Scribd
Upload
107 views3 pages

SAP IAG Interview Questions

The document provides a comprehensive overview of SAP Identity Access Governance (IAG), detailing its features, modules, and differences from SAP GRC Access Control. Key topics include access analysis, privileged access management, access request processes, and compliance measures. It also highlights deployment models, integration capabilities, and challenges in implementing SAP IAG.

Uploaded by

Ethiraj Rajamohan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
107 views3 pages

SAP IAG Interview Questions

The document provides a comprehensive overview of SAP Identity Access Governance (IAG), detailing its features, modules, and differences from SAP GRC Access Control. Key topics include access analysis, privileged access management, access request processes, and compliance measures. It also highlights deployment models, integration capabilities, and challenges in implementing SAP IAG.

Uploaded by

Ethiraj Rajamohan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Top 30 SAP IAG Interview Questions & Answers

Q: What is SAP IAG?


A: SAP Identity Access Governance (IAG) is a cloud-based solution that provides access governance,
compliance, and identity lifecycle management, integrated with SAP systems (especially SAP S/4HANA and
cloud solutions).

Q: Difference between SAP IAG and SAP GRC Access Control?


A: IAG is cloud-based, supports S/4HANA Cloud, and works on a subscription model. GRC Access Control is
on-premise, primarily for ECC systems, and is license-based.

Q: Key Modules in SAP IAG?


A: Access Analysis, Access Request, Role Design & Simulation, Privileged Access Management (Firefighter
IDs), Integration with SAP Cloud Identity.

Q: What is Access Analysis in IAG?


A: Access Analysis evaluates users' access risks (like SoD conflicts) in real-time before provisioning access.

Q: Explain Access Request Process in SAP IAG.


A: Enables users to request roles and authorizations, supports approval workflows, and auto-provisioning to
connected systems.

Q: What is Privileged Access Management (PAM) in IAG?


A: PAM allows temporary elevation of user privileges through Firefighter IDs with session logging and audit
trails.

Q: How is SAP IAG integrated with SAP Cloud Identity?


A: For SSO, identity lifecycle management, and secure user provisioning.

Q: What are Risk Terminators in SAP IAG?


A: Real-time SoD checks during Access Request submission to prevent risk violations before provisioning.

Q: Role of SAP Identity Provisioning Service (IPS) with IAG?


A: Acts as a bridge for provisioning users/roles from IAG to target SAP applications, ensuring secure and
automated provisioning.

Q: What is a Mitigation Control in SAP IAG?


A: Compensating measures applied when risk violations cannot be avoided but are managed via monitoring
or approvals.

Q: Explain 'Access Certification' in SAP IAG.


A: Periodic review where managers/owners review and certify user access for compliance.

Q: Difference between IAG Access Request and SAP GRC Access Request?
Top 30 SAP IAG Interview Questions & Answers

A: IAG has a simplified UI, cloud-native, integrates with cloud apps. GRC is complex, on-premise, with limited
cloud support.

Q: How does IAG handle SoD Risk Analysis for S/4HANA Cloud?
A: Provides out-of-the-box SoD rulesets and performs risk analysis via Access Analysis.

Q: What is an Access Simulation in SAP IAG?


A: Tests impact of role changes on user access and SoD risks without actual provisioning.

Q: How are Firefighter IDs managed in SAP IAG?


A: Provisioned temporarily with workflows and monitored through logs/reports.

Q: Can SAP IAG integrate with Non-SAP Systems?


A: Focus is on SAP Cloud solutions, but IPS allows some basic provisioning to non-SAP systems.

Q: Difference between IAG Role Design & GRC BRM?


A: IAG Role Design is a simplified cloud tool, GRC BRM offers comprehensive lifecycle management
on-premise.

Q: How does IAG support Continuous Compliance?


A: Real-time risk analysis, mitigation workflows, and automated provisioning ensure continuous compliance.

Q: Deployment models for SAP IAG?


A: Available as SaaS on SAP BTP (Business Technology Platform).

Q: Delegated Approvals in Access Requests?


A: IAG allows configuring delegated approvers ensuring workflow continuity.

Q: What is 'Remediation' in SAP IAG?


A: Corrective actions like role adjustments or access revocations to resolve identified access risks.

Q: Benefits of IAG over traditional GRC solutions?


A: Real-time governance, cloud compliance, scalability, and reduced infrastructure overhead.

Q: Use of Access Certification Campaigns?


A: Mass review of user access to ensure compliance and identify unnecessary access.

Q: How does IAG ensure audit and compliance?


A: Logs all activities including access requests, approvals, SoD checks, and privileged access sessions.

Q: Concept of 'Workflows' in IAG?


A: Automates approvals, provisioning, and escalations in access request scenarios.

Q: Standard roles delivered by SAP IAG?


Top 30 SAP IAG Interview Questions & Answers

A: Access Requestor, Approver, Risk Owner, Role Owner, Administrator.

Q: Extending IAG functionalities?


A: Using SAP BTP extensions and APIs, functionalities can be enhanced or integrated with other systems.

Q: What is SoD Risk Remediation in IAG?


A: Analyzing SoD conflicts and rectifying them by changing role assignments or applying mitigating controls.

Q: Available reports in SAP IAG?


A: Reports on Access Risk Violations, Mitigation Controls, Access Requests history, Firefighter Usage Logs,
etc.

Q: Key challenges in SAP IAG implementations?


A: Data sync with source systems, role design standardization, user training, managing hybrid landscapes.

You might also like