GRCNXT
Ensure adherence with Automated User Access & SoD Reviews
Enable faster, more reliable compliance with automated authorization and SoD governance
Manual User Access and SoD reviews are slow, error-prone, and audit-heavy. ReviewNow eliminates review fatigue by automating up to 99% of User Access and Segregation of Duties (SoD) reviews in SAP, giving approvers clear risk insights and defensible decisions—every cycle.
Achieve
99% Automation
with ReviewNow
Manual reviews consume time, overwhelm reviewers, and increase audit risk. ReviewNow automates up to 99% of access review activities, enabling faster decisions, reduced effort, and continuous audit readiness.
User Access Review
Gain clear visibility into SAP user access and usage. ReviewNow supports risk-based decisions, reduces excessive privileges, and ensures compliance with internal controls.
SoD Review
Identify Segregation of Duties conflicts early. ReviewNow delivers contextual risk insights to strengthen governance and reduce audit findings, regulatory risk, and business disruption.
Sensitive Access Review
Protect critical SAP privileges with focused, risk-driven reviews. ReviewNow prioritizes sensitive access, analyzes real usage, and minimizes misuse and compliance risk.
Audit
Ready
Stay audit-ready at all times. ReviewNow maintains complete audit trails, review evidence, and decision history, reducing audit preparation effort by over 50%.
See ReviewNow in Your SAP Environment
Why ReviewNow?
99% Activities Automated
ReviewNow automates 99% of manual review activities, reducing effort across data extraction, submission, documentation, and retention while ensuring secure, end-to-end traceability.
Paperless
Reviews
ReviewNow enables fully paperless user reviews, managing the complete lifecycle from request to closure with instant access to review data, reports, and audit outputs.
Audit
Ready
ReviewNow ensures continuous audit readiness by unifying initiation, review, and reporting, with automated audit logs that reduce errors and deliver compliant documentation.
User-Friendly Workflows
ReviewNow provides intuitive workflows with multi-level approvals, flexible user or group mapping, and automated routing for accurate, adaptable review processes.
Enhancing Traditional UAR Frameworks:
ReviewNow and SAP GRC Access Control
The following comparison highlights structural differences in approach and capability between ReviewNow and SAP GRC Access Control – UAR modules.
| Executive Lens | ReviewNow | SAP GRC Access Control – UAR |
|---|---|---|
| Approval Governance Model | Fully configurable multi-level approvals (by business unit, risk tier, geography, function) | Primarily Manager and Role Owner-based workflow |
| HR / LDAP Dependency | Can operate without mandatory LDAP dependency for approval routing | Manager-based routing typically dependent on HR/LDAP integration |
| Execution Intelligence | Displays transaction usage data (execution count, last used date, frequency trends) | Primarily focused on assigned access certification workflows |
| Risk Context in Review | Shows transaction criticality, financial impact indicators, and licensing category (aligned to SAP licensing evaluation methodologies including STAR-based assessment models) | Certification driven by access assignment and predefined ruleset |
| Critical Authorization Review | Dedicated review capability for sensitive authorization objects and values | Typically embedded within role/user certification process |
| SoD Review Integration | Can synchronize SoD risk data from SAP GRC or third-party tools and conduct focused SoD certifications | SoD handled within GRC framework using static global ruleset and as an additional review methodology |
| Automation of Review Cycles | One-time configuration with automated recurring campaigns | Periodic campaign configuration and administration typically required |
| Escalation & Auto-Enforcement | Configurable reminders, escalations, and automated enforcement (role removal, user lock) | Follow-ups and enforcement managed through administrative oversight |
| Audit Readiness | Real-time, on-demand (JIT) audit reports with full decision traceability | Certification logs available; reports often require extraction/configuration |
| Fiori Compatibility | Supports SAP Fiori app-level review visibility | Supports Fiori environment (dependent on system configuration) |
| Operational Overhead | Designed to reduce review fatigue and administrative follow-ups | Workflow-centric; administrative monitoring required |
| Noise Reduction | Highlights dormant access and high-risk exposure first | Review scope generally aligned to assigned users and roles |
| ROI Orientation | Focused on risk reduction, license optimization visibility, and governance efficiency | Designed to support structured compliance certification |
Disclaimer:
SAP and SAP GRC Access Control are registered trademarks of SAP SE. ReviewNow is an independent solution and is not affiliated with, endorsed by, or sponsored by SAP SE. The comparison above is based on publicly available product capabilities as of the date of publication. While both solutions support access certification, their architectural design, automation depth, and risk intelligence capabilities differ materially.
