Manage identity and access management across the SAP ecosystem and integrated non-SAP systems.
Responsibilities
Manage SAP on-premise systems including ECC, HCM, SCM, BW, and CRM alongside SAP Cloud systems like IAG, IAS/IPS, Concur, Ariba, Commerce Cloud, C4C, and BTP.
Design and implement secure SAP authorization roles using the principle of least privilege and maintain detailed role documentation.
Administer non-SAP systems within the identity lifecycle, specifically Microsoft Active Directory and Azure Entra ID.
Configure and manage SSO integrations with Azure, SAP Secure Login Service, and SAP Identity Authentication Service.
Resolve user access issues and collaborate with functional owners to remediate segregation of duties conflicts.
Required Skills
5+ years of experience in SAP Role Design, including Master-Derived roles, Composite roles, and Business Role Concepts.
Deep understanding of SAP authorization objects and system traces.
Proven experience in large enterprise ERP implementations covering technical design, testing, and deployment.
Experience with segregation of duties conflict remediation and access requirement addressing.
Ability to manage identity lifecycles within Microsoft Active Directory and Azure Entra ID.
Proficiency with Microsoft Office tools including Excel, PowerPoint, and Visio.
Bachelor’s degree in Information Technology, Business Administration, Information Systems, or a related field.
Willingness to travel domestically and internationally up to 25%.
Preferred Skills
Hands-on experience with SAP Identity Access Governance or Cloud Identity Services.
Knowledge of SAP Datawarehouse tools such as BW, DataSphere, and SAP Analytics Cloud (SAC).
Familiarity with S/4HANA architecture, migration strategies, and SSO methods like SAML2.0 and OAuth.