SAP IAG
SAP IAG Access Request Automation
DataNub integrates SAP Identity Access Governance and SAP authorization data with Claude AI through the Model Context Protocol (MCP), enabling conversational, end-to-end Access Request creation from a plain-English user intent to a fully submitted access request in seconds.
Why Access Request Automation with Claude MCP?
By connecting SAP role and transaction data and the IAG access request service directly to Claude AI via MCP, DataNub turns a multi-screen, multi-team access request workflow into a single conversation. Users describe what they need to do “I want to create purchase orders” and Claude finds the right roles, resolves the matching IAG access entry, looks up the user, and raises the request automatically.
Intent-to-Role Discovery
AI-Powered SAP Role & Transaction Search Ask Claude what you want to do in business language “Create Purchase Order”, “Change Sales Order”, “Display Vendor” and it queries SAP via MCP to return the matching transaction codes, role names, and descriptions in real time, so the right access is always selected.
IAG Access Catalog Resolution
Live Lookup of Assignable Access & Users Claude connects to IAG over a secure OAuth2 channel via MCP to pull the requester’s profile name, email, manager and resolve each chosen SAP role to its IAG access entity, including access type, application type, and target system, with no manual copy-paste between systems.
One-Click Access Request Creation
Automated IAG Request Submission Claude assembles the complete access request user details, access entries, validity dates, priority, and reason tags it with source “Claude MCP”, and submits it to IAG via MCP. Both the submitted request and the IAG response are returned, giving a complete audit trail for every request.
Benefits of Access Request Automation
Faster Time-to-Access
What used to take multiple screens, role catalogs, and email threads becomes a single conversation with Claude. Users get access requests raised in seconds from a natural-language intent, dramatically reducing time-to-productivity for new joiners and role changes.
Reduced Manual Effort & Errors
Claude eliminates manual lookups across SAP authorization tools and the IAG access catalog. No more mistyped role names, wrong target systems, or missing user fields every request is assembled from live SAP and IAG data via MCP.
Compliance & Auditability
Every Claude-initiated request is tagged with source “Claude MCP” and logged with the exact payload sent to IAG. Combined with IAG’s native risk analysis and approval workflows, this delivers a fully traceable, audit-ready access request process.
Key Use Cases
Business-Language Access Requests
I need access to create purchase orders raise the request for user DN_USR_1
Claude searches SAP for purchase-order-related transactions and roles, resolves the IAG access entity, fetches the user profile, and submits the access request all in one conversation.
Role Change & Re-assignment
Add the sales team role Z_SD_SALES_USER to user DN_USR_1
Claude looks up the user in IAG, resolves the role to its IAG access catalog entry, and raises a change request to assign it no manual form filling required.
Multi-Role Bulk Requests
User D10045 needs PO creation and vendor display access
Claude discovers the relevant SAP roles for each activity, resolves each one in IAG, and submits a single access request with multiple access entries consolidating what would otherwise be several separate requests.
Self-Service Access Catalog Exploration
What SAP roles let me change sales orders?
Claude queries SAP via MCP and returns the matching role, transaction code, and description list, so users and managers can explore the catalog conversationally before committing to a request.
Product Demo
Features
- Intent-to-Role Discovery via Claude MCP
- Live IAG User & Access Catalog Lookup
- Automated IAG Access Request Submission
DataNub Access Request (SAP + IAG + Claude MCP) vs Manual Process
Aspect
User Experience
Role Discovery
IAG Integration
Request Submission
Auditability
Scalability
Benefits
DataNub Access with Claude MCP
Describe the need in plain English “I want to create purchase orders” and Claude raises the IAG request end-to-end via MCP.
Claude queries SAP in real time to map business activities to transactions and roles no catalog memorization needed.
Claude authenticates to IAG securely, fetches user and access catalog entries, and builds the request automatically.
One conversational step submits the access request, tagged with source “Claude MCP”, with the full audit payload returned.
Every request is logged with the AI-built payload and IAG response, tagged with source “Claude MCP” for traceability.
Claude handles multi-role, multi-user requests conversationally at enterprise scale via MCP.
Conversational access requests, instant role discovery, live IAG integration, audit-ready submissions, drastically reduced time-to-access.
Manual Access Request Process
User must know the exact SAP role name, navigate IAG screens, fill multi-step forms, and coordinate with approvers manually.
Requires access to SAP role-management tools or offline catalogs; high risk of choosing the wrong role or requesting too much access.
Manual data entry across IAG screens user details, access id, target system, application type, validity dates prone to typos and errors.
Multiple clicks across the IAG UI; limited visibility into the exact request submitted.
Audit trail depends on IAG logs only, harder to correlate requests with the original business intent.
Linear effort each request is a manual form; enterprise onboarding and role changes become a bottleneck.
Direct human control, familiar UI-based workflow, minimal tooling integration required.
Blogs
The Challenge Managing user terminations across a complex SAP landscape is one of the most critical — and most overlooked
Introduction: Why Connect Claude AI to SAP GRC? The world of SAP Governance, Risk, and Compliance (GRC) is undergoing a
The FUE Problem Nobody Talks About If you manage SAP licensing, you have likely encountered the pain of Full Use
Unified Add-Ons for Governance and Integration
Extend SAP GRC with powerful compliance solutions while streamlining enterprise workflows through seamless integration add‑ons—delivering trust, agility and connectivity in one suite.