Additional Strategic Differentiators (Executive Angle)
Automation-Driven Cost Reduction
Reduces manual coordination effort in UAR cycles by automating scheduling, reminders, and enforcement actions.
License Optimization Insight
By showing usage frequency and licensing category alignment, executives gain visibility into potential license rationalization opportunities.
Reduced Audit Fatigue
Just-in-time evidence generation eliminates last-minute audit data compilation.
Faster Decision Making
Context-rich review screens reduce approval time and increase decision accuracy.
Co-existence Strategy
Can operate alongside SAP GRC, enhancing rather than replacing existing governance investments.
SAP Access Review Automation – FAQs
Questions you might have about our solution
Still have questions?
Can’t find the answer you’re looking for? Please contact our SMEs.
Is ReviewNow an ABAP based application?
Yes. ReviewNow is an ABAP based application which can be installed centrally and manage additional systems/clients.
Does ReviewNow support S/4 HANA system?
Yes. ReviewNow can be implemented on ECC or S/4 HANA system (both on-premise and S/4 HANA cloud), and Rise with SAP (Private) cloud systems.
What kind of reviews can be performed using ReviewNow solution?
Currently ReviewNow supports Full user review (review for all the users in a system), Review by user group/custom group, and Sensitive Access Review. However, ReviewNow for GRC will bring additional reviews such as Mitigation Control Review, Access Owner Review and so on.
What kind of data is available for the reviewer for making a decision?
Every assigned request will contain comprehensive information enabling the reviewer to make well-informed decisions. This information encompasses roles, assigned transaction codes, actual usage of transaction codes, and the frequency of their utilization by the user. Furthermore, an array of reports is accessible to reviewers, enhancing their decision-making capabilities during the review process.
Can Reviews be automated?
Certainly! Periodic reviews can be easily scheduled utilizing a range of scheduling options available. ReviewNow accommodates both one-time and periodic reviews, offering flexibility in managing and executing review processes as needed.
How the User-Reviewer mapping can be maintained?
The ReviewNow solution offers an interface specifically designed for managing User-to-Reviewer mapping. Presently, the solution accommodates up to three levels of reviewers. Moreover, it allows the assignment of a reviewer group at particular stages. This system provides straightforward and user-friendly mapping options for ease of use.
Can we assign a reviewer to user group?
Indeed, the Reviewer mapping functionality allows for the assignment to either an individual user, an SAP user group, or a custom group, providing flexibility in configuring review assignments based on specific criteria.
Can we directly remove a tcode from the user during the review process in ReviewNow?
It is not feasible to remove an individual transaction code during the review process for the following reasons:
1. Role assigned to multiple users: If the same role is assigned to multiple users, removing a specific transaction code from the role for one user will result in the removal of that transaction code for all other users assigned to that role, potentially impacting users who require access to that transaction.
2. Change Management Process: Per the change management process, the removal of a transaction code should follow a specific process, involving removal in the development system, testing in quality assurance, and subsequently implementing the change in the production environment. As reviews are conducted directly in the production system, removing transaction codes directly during reviews conflicts with this established change management process and is therefore not recommended.
Can new roles be assigned during the review process?
No! ReviewNow solely facilitates the review of current role assignments and provides options to either retain or remove roles.
SAP User Access Review - FAQs
Questions you might have about our solution
Still have questions?
Can’t find the answer you’re looking for? Please contact our SMEs.
ReviewNow is an SAP access governance solution by ToggleNow that automates User Access Reviews, Segregation of Duties (SoD) reviews, and Sensitive Access reviews. It replaces manual review activities with intelligent workflows, usage-based insights, and automated approvals.
