3, it was possible to designate risk managers who would automatically be involved in the workflow when role assignments triggered segregation of duties (SoD) conflicts, either individually or in combination with other roles. SP4 includes several optimizations to this process. For instance, risk assessment can now be carried out after the role owner’s approval through customization, and it can also be done via the Fiori interface. Furthermore, mitigation at the user or risk level is possible from XCW. To use the risk managers in XCW, XAMS Critical Authorization Framework (CRAF) with XAMS SP18 is necessary. The following figures depict the approval of the risk manager in the Fiori interface.

Figure 1 shows the XCW worklist for the risk manager.

Figure 1: Worklist Risik Manager Comb-ID

The figure below shows the role assignment for the risk manager for found risks with the combination ID (combination of the defined Auth-IDs (SoDs)).

Figure 2: Role approval risk manager Comb-ID

Next figure shows the role assignment view for the risk manager for Found Risks with the Auth-ID (Individual authorization objects with risk)

Figure 3: Role approval risk manager Auth-ID

Fiori interfaces – new design for combined requests

The Fiori application for user creation and role assignment (combined request) has been redesigned and is now available in a new design. The Fiori interfaces are based on our Fiori interfaces for SAP IDM XIFI. In addition, user-friendliness has been optimized through various adjustments.

First, the user data is entered in detail (Figure 4). These are then visible in shortened form during further processing, and one or more users can be requested (Figure 5).

Figure 4: Detailed view of user creation
Figure 5: Overview of requested users

The subsequent step involves the selection of roles for the users. If the user creation is intended without role assignment, it is possible to explicitly request only one system. It is not mandatory to select a system. The system is automatically added once a role is assigned. An overview of the role assignment wizard is presented in Figure 6.

Figure 6 shows an overview of the role assignment wizard.

Figure 6: Overview of the role assignment wizard

Web services for starting and checking workflows

SP4 now enables the initiation of XCW requests and the monitoring of workflow status through web services. This allows for the initiation of user and role requests from pre-existing interfaces, such as ticketing tools like ServiceNow or Matrix42. The only requirement that lies with XCW is the presence is the presence and authorization of an interface user. Your tool must have the capability to operate the web service with the appropriate attributes.

User changes without approval

It is possible to specify which attributes do not require approval for user modifications in requests originating from the HR system. When these fields are identified and the request is initiated, the modification will be promptly implemented without requiring approval and applied to all accounts associated with the user.

Figure 7: HR Field Customizing

Approval-free roles

Roles and their respective system that do not require approval can be defined via a customizing table. This means that these roles are requested like any other role, but unlike roles that require approval, they are immediately available to the user. However, if these roles pose a risk and the automatic risk check is active, the risk manager must still approve the approval-free roles. Nevertheless, the step of the role owner is not required in this case.

Figure 8: Approval-free roles

Further optimizations

Many further optimizations, particularly based on the feedback of our customers who already use XCW, have been successfully implemented:

  • Customizing wizard, implemented similar to XAMS
  • Role search by role name, role members, and transactions in all scenarios
  • Reminder emails
  • Optimization of escalation paths

More information

You have now received an overview of the most important features and optimizations of Xiting Central Workflows (XCW) SP4. If you would like to experience the new features live, we recommend you participate in our free webinar on the topic of “Standardized Workflows and Self-Services for User Management in SAP Systems”. The next webinar date is part of the webinar series: “SAP Solution Days” and is aimed at all SAP, XAMS, and XCW users and interested parties. If you have any questions or are interested in workflows and self-services XCW, please contact us at [email protected].

Valerie Neunheuser

Get in touch with us!

Do you have questions about our products?

+41 43 422 8803
[email protected]
+49 7656 8999 002
[email protected]
+1 855 594 84 64
[email protected]
+44 1454 838 785
[email protected]

Attend our live webinars and learn more from our experts about SAP authorizations, XAMS, SAP IDM and many other topics in the context of SAP security.

Register now