Skip to content

Privileged Access Management for SAP

Provide superuser or elevated privileges to mitigate critical issues.
Prevent the misuse of superuser profiles by insider threats or other sophisticated cyber-attacks.

Grant privileged access during SAP Security emergencies

SAP operations teams need to be able to respond quickly to critical issues, especially in complex SAP landscapes. This often requires superuser or elevated privileges, which must not be used permanently, based on Identity and Access Management (IAM) best practices. However, if requested, these privileges need to be provided quickly but securely, with detailed monitoring data automatically included in the end-to-end SAP audit trail.

Simplified Provisioning, Instantly Available

Privileged Access Management (PAM) is immediately available and active after a simple installation. Levering the Self-Service App, SAP administrators can request and start their privileged access session right away. There is no need to use permanently assigned SAP superuser privileges, like SAP_ALL, anymore. Administrators can keep working with their named user, without having to impersonate an SAP FireFighter account.

Full Audit Trail, Maximum Transparency

As the SecurityBridge Platform automatically activates the built-in HyperLogging function after assigning the elevated privileges to the requesting user, all activities are recorded as part of the user’s audit trail. There are no restrictions regarding the number of parallel active users, and individuals can be tracked before, during, and after privileged access sessions—simplifying any investigation or forensic process and providing a complete audit trail during security-critical activities. At the end of the session or after a predefined expiration period, the PAM module automatically decommissions the elevated privileges from the account of the requesting user and restores the normal security logging level for that user.

All in one, seamlessly integrated with your SIEM

PAM is seamlessly integrated with the SecurityBridge Platform and functions in synergy with other Platform modules: Identity Protection, HyperLogging, and Threat Detection.

The Identity Protection Self-Service App enables the immediate kickstart of the privileged access session. For the detailed user audit trail during the superuser session, PAM automatically triggers the HyperLogging capability. This ensures that all user activities are accessible in one coherent Event Monitoring view within the Threat Detection module.

Therefore, any critical event during the PAM session will be alerted and if necessary, forwarded to your SIEM solution that can be easily integrated with the SecurityBridge Platform.

Solution Brief:

Privileged Access Management (PAM)

Are you looking for a condensed document explaining all the information about SecurityBridge’s Privileged Access Management solution?

The solution brief combines all the relevant information you need to know about the built-in PAM solution of SecurityBridge for SAP.