Yes. ReviewNow is an ABAP-based application designed specifically for SAP environments. It integrates natively with SAP ECC and S/4HANA systems, ensuring secure access to authorization data without relying on external connectors.
Yes. ReviewNow supports SAP S/4HANA on Cloud (Rise with SAP). It is designed to work across hybrid SAP landscapes, enabling centralized access reviews and consistent governance.
Yes. ReviewNow can be installed centrally and configured to manage multiple SAP systems and clients, allowing enterprises to run unified review campaigns.
ReviewNow simplifies User Access Reviews by automating reviewer assignments, consolidating access data, and presenting clear insights into roles, authorizations, and actual usage.
Yes. ReviewNow supports fully automated periodic User Access Reviews, including quarterly, half-yearly, or annual campaigns.
ReviewNow provides reviewers with user details, assigned roles, authorization objects, risk indicators, and actual SAP usage data.
Yes. ReviewNow provides transaction code–level and Fiori app–level usage insights. Reviewers can see whether access is actively used, rarely used, or unused.
ReviewNow supports SoD reviews by identifying conflicting role combinations and presenting them with contextual risk insights.
No. ReviewNow is not a SoD Analysis solution, rather it’s a SoD Review automation. It requires risk data to be uploaded either from SAP GRC or other third-party SoD solutions.
Sensitive and critical SAP authorizations must be maintained in the application based on business/IT inputs. It then highlights high-risk access and analyzes usage behaviour.
Yes. ReviewNow uses risk indicators and usage intelligence to prioritize high-risk users, roles, and authorizations.
Yes. ReviewNow analyzes real SAP usage at the transaction and Fiori app level to validate whether sensitive access is genuinely required.
ReviewNow can automate up to 99% of SAP access review activities, including reviewer assignment, access analysis, reminders, escalations, and audit documentation.
Yes. ReviewNow supports flexible reviewer assignment based on manager hierarchy, role ownership, department, cost center, or business unit.
Yes. ReviewNow supports both manager-based and role-owner-based review models, as well as custom assignments.
ReviewNow supports ISMS compliance by enforcing structured access reviews, maintaining complete audit trails, and ensuring traceability of approvals.
Yes. ReviewNow supports SOX compliance by automating access and SoD reviews, enforcing segregation controls, and maintaining documented evidence.
Yes. ReviewNow automatically captures review decisions, justifications, timestamps, reviewer details, and access changes.
ReviewNow maintains continuous audit readiness by keeping review evidence, access decisions, and compliance documentation up to date.
Yes. Based on configuration, ReviewNow allows controlled removal of SAP roles or authorizations directly from review decisions.
ReviewNow records every access decision and change with full context, including reviewer identity, justification, timestamps, and affected access.
Absolutely! ReviewNow can be integrated to SAP GRC ARM or ServiceNow and can raise requests directly in these applications after a successful review.
S/4HANA Trusted Authorization Review (STAR) is SAP’s recommended approach for validating user authorizations in S/4HANA by correlating assigned access with actual system usage. ReviewNow applies STAR principles by analyzing user authorizations together with real transaction code data.
No. STAR (S/4HANA Trusted Authorization Review) is not a proprietary framework. It is an SAP-recommended approach documented in SAP Note 3113382. ReviewNow aligns with this note by applying STAR principles to automate analysis.
Implementation timelines vary based on system landscape and scope, but most enterprise engagements complete the initial setup and first certification cycle in 4 to 8 weeks. This typically includes:
Because ReviewNow focuses specifically on access review automation and risk visibility, organizations typically experience a shorter time to operational value compared to broader governance platform rollouts.
- Package deployment
- Installation and configuration such as establishing connections (SAP ECC / S/4HANA)
- Data synchronization (users, roles, transaction usage logs)
- Configuration of review campaigns, approval flows, custom groups, templates etc.,
- Validation and pilot cycle with key stakeholders
Because ReviewNow focuses specifically on access review automation and risk visibility, organizations typically experience a shorter time to operational value compared to broader governance platform rollouts.
Yes. ReviewNow supports integration with both SAP S/4HANA Private Cloud and on-premise SAP landscapes, i.