I think we give, give a few seconds for the transition here. And, and it's a topic, I I had quite some conversations already over the course of the conference, so I I not only talked decentralized identity, I also can talk a bit of other things.
So, so maybe we close the door then. And I think that, and this is something I have from, from the SAP website, that is, I think one of the things that clearly some had heard about is earlier, but basically what SAP said is the maintenance for SAP identity management. So if I at some point say, NetWeaver IDM, forgive me, I'm around too long, will end in 2027, seamless integration, they as a p says, okay, we, we stay with our cloud identity services, we stay with the cloud IHE solution cloud identity access governance to facilitate integration with other partner identity management solutions.
I think this is a very interesting thing because it's that integration with other partner, other plural partner that identity management solutions for enterprise wide identity and access scenarios. Factually, I think that there was a bit of a, another element which basically said, Hey, we, you should use enter ID governance in conjunction with our SAP cloud identity server and cloud identity access governance.
So, so when we look at the facts, there's the end of life period 2027, and if you pay a little bit more for the maintenance, it's 2030 you have at maximum. So right now, less than six years, or no six years, you still have 2025 to 2030. But that's the time you need for planning, for, for implementing, for migrating everything, which is sounds long, but isn't it, this SAP product team has a reference for Microsoft and ID governance as a replacement option together with their own offerings.
But there are surely also other IGO vendors that have partnerships and many solutions that have, have in-depth integrations into the various SAP solutions. So the question basically is, and I think this is something so, so I'm, I'm around this industry for yeah, way more than 30 years and I, I don't believe in oversimplification. So there's very rarely one size fits all. And I think this is the point which is very important in this context.
There's, there are different viewpoints, very different landscapes. You know, there are SAP identity management customers that are probably more upper mid-size to, to lower mid market.
So we, we end mid, mid-sized at 1000 employees and then mid-market up to 10. So there are surely several with that. There are some that have a lot of legacy, there have others which have a lot of SaaS. There are very different scenarios.
And I believe that the point to look at is really where are you, where do you want to be or where will you be in the future? And then think about what is the right fit.
And again, I will not come up with this is the right solution because there's not the one size fits all the, I think the important thing is to think about what is the right solution for your organization and what I trust wanna do, I don't have that much time. So I want to walk through, so five through seven, seven aspects that are impacting such a decision. And the first one I'd like to look at is the line of business. LOB stands for line of business applications, which is ERP and so on and so on and so on. And this is, this is the first part. What is your strategy?
And again, this has two angles because it's the, the one is, is it really an an SAP almost only. And I could go deeper into that and say, okay, we need in the SAP world, probably also to split between the EC2 S four HANA world versus the Ariba conquer et cetera world, which has architecture wise, very, very little to do with the rest of what SAP is doing.
So, so even that could be done. So it's, it's not shooting here for full completeness. So we can dig deeper here, but that should, it should not give you some saw some some food for saw, I dare to say you have some others here. You have hybrid scenarios with a lot of vendors. I think the larger organization is the more likeliness that you end up with a ton of things, especially when you are, when you're doing heavy m and a, then always other things come in.
And then is it more on premise, is it more hybrid? This is SaaS first and from that it depends.
For instance also, what do you do around sort of the, on one hand, the IGA part and the application risk management, application access control thing, which is SAP access control or some, so probably call it S-A-P-G-R-C, which is not exactly the right term. And then there are different options. So in the interest of time, I can't go through all these options, but what, what I think think it it shows is there's not the single right way to do it. There are areas, so many are very much SAP SaaS first, then SAP cloud IH EA thing, which is very worth to consider on the other hand.
And another factor to look at is license cost. So is it the thing you want to do from a license cost perspective?
Are there other things you you'd like to do? Maybe. So it's really not, not a simple scenario. And this is I think really the point I I, I'd like to make, as I've said, I'm another fan of oversimplification and I think this, this is the way to go is oversimplifying a second area is what's, what is your strategy around application risk management. Application access control? So is it that you, that you stick mostly to SAP access control?
