Skip to main content
SAST User Access Management

How vigilant are you about security?

SAST SUITE: systematic authorization management.


These days, the occurrence of an IT security incident is less a question of "if" than "when". Meanwhile, companies' own employees are causing these events more and more often, whether by accident or with malicious intent.

The SAST SUITE's modules for identity and user access management are designed to provide the exact support you need in implementing your authorization concept by notifying you of violations immediately - not after the damage has already been done.

With the SAST SUITE, your authorization management is sure to be consistent, comprehensive, and transparent.


Real-time analysis of authorizations and segregation of duties.

Are you looking to implement an authorization concept that covers multiple clients and systems in your SAP landscape?

With SAST AUM (formerly known as UserTrack), you can make sure your concept is comprehensive and includes strict authorization controls. This module compares all the roles and objects in your SAP systems against a segregation of duties (SoD) matrix, improving your ability to identify critical access attempts through your SAP authorization concept and detect potential SoD conflicts in real time - and most importantly, before your production system is affected.

Plus, your concept will be the only source auditors need for qualified key figures. SAST makes it possible to monitor and analyze SAP authorizations, combinations, processes, and SoD rule sets based on preconfigured or freely definable SoD matrixes.

How SAST SUITE can assist you

  • Concept covers multiple clients and systems
  • Checks your user master data
  • Includes predefined rule sets based on market standards (SAP security guides, BSI recommendations, DSAG auditing guidelines, Cobit, etc.)
  • Performs SoD checks on users, profiles, and roles in real time (incl. predictive simulations)
  • Comes with predefined rule sets for SoD violations and critical access attempts (SAP ERP/HCM/NetWeaver, IS-U, CRM, SRM, etc.)
  • Features an intuitive rule set editor and an integrated reporting engine
  • Real-time checking of the SAP transactions you use

Are you already familiar with our add-on for this module, SAST Enhanced SoD and Control Reporting? It's designed to give you a way to communicate and collaborate on the basis of Excel, which makes things easier to understand for user departments, managers, external auditors, and others who aren't experts in SAP.


Efficient, audit-compliant monitoring of your emergency users.

Even the best system sometimes requires extended support. This is why SAP systems provide for emergency users that have expanded authorizations for special circumstances - authorizations that include the ability to access sensitive data. To ensure your compliance with the due diligence required by law, extensive documentation of such activities is essential.

Luckily, the SAST SUM module (formerly known as AdminTrack) is available to help you deal with this challenge. It maps your entire superuser process, checks all privileged access attempts in real time, and documents all related activities with full audit security. From user authorization assignment and convenient administrative tools to the documentation of support cases based on dual logging access, everything is covered in SAST.

How SAST SUITE can assist you

  • Audit-compliant documentation of all critical activities
  • Prevents unnecessary "SAP_ALL" authorizations
  • Superuser administration that's simple and efficient, but still secure
  • Ensures transparency regarding critical activities and provides an integrated approval and deregistration procedure
  • Single sign-on functionality for your emergency users
  • Automatically notifies your auditor when a support activity is complete
  • Logs users through passive monitoring (external consultants, SAP EarlyWatch)
  • Predefined processes provide for speedy installation, implementation

Meanwhile, don't forget to protect your sensitive personal data. With SAST HCM Read Access Monitoring, you'll gain full transparency regarding the activities of your privileged users - even in cases involving read-only access to your personal information.


Preserve your resources by automating your SAP role generation.

Real-world situations consistently show that growing structures quickly make the assignment of authorizations difficult to manage without a significant amount of manual effort. This is particularly true when authorizations need to be assigned in a compliant manner that prevents SoD conflicts.

Enter the SAST ROM module (formerly known as Role Optimizer) - a secure, efficient, and cost-effective solution for optimizing your existing roles and organizing them in a clearly arranged role management system.

SAST will aid you in determining which authorizations are needed, creating new roles, and of course, handling the ongoing administration of your authorization concept. In doing so, you can decide whether to build on SAST Suite's predefined role templates or define your roles through automated analysis of your users' activities and the transactions they execute. This also means that you can easily carry out rollouts and mass changes at the object or field level.

How SAST SUITE can assist you

  • Significantly reduces costs and effort during rollout and ongoing operations
  • Reduces risk through conflict-free authorization roles and transparent role assignment
  • Analyzes and manages roles across systems, automates mass role generation
  • Analyzes critical authorizations and SoD conflicts, highlights roles not in use
  • Automatically produces documentation to ensure audit security and compliance
  • Integrates seamlessly with standard SAP software (profile generator, etc.)


