WIXLIB

GRC Update of SAPSA on Access Control / IAG topicsGero Maeder, VP Development GRCPUBLIC

DisclaimerThe information in this presentation is confidential and proprietary to SAP and may not be disclosed without the permission of SAP.Except for your obligation to protect confidential information, this presentation is not subject to your license agreement or any other serviceor subscription agreement with SAP. SAP has no obligation to pursue any course of business outlined in this presentation or any relateddocument, or to develop or release any functionality mentioned therein.This presentation, or any related document and SAP's strategy and possible future developments, products and or platforms directions andfunctionality are all subject to change and may be changed by SAP at any time for any reason without notice. The information in thispresentation is not a commitment, promise or legal obligation to deliver any material, code or functionality. This presentation is providedwithout a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for aparticular purpose, or non-infringement. This presentation is for informational purposes and may not be incorporated into a contract. SAPassumes no responsibility for errors or omissions in this presentation, except if such damages were caused by SAP’s intentional or grossnegligence.All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially fromexpectations. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates,and they should not be relied upon in making purchasing decisions. 2021 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC2

Agenda1.Update on Roadmap2.Update on integration scenarios between AC12 and IAG3.Available APIs 2021 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC3

Update on Roadmap

Transform Your Governance, Risk and Compliance PracticesEmbed GRC and security in SAP S/4HANA and Intelligent EnterpriseBUSINESS NETWORKBUSINESSPROCESSAcross all functionsEasy-to-consumeModular & scalableIntelligentGRC for Intelligent EnterpriseProcess-cognizantAPPLICATIONSTECHNOLOGY 2021 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC5

SAP GRC solutionsProduct or portfolio areas of future investmentFrictionless consumptionEmbedded complianceProactive risk managementCloud or on premiseBusiness processes integrationAcross all domains SAP GRC functions will be directlyembedded across the IntelligentEnterprise Centralised consolidated, holistic, upto date GRC content provides singlecontextualised perspective Out-of-the-box connectivity withSAP S/4HANA, SAPSuccessFactors, SAP Ariba Proactive alerting for informedstrategy setting and decision-making Future innovations delivered with a“cloud-first” mindset Existing SAP GRC solutions (OnPremise) benefit from future cloudinnovations via bridge scenarios 2021 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC6

Key Elements of an Intelligent GRC SolutionEasy-to-consume Easy-to-deploy, configure and usefor GRC and business experts toincrease acceptance Offers content packages for existinglegal and industry requirements toaccelerate GRC projects 2021 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLICModular & scalable Re-configures existing services tomeet new requirements rather thanforcing a new implementation tokeep GRC cost in control Leverages Artificial Intelligence topre-process information for the GRCexpert to increase focusProcess-cognizant Prioritizes end-to-end processintegration over data integration togenerate value for the organization Aware of the companies ecosystem(suppliers, distributors, customers) toprotect the organization7

Transform Your Governance, Risk and Compliance PracticesEmbed GRC and security in SAP S/4HANA and Intelligent EnterpriseBUSINESS NETWORKBUSINESSPROCESSAcross all functionsENTERPRISE RISK AND COMPLIANCEIDENTITY AND ACCESS GOVERNANCECYBERSECURITY, DATA PROTECTION, AND PRIVACYINTERNATIONAL TRADEAPPLICATIONSTECHNOLOGY 2021 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC8

SAP Access Control Enhancements for 2021 and Beyond!Access Risk Overview PageCustomer directed continuous improvement!! Business Role Management User creation during business role provisioningEnhanced business role change history User Access Review – UAR requests now have ability to remove business roles in multi-tiered landscapeExport UAR assignments to Excel Emergency Access Management Ticket linking from external system to firefighter log reviewNew EAM log review with audit trail for reviews Access Request Updated Fiori Apps : Multi-processing of Access Requests, Multi-user requests Access Risk Analysis Risk Owner Stage improvements – limits risks to be viewed by risk ownerRisk library download and transport by rulesetFuture direction Access Control is driving digital transformation enabling seamless accessgovernance for public, private cloud and hybrid landscapes Access Control PCE – S4 Hana Add-on and Extra StackIntegration options with SAP Cloud IAG and SAP IDM 2021 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC9

For enhancements of Access Control, always follow the Customer Connect delivery calls!Recently delivered and new enhancements 2021 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC10

