Xiting Central Workflows: New Functions with Service Pack 5

As the saying goes, “Good things come to those who wait”. This also applies to the new release of Service Pack 5 (SP5) of our product Xiting Central Workflows (XCW). After more than a year of defining requirements, development and testing, we are not only presenting brand new functions, but also completely rethought use cases (XCW and SAP Cloud). But let’s go back to the beginning: with XCW, we offer you standardized workflows according to SAP best practice for the most important application scenarios in user administration of primarily SAP systems in our experience. In SP5, you can also use the tried-and-tested workflows for creating/changing users, assigning and revoking authorizations and the combination as usual – only even better and easier. The Fiori interfaces and password self-service are also still available and include some much-awaited features.

We present some of the new functions and use cases of the new release below.

Business Roles

We want to improve the user experience and simplify the application for authorizations by using business roles. These are containers with cross-system authorizations that are maintained in XCW customizing. In future, the end user will only apply for business roles that can be found using simple search options. This significantly reduces the number of selection options.

The application process remains unchanged. The business roles can be searched for and requested either in the user creation request or in the role request. The business role owner must then approve the assignment and, if a risk is identified by XAMS CRAF, it must be released or mitigated by the risk owner.

Figure 1 shows the business role wizard:

Figure 1: Business Roles Wizard

Figure 2 shows the view of the requested business role:

Figure 2: Requested Business Role

Extension of the LDAP integration

The previous LDAP integration included an LDAP search that transferred information from identities from sources such as the Active Directory to user applications in the XCW and matched them accordingly. These applications could be processed and submitted manually.

With SP5, it is possible to set up jobs that regularly read in data via LDAP and determine whether new identities have been created or existing identities have been changed. This generates automatic user requests that must be approved by the user managers in the XCW.

In addition, the popular LDAP search is now also available in the user creation and role assignment requests (business roles and PFCG roles):

Figure 3: Search via LDAP in Fiori

Dynamic Risk Managers

With SP5, it is possible to store the risk owners for each risk individually in XAMS CRAF. As soon as a risk is created by an assignment, XCW receives the corresponding risk owner from CRAF and this person takes over the approval step in XCW. The central maintenance of a group of risk owners is still available. A customizing switch can also be activated, making it possible to enter the risk owner individually when submitting the application.

Find out more about XAMS CRAF in this new webinar:

In addition, the approval of risk owners in Fiori has been optimized and mitigation is now also possible:

Figure 4: Mitigation in Fiori

Manager Approval

Previously, there was the approval step of the role owner and occasionally the risk owner. SP5 introduces an additional approval step – that of the manager. This has been repeatedly requested by our customers in the past and now we can meet this requirement. In the first version, a simple mapping table will be implemented in which users must be assigned to their managers. If XAMS CRAF is used, the approver can also see whether there are any conflicts.

Figure 5 shows the manager approval in the SAP GUI interface and Figure 6 in the Fiori interface.

Figure 5: User Manager Approval SAP GUI
Figure 6: User Manager Approval Fiori

Further Optimizations

Many other optimizations have been successfully implemented, particularly as a result of feedback from our customers who are already using XCW:

  • Download/upload Options Extended in Customizing
  • Specify approval-free roles using wildcards
  • Extension of the check interval when sending the application
  • Customizable display of the dashboards with regard to the days displayed
  • Optimization of texts

Extended Use Case: XCW Goes SAP Cloud

With Service Pack 5, XCW expands its functionality to include business roles, which serve as containers for technical roles from various ABAP systems. Requests for these roles can be made via the UI5 front end and the SAP GUI and go through an approval process that is checked by the business role owner and, if necessary, the risk manager.

Our approach uses the XCW central system (CDL) or the existing CUA system as a central source system to enable the management and provisioning of user accounts and authorization roles for On-Prem ABAP & S/4HANA.

We are now also applying this principle to integrate SAP cloud systems in combination with SAP Cloud Identity Services. In the SAP on-prem systems, the authorization roles typically include specific access rights for the SAP applications. However, there are also “empty” authorization roles that do not have their own access rights, but merely serve as substitutes for authorization roles in other systems.

These roles are implemented because a direct implementation is not possible due to different authorization concepts in the cloud world. In the XCW central system/ZBV, the ownership of these roles is therefore defined by user accounts, supported by workflows.

Enter a new era of hybrid identity management with us and benefit from centralized, efficient management of your SAP OnPrem and SAP Cloud systems. Figure 7 shows you the target architecture:

Figure 7: XCW Goes Cloud Architecture

Webinar: SAP Solution Day about Xiting Central Workflows

You now have an overview of the most important features and other use cases of Xiting Central Workflows (XCW) SP5. If you would like to experience the new features live, we recommend our free webinar on “User and Role Administration with Xiting Central Workflows”. The next webinar date is part of the webinar series: “SAP Solution Day” and is aimed at all SAP, XAMS and XCW users and interested persons.

If you have any questions or are interested in the topic of workflows and self-services or our Xiting Central Workflows solution, please contact us at [email protected].

Valerie Neunheuser
Contact

Get in touch with us!

Do you have questions about our products?

+41 43 422 8803
[email protected]
+49 7656 8999 002
[email protected]
+1 855 594 84 64
[email protected]
+44 1454 838 785
[email protected]
Contact
Webinars

Attend our live webinars and learn more from our experts about SAP authorizations, XAMS, SAP IDM and many other topics in the context of SAP security.

Register now