SAP Identity and Authorization consists of two main components: identity management and authorization management.
Identity management is the process of creating, maintaining, and deleting user accounts and their attributes in your SAP systems. But not only that: it also includes assigning users to roles and groups, which determine their access rights. Identity management can be done manually or automatically, using tools such as SAP Identity Management (IDM) or SAP Cloud Identity Access Governance (IAG).
Authorization management is instead the process of defining and enforcing users’ and applications’ access rights in your SAP systems. It also entails creating and maintaining authorization objects, profiles, roles, and rules, which specify what actions users and applications can perform on which data and resources. Authorization management can be done using tools such as SAP Access Control (AC) or SAP Cloud Platform Identity Authentication Service (IAS).