Carry out faster, smoother authorization projects.

Are you developing a new authorization concept or planning to redesign your SAP authorizations? If so, our SAST SGM module can save you a tremendous amount of time and organizational effort.

The software starts by analyzing your users' behavior at the outset of your project. It automatically identifies all the authorizations they utilize and incorporates them into your new model without any additional effort. If users are missing authorizations they had before the transition, they can activate a fallback function to have their privileges restored right away. Meanwhile, the main advantage you'll enjoy is that your day-to-day business will continue on uninterrupted.

How SAST SUITE can assist you

  • Implements tailored roles with clean authorizations at the click of a mouse
  • Significantly accelerates projects involving new or redesigned concepts
  • Requires much less organizational effort
  • Lowers project costs
  • Makes it possible to overhaul authorizations without disruptions
  • Enables your daily business to continue unhindered

Our consultants will be happy to lend a hand in preparing and implementing an authorization concept that meets your specific requirements.


Reduce your rol(l)es almost by itself.

It's a well-known fact at every company that has SAP systems: User authorizations are continually being optimized. But what doesn't happen nearly often enough is the removal of transactions no longer in use in the roles. This is a completely avoidable cause of risks related to separation of duties, an unnecessary drain on admin resources and, of course, an untapped source of potential savings for SAP licenses.

Our Suite module SAST SAA has a slimming effect on your roles. After applying these authorizations, based on concrete usage analyses, each role will contain only those transactions that are truly necessary for performing a business process. Unused transactions are safely stripped away. This allows you to achieve optimally lean roles without limiting your day-to-day business in any way. And, almost without trying, you'll also be in the best position possible for your next SAP license audit.

How SAST SUITE can assist you

  • Ensuring clean authorizations with tailored roles
  • Less potential for segregation of duties
  • Increased security through improved transparency
  • With this SAST SUITE module, your user authorizations adjust themselves automatically - based on actual user behavior
  • Significantly reduced effort for your administrators
  • No interruption to your day-to-day business

For the initial work and an implementation tailored to your individual requirements, you can rely entirely on our team of security and compliance experts.


Audit-compliant administration of users, roles and authorizations.

Managing a large number of user accounts often presents companies with serious challenges, especially when you consider how complicated most of the available standard tools are. It's particularly difficult when user identities need to be maintained in several systems, directory services, or databases.

The lack of an option to manage user IDs and authorizations across multiple systems in a transparent way not only leads to insufficient clarity and SoD conflicts; it also requires more effort to address these issues.

With our SAST UAM module, you'll have an efficient, user-friendly, and secure means of both monitoring and managing the identities, roles, and authorizations of your SAP users.

This module will provide you with key information on authorizations and structures, help pinpoint your current risks and security vulnerabilities, and enable you to freely define the responsibilities of your organizational areas - including for HR and role managers and user and role administrators. It's also possible to configure the approval steps necessary for each individual SAP workflow.

How SAST SAST can assist you

  • Reduces effort through automated authorization requests
  • Increases transparency by facilitating customizable authorization management and seamless tracking of all changes
  • Audit-compliant administration of users, roles, and authorizations
  • Assesses risks and detects assignments of critical authorizations in real time
  • Workflow integrates directly into SAP


Safeguard your sensitive personal data.

When it comes to unauthorized access, your SAP systems need to be protected not only from external attempts, but those from within, as well - especially when information as valuable as your personal master data is at stake.

Even if you have a solid concept for your SAP roles and authorizations, your data may not be fully secure. This is where the SAST HCM module (formerly known as HCM DisplayTrack) can help by enabling you to detect and document every attempt made to open, modify, download, or even gain read access to your personal data.

How SAST SUITE can assist you

  • Reliable protection for your sensitive SAP HCM data
  • Provides transparency regarding the activities of your privileged users
  • Logs all access attempts (including read access)
  • Fulfills all the applicable requirements of data protection and labor law
  • Easy to order as an add-on for SAST Superuser Management


Take the pressure off your user helpdesk.

With this SAST PSS module, you can simplify the process of resetting passwords and implement stricter password guidelines.

It gives your employees a secure, user-friendly way to reset their passwords themselves through your intranet no matter where they are. This will save your helpdesk personnel time that they can devote to their core tasks.

How SAST SUITE can assist you:

  • Syncs with SAP and/or active directory to verify users
  • Automatically resets locked accounts and generates new initial passwords
  • Logs all requests
  • Features a user-friendly interface

Logo s.Oliver

Logo Takeda

Modular design. Individual possibilities.


SAST Events & Webinars
SAST Brochure