These days I've met with some of the executives of SAP to talk about their roadmap. Overall, SAP is moving forward with its Identity and Access Management products. e.g. SAP NetWeaver Identity Management (NW IDM). And the integration of the recently acquired SECUDE products and technology will significantly enhance the SAP product portfolio. Some of the new features are improved role management capabilities, reporting via SAP BW (Business Warehouse), and new REST-based APIs for UI creation. No rocket science, but valuable add-ons for their customers. For sure SAP is as well enhancing the integration with their core products and with SAP BO GRC AC (SAP BusinessObjects GRC Access Control).

The most interesting step forward, from my perspective, is the strong focus on SAML 2.0 which shall become the strategic replacement of SAP Logon Tickets, which are some form of proprietary cookies. This allows cross-domain use, in contrast to domain-dependent SAP Logon tickets. And it will provide simpler integration in business processes which span not only the SAP environment but heterogeneous applications. Besides the increased flexibility, SAML can provide much more information about the user. However the step from SAP Logon Tickets to SAML 2.0 won't be a hard or even quick migration. SAP will further support the SAP Logon Tickets - and SAML 2.0 is supported only in backend systems starting with the 7.0.0 release. However, SAML 2.0 offers significant features and SAP provides (besides the integrated IdP in SAP NW IdM 7.1 and higher) as well SP capabilities at the backend.

Another area of migration is about moving from CUA (Central User Administration) to SAP NW IdM. SAP strongly recommends to use SAP NW IdM instead of the limited CUA capabilities. Again, this is a smooth migration - CUA won't, according to SAP, be shut down as long as ABAP-based systems (the older SAP systems) are around. However it isn't recommended anymore to install CUA.

In essence, SAP is continuously enhancing the Identity and Access Management capabilities and strengthens not only the integration into the SAP environment but adds support for heterogeneous environments and standards. Thus, SAP NW IdM is, from a SAP perspective, an enabling technology for the integration within the SAP infrastructure and (especially with SAML 2.0) beyond.