SAP IAG

SAP IAG Access Request Automation

DataNub integrates SAP Identity Access Governance and SAP authorization data with Claude AI through the Model Context Protocol (MCP), enabling conversational, end-to-end Access Request creation from a plain-English user intent to a fully submitted access request in seconds.

Request Demo
IAG Access Request Automation

Why Access Request Automation with Claude MCP?

By connecting SAP role and transaction data and the IAG access request service directly to Claude AI via MCP, DataNub turns a multi-screen, multi-team access request workflow into a single conversation. Users describe what they need to do “I want to create purchase orders” and Claude finds the right roles, resolves the matching IAG access entry, looks up the user, and raises the request automatically.

Intent-to-Role Discovery

AI-Powered SAP Role & Transaction Search Ask Claude what you want to do in business language “Create Purchase Order”, “Change Sales Order”, “Display Vendor” and it queries SAP via MCP to return the matching transaction codes, role names, and descriptions in real time, so the right access is always selected.

IAG Access Catalog Resolution

Live Lookup of Assignable Access & Users Claude connects to IAG over a secure OAuth2 channel via MCP to pull the requester’s profile name, email, manager and resolve each chosen SAP role to its IAG access entity, including access type, application type, and target system, with no manual copy-paste between systems.

One-Click Access Request Creation

Automated IAG Request Submission Claude assembles the complete access request user details, access entries, validity dates, priority, and reason tags it with source “Claude MCP”, and submits it to IAG via MCP. Both the submitted request and the IAG response are returned, giving a complete audit trail for every request.

Benefits of Access Request Automation

Faster Time-to-Access

What used to take multiple screens, role catalogs, and email threads becomes a single conversation with Claude. Users get access requests raised in seconds from a natural-language intent, dramatically reducing time-to-productivity for new joiners and role changes.

Reduced Manual Effort & Errors

Claude eliminates manual lookups across SAP authorization tools and the IAG access catalog. No more mistyped role names, wrong target systems, or missing user fields every request is assembled from live SAP and IAG data via MCP.

Compliance & Auditability

Every Claude-initiated request is tagged with source “Claude MCP” and logged with the exact payload sent to IAG. Combined with IAG’s native risk analysis and approval workflows, this delivers a fully traceable, audit-ready access request process.

Key Use Cases

Business-Language Access Requests

I need access to create purchase orders raise the request for user DN_USR_1
Claude searches SAP for purchase-order-related transactions and roles, resolves the IAG access entity, fetches the user profile, and submits the access request all in one conversation.
IAG Access Request Automation

Role Change & Re-assignment

Add the sales team role Z_SD_SALES_USER to user DN_USR_1
Claude looks up the user in IAG, resolves the role to its IAG access catalog entry, and raises a change request to assign it no manual form filling required.
IAG Access Request Automation

Multi-Role Bulk Requests

User D10045 needs PO creation and vendor display access
Claude discovers the relevant SAP roles for each activity, resolves each one in IAG, and submits a single access request with multiple access entries consolidating what would otherwise be several separate requests.
IAG Access Request Automation

Self-Service Access Catalog Exploration

What SAP roles let me change sales orders?
Claude queries SAP via MCP and returns the matching role, transaction code, and description list, so users and managers can explore the catalog conversationally before committing to a request.
IAG Access Request Automation

Product Demo

Features

  • Intent-to-Role Discovery via Claude MCP
  • Live IAG User & Access Catalog Lookup
  • Automated IAG Access Request Submission

DataNub Access Request (SAP + IAG + Claude MCP) vs Manual Process

Aspect
User Experience
Role Discovery
IAG Integration
Request Submission
Auditability
Scalability
Benefits
DataNub Access with Claude MCP
Describe the need in plain English “I want to create purchase orders” and Claude raises the IAG request end-to-end via MCP.
Claude queries SAP in real time to map business activities to transactions and roles no catalog memorization needed.
Claude authenticates to IAG securely, fetches user and access catalog entries, and builds the request automatically.
One conversational step submits the access request, tagged with source “Claude MCP”, with the full audit payload returned.
Every request is logged with the AI-built payload and IAG response, tagged with source “Claude MCP” for traceability.
Claude handles multi-role, multi-user requests conversationally at enterprise scale via MCP.
Conversational access requests, instant role discovery, live IAG integration, audit-ready submissions, drastically reduced time-to-access.
Manual Access Request Process
User must know the exact SAP role name, navigate IAG screens, fill multi-step forms, and coordinate with approvers manually.
Requires access to SAP role-management tools or offline catalogs; high risk of choosing the wrong role or requesting too much access.
Manual data entry across IAG screens user details, access id, target system, application type, validity dates prone to typos and errors.
Multiple clicks across the IAG UI; limited visibility into the exact request submitted.
Audit trail depends on IAG logs only, harder to correlate requests with the original business intent.
Linear effort each request is a manual form; enterprise onboarding and role changes become a bottleneck.
Direct human control, familiar UI-based workflow, minimal tooling integration required.

Blogs

IAG User Lock Enhancement

IAG User Lock Enhancement

A practical enhancement for customers running SAP IAG without SuccessFactors — paired with AD-driven auto termination. In my previous post,

Explore More
Automating User Termination

Azure + SAP IAG: Automating User Termination Across SAP Landscapes

The Challenge Managing user terminations across a complex SAP landscape is one of the most critical — and most overlooked

Explore More
Claude AI + SAP GRC

Connecting Claude AI to SAP GRC

Introduction: Why Connect Claude AI to SAP GRC? The world of SAP Governance, Risk, and Compliance (GRC) is undergoing a

Explore More

Unified Add-Ons for Governance and Integration

Extend SAP GRC with powerful compliance solutions while streamlining enterprise workflows through seamless integration add‑ons—delivering trust, agility and connectivity in one suite.
Datanub | Add On Form
Scroll to Top