Is it, if you're already on SAP cloud, IHE, is it a hybrid approach you're following? Are you having, or do you want to go for another vendor solution? There are a couple of layers that I, I think last year we published our leadership compass on, I called it access control tools for SAP versus access control tools for heterogeneous line of business application environments. And there are alternatives, and I think it's very worse to look at what is the best way for you, is it not just an IGA tool with a strong SAP support.
So that is available in the market tools that have deep SAP integration that are good in SOD controls that usually then come with lesser books of rules, lesser pre-configured critical entitlement definitions, lesser reconfigured, SOD controls, et cetera. But again, there are different options and I, in this case I put together a number of questions that are worth to ask yourself.
Again, not shooting for completeness. So it's, it's really more what, what you should you look up, what should you consider here and to, to, to help you a bit about thinking what is the right way to proceed. Then there's the micro strategy. Whom of you is using Microsoft ID or the other way around? Which of your organizations is not using Microsoft id? Relatively few, but there are a couple, yes, this is a small boutique system integrator raising the hand back there.
So it's, it's, it's, it's may maybe a bit different, but, but at the end of the day, yes, we, we, especially in Europe, I think we have a lot of ID shops for the access side that not necessarily means that you need to do all the other things with with that.
But basically the question is, is it in place?
If, if not, is it planned? If not, there clearly is another IGA solution probably preferred option.
If it is, then I only say this is a feasible option. Whether it's the right option then depends on a lot of other decision criteria again. So even if you have enter id, if you're, if basically what it says this slide is, if you're not going for enter id, it doesn't make sense to go for enter ID governance. So if you say we are whatever, an Okta shop or one one identity shop on the access side or a ping shop or whatever, it doesn't make much sense. If you are, you may consider, but then again it depends on all the other elements to look at. And this is I think what really is the important thing.
Think about what really fits to you. So it's your organization, you need to make your decision for the right way and find out your right way complexity of it.
So SAP or hybrid etc. I took this, I hope that I didn't forget to change this up there when I created a slide, otherwise my tears is guilty because he has been a review of my slides.
No, but the point I really would like to focus is how does it look like? So, so do you have a lot of on premises and you know a lot of OnPrem stuff will be around for long or is it that you say it's really SaaS first? This is a little bit of stuff. Remaining orders is primarily, primarily sa, primarily SaaS. This has a very huge impact because basically the, except of some, some direct integrations, Microsoft and SAP are working on roadmap feature. Some roadmap features have slipped at some vendors in the past caution except of that point.
But you have six years, so I, I have no doubt that there will be the integration readiness in this time.
So no worries about that. The point I I'd like to make is the integration approach is primarily focused on open standards. I think there's a logic in that because was was Microsoft and SAP are not the ones who are delivering the largest number of deep integration creation connectors to other platforms. So when we take SP access control, we had in the past Greenlight GRC now pass log, which in fact provided the deep integrations to all the other services.
And I think there are certain reasons and so basically it's built on, on open standards. So if you have a world which is basically supporting scheme, supporting OS two et cetera, it's much easier than when you have a world where you have a lot of complex legacy integrations you need to cover.
So it, again, it depends on, there's not the right solution, there's no right or wrong. It depends on what you have and you need to analyze what you have and then make up your mind.
What is it, this is a bit of an annual slide.
How, how complex are your I-G-I-G-A requirements? So I'm, so when, when I look at our, our leadership compasses, so we do this much more thorough analysis than this, which is hundreds of questions. Sometimes I think for identity fabric it's at the end of more than 2000 line Excel file because there are are 2000 row because there are a lot of multiple choice questions which adds the row. But there are a lot of questions in that. We look at this very ly and, and at the end of the day it is that Microsoft definitely scores very strong in the access management.
I'll see when I look at the IGA side, it's not as outstanding. It's fair I would say, you know, you can do a lot of things and for a lot of organizations this is the right choice or it's, it's not the right choice, it's a choice that fits.