SAP GRC Solutions – Product Roadmap, Key InnovationsSAP Access ControlRecent innovations2021 – Planned innovations1Extend Access GovernanceExtend Access Governance Cloud Application using SAP Cloud IdentityAccess Governance SCIM Interface for provisioning with SAPCloud Identity Access GovernanceAccess analysisAccess analysis Advanced Analytics with Overview pagesAccess request SAP Fiori app enhancements foremployees and approversRole Management Ruleset Simulator, Risk Maintenance workflow enhancementsAccess request Processing Termination event from SAPSuccess Factors Multi user – Multi Role request process Centralized Business Role managementharmonized Business role managementwith SAP IDM Mass Update of Business Role assignmentsProcess TransparencyUser Access Review Cross Navigation between related workflowitems– Access Request & MitigationAssignment Workflow– Emergency Access request and LegreviewRole Management2022 – Product direction12023 – Product vision1Extend Access Governance usingCloud IAGSeamless identity lifecycle process formanaging workforce accessConversational AI for employeesGoverning identity and access requestson premise and in the cloud Password resetAccess RequestRequest statusEnhance User ExperienceAdvanced Machine learning featuresfor Role determination and useraccess reviewContinuous Improvement Customer Feedback and enhancementrequirementsEnhance Segregation of duties ruleset forother applicationsExtend Role design using CloudIdentity Access Management (CloudIAG) Handling de-provisioning of Indirectassignments ( via HR Org )Emergency Access Management Enhanced change Log and log reviewprocess1. This is the current state of planning and may be changed by SAP at any time without notice. 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC11

SAP Cloud Identity Access GovernancePlanned 2021 highlightsAccess Analysis and Access RequestNew integrations and interfaces New RequestAPI – enables programmatic access to initiate access requests HR Event Interface – trigger provisioning actions based on HR events Standards based support for system cross-domain identity management (SCIM) toconnect and manage 3rd party business applications Configurable workflows for SAP Cloud Identity Access Governance NEW! API Based integrations with SAP Concur and SAP Sales CloudRole Design, Access Certification and Privilege Access ManagementEmergency Access Management – Firefighting from the Cloud!! Support ECC for emergency access management scenarios from IAG in the cloud Look for more announcements as additional systems are supported Privilege Access Management enables continuous control while granting privileged andelevated access to the system landscapeFor more information and assets on SAP Cloud Identity AccessGovernance visit the SAP Jam page on the Finance & Risk hub 2021 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC12

SAP GRC SolutionsSAP Cloud Identity Access GovernanceV2108 – Recent innovationsV2111 – Planned Q4/20211V2202– Planned Q1/20221SAP Cloud Identity AccessGovernanceSAP Cloud Identity AccessGovernanceSAP Cloud Identity AccessGovernance Flexible and customizable workflow Identity Lifecycle Management andAdministration API Access Management integrations– SAP S/4HANA for advanced financialclosing– SAP Intelligent Asset Management– Support universal user ID –– Access Request Emergency Access Management Expanded APIs – Request API Risk Review Report Successfactors Integration with moresecure OAuth support– MDI Integration Access Management integrations– SAP Concur– SAP Sales Cloud Access Risk Assessment API Identity Access Reports– Who has what where– SAP S4 Hana on-prem– SAP S4 Hana Cloud API for consuming3rdV2205 – Planned Q3/20221SAP Cloud Identity Access Governance Access Analysis integrations– 3rd Party Application support via API Expanded PAM integrations Flexible and customizable workflow – Access certification– Privileged Access Management approvalprocess Identity Analytics – enhancementsparty HR events Access Analysis and RemediationInsights into Actual Risks with Conflicts Access Certification inboxenhancementsFor details see Road Map Explorer1. This is the current state of planning and may be changed by SAP at any time without notice. 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC13

Update on integration scenarios

Hybrid Identity and Access GovernanceCLOUDON-PREMISE LANDSCAPEFirewallSAP Access Control*End User Access Analysis Role Design Access Request Emergency AccessManagement***C/4HANA******SAP JamWorkflowSelf-Service**ProvisioningCloud IAGBridge*SAP Identity Management Users/Groups Roles ConnectorsSAPSAPNetWeaver Business Suite.3rd Party*SAP Access Control 12 and above 2021 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC**Optional***Coming15

Integration: bridge concept of SAP Cloud Identity Access GovernanceSAP AccessControlOn-premise applicationsShared Content Risk library Mitigation controls MitigationShared Functions Access request simulation Business role simulationSAP CloudIdentity AccessGovernanceCloud applicationsOn premiseUser Access Administration 2021 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC16

Integration: cloud applications1. SAP Access Control on-premise applications2. SAP Cloud Identity Access Governance cloud applications3. Cloud SAP Cloud Identity Access Governance bridge sync (SAP Access Control SAP CloudIdentity Access Governance)a) Access risk libraryb) Repository datac) Mitigation controls and mitigation (user access risk mitigation control monitor)4. SAP Access Control access request and access analysis simulation (SAP Access Control SAP Cloud Identity Access Governance)a) Simulation during access request process SAP Cloud Identity Access Governance access analysisserviceb) Mitigation in access request temporary (control look up SAP Cloud Identity Access Governance)c) Persistent mitigation after approval process ( SAP Access Control workflow SAP Cloud IdentityAccess Governance) 2021 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC17