In counseling, I have had questions on this topic. Several times.
There are cases of companies with strong turnover of externals, and others where this aspect is less pronounced. But who are externals and how to manage them in SAP systems?
Who are the externals?
It may be a simple question to answer however, thinking about it, there could be different cases. Certainly in the same macro category, but less relevant or ambiguous cases. Here are some examples:
- External consultants
- For ongoing services, such as application maintenance support (AMS)
- or occasional collaborations
- External warehousemen, i.e., people who, often on a rotating basis, take turns managing the warehouse and thus may have access to information systems, e.g., SAP. Although they have often limited access
- External administrative staff. A whole range of activities related to financial processes can be delegated externally
In the cases above clearly each of these categories may have access to more or less confidential data. And it is also possible to have in some areas a more or less high rate of turnover.
How are external users created and managed?
Just as for internal users, for example, employees, a form of management must also be defined for external contractors. Also because it is much easier in such cases to forget about them than for employees.
So it is important to be able to answer, for example, the following questions:
- What is the life cycle of these users?
- Do I need to define an email for these external users or can I avoid it?
- Do I need to define a "manager" or contact person?
- Where do I go to censor any information to accompany the definition?
- Should I always indicate an expiration date in these cases?
- Should I census in an HR system the externals' information?
Clearly the answer to many of these questions is yes, in our opinion. Although everything may not always be as simple as it seems.
Think about the definition point of the email. This comes at a cost to you, probably. But it is becoming more and more common for SAP to do an onboarding via the corporate email (especially in cloud products). Also read this article on "SAP SCP/BTP for externals, how to do it?"
Ideally, in my opinion, it would be best to census external users exactly as well as internal ones, especially using the HR system already in place in the company. Although this choice may involve effort on several areas it is the one that is actually the most straightforward and simple. Consider that if you have S/4HANA you can use Business Users (SAP S/4HANA Business Users).
Alternatives exist through the definition of ad hoc tables (whether or not integrated into SAP) that go to census contract or user ownership information, which are important, to perform periodic revalidations or reference tickets.
It may also be useful to evaluate or agree on a field (see examples below) where certain information can be entered at the moment of creation.
This information can also be managed through Identity Management or SAP GRC Access Control systems.
- Why choose an Identity Management system?
- How to choose an Identity and Access Management
- SAP and Microsoft user management
Contact us if you would like to find out what other tips we have used in our experiences!
Topics: identity management system, User Access Management, ticket management system, esterni, external users management