We need to be very careful with this the right choice thing. So it it is that there are capabilities, there are some good things in, there are also things that are lacking. So I think still to the current state, SOD controls are really not the thing, but you could argue, okay, I have cloud IHEI do the SOD stuff over there, then you got it a bit solved.
When you, when I look just broadly at leading specialized IHEA solutions, then there are solutions that are, I think, and this is something we just can say they are, that are more powerful to IGA. Do you need that always? That's a totally different question. I think we see a lot of IG a's implementations, which are total overkill. That's the other side of the coin. So several of the IGA solutions are, are really doing things way too complex going over the top.
So again, it's also finding the balance and thinking about what do you need in IGA and what is the right fit. Again, it's not wrong or right, there's not the simple solution, but think about it.
Again, that's, that's why I talk about decision criteria here. What about customizations, et cetera. If you want to customize a lot or if your organization is very customization heavy and, and you can't hinder them this place a role.
Honestly, if you can avoid customizations, avoid customizations because they only will hurt you.
I'm not a big friend in customization by coding. And if you do do it, then do it right.
I, a bit of ago I posted a LinkedIn article about this topic of customization IGA you, you easily will find on LinkedIn still. So, so if you customize, then do it right? If you can avoid it, avoid it. So it might be not the most important thing. You might say, okay, my access governance stuff, I anyway push more most out of the to cloud IHE, et cetera.
So it, it again is something which depends on what you need and you need to make a thorough analysis here. At the end of the day, the best thing you can do is sort of you, you make some sort of your own tool stress, your RFP process, et cetera to look at really the things that are relevant to you. So what is your current state?
Again, something to look at. So where do you stand with with IJ today?
Is it the only solution or have you anyway, another s identity management solution in place. So if you have one already out there, and I know organizations where, where which say, okay, I, I have SAP identity management for basically for my ISAP world, but I run whatever sale SailPoint or one identity or something else.
Anyway, then there's this definitely a logic in saying if this is good enough for support, good enough, the solution haven't. I think for SailPoint at one identity, many others it is in supporting SAP environments. Why should you, again, add a second one unless you can't fix the organizational ownership thing, that might be a bit of a tricky thing. So if you're SAP kingdom says no, we only do SAP and no one else is allowed to even come close to it, then it's a bit of a tricky situation. But then you better fix the organizational thing, honestly.
Is it what, what you need is there the need to have more in that? All these other questions, connectivity, again, decree of customization, it's a bit repetitive, but at the end of the day you need to look at what can you do? Is it the right choice? Think about it. This is always my message.
And where, where are you, you going with your, your strategy. So what are the things you're looking at to do in the future? This is again, something where, where you need to think about, so where will my identity management, my IGA end up in the next couple of years. And some of these things are probably more available and they support you. Others will probably disrupt more the way we do IGA.
So how likely is it that we will have it in a certain period from the technologies available to we see widespread adoption.
So this is then probably a really bit thinking forward and then thinking also about which vendor is capable of doing that. And then you will find also that some vendors also Microsoft has some very great things. They're not, they're, they're doing some very smart things around orchestration. They push on decentralized identities. They have their thoughts here around policy-based access. They have very much for open standards and SA again, there there might be things where you say, okay, this really favors them or it favors others.
The point at the end of the day is think about it, it's more than just replacing one tool with another. So it's a huge investment. And so we have some numbers, you know, when, when you, for different market segments based on on experience, so when you compare license cost over a certain period with the cost of your project, then this ratio is by far the highest for IGA.
So for access management it's maybe the one to 1.5 x compared to license. Maybe a bit more, maybe bit less.
For IGA, we, as a rule of thumb, we say it's six to 10 times. So it's a costly project and if you spend that money, it's not just throwing one out, bring in the other and there's so much cost involved, you need to think about it and it's something that has a long term impact. The lifetime of D-R-I-G-A solution is 10, 15, maybe even more years. So do it right? This is basically what I do. There are the things out there like our reference architecture, identify picture you can rely on. Do it right. Prepare yourself for the choice of tools, do a proper assessment. That's it. Thank you.
Thank you Martin. Other questions in the room? There are no online questions. Just a second. I'll hand over the microphone so that we make sure that the online audience gets your question.
Thank you. I have one question. Normally when you migrate from one tool to the other is because you are not happy with it and now this is not the case because you don't have the choice. This is what the vendor decided. So what I'm missing, and I wanted to hear your opinion, maybe most of the people were happy with the SAP identity management and they want to preserve their experience, their look and feel.
So maybe we should like some as a criteria, some like ability to do a previous solution. So
Yeah, I I would say that this isn't criterion does it, does it do what, what you need to do, which you can consider.
I, I think but we also need to be maybe differentiate between what you like and what you're used to. So, so sometimes the appetite then comes by eating when you see, oh, there are some other cool meals out there that might be the other side. So at least I think it's very worse to look at alternatives. So it it's, for instance, when we run a or support pool choice project, I always try team always we try also bring in one or two players that take a very alternative approach.
And this is usually very helpful to see, okay, there are alternative, there are different ways to do it and it, it helps making the better the right decision, the better decision. So I think we can probably take one more question if No, no, don't,
That's fine. Because there's, this would've been the next presentation will be the last presentation. So we have 20 minutes to Oh,
To stretch. I could have been, I could have been talking 40 minutes.
No, no, no, no.
I actually have one, one more question, Martin. It's very interesting what's happened here with SAP because obviously as you and I know the SAP weren't in identity management until they acquired Maxwell those many years ago. I think you may know this anyway, one of the companies I'm involved with was actually their distributor in AsiaPac. And a lot of customers didn't want to move over to SAP network identity management or net sorry, identity management because they liked the Maxwell Identity Center solution.
Surely I, I realize that they've improved the product immensely and have done a whole bunch of other stuff around access controls and whatever. Is there a simple movement?
I'm I I'm, I'm not sure I agree with Entra, ID surely there are better solutions in the market today that have that integration with, with SAP because we still are supporting some max identity centered customers. Okay. Even today.
Yeah.
So, so, so first I I, I would say there are solutions that may be a better fit or not. So really look at what you need. I think you really to, to do it very differentiated. The one thing might be perfect for you. The other thing might be perfect for someone else. It's very clear there is no simple migration path as I believe. If I think even I, I would be very, very careful with trying to, to do it too simple because I think it always, this, this change is also a great opportunity to think about are the processes still the ones which are ideal? Should we maybe rethink it, et cetera.
So I think it's all of these, these changes also an opportunity to, to say, okay, what can we, what can we improve and how many bells and whistles do we have in our solution currently that we may get rid of? So in German, under logging, which, which also is I think a very great opportunity.
So, so cleaning it up and I always think it's a good idea also to modernize a bit when you anyway need to do it, then do it right And it would be saving on the wrong end my perspective.
Okay, thank you very much. The quick question, quick answer and maybe we, we haven't a talk on the same topic just afterwards and I think we have different perspective there as well and I really look forward to that as well, so we can gather these questions also for the next participant.
So please,
Everett, just a quick question. When it comes to the costs, because you said that there is a, a lot higher of cost of integrating this and that's I think is very important because now we all have to talk to our management and explain to them it's not our free choice. We have to do it.
And yes, we can improve things, but it's gonna cost a lot. Does copying your call have something like what you said in a more overview base something because it's, it'll be very different from company to company what it would cost of course, but giving the management also for our example, because they will actually talk to the colleagues from SAP as well and it would be good to, well have some sort of comparable numbers is something how, how costly, such a migration.
Yeah, so the, the, the rule of sum I've used, which is really a rule of sum is the six to 10. Six to 10 x of the, the, the license or subscription cost you probably should expect for running the project. So if you have 1 million, it's six to 10 million. Okay. Okay. Thank you very much. Depending on what your license cost, if you're 10,000, it's much better.
But I, I think this is, and this is really a, a factor because it again depends on what you do, okay? You ask for a short answer, but if you ask me for a short answer, you do something wrong.
Okay. Thank you very much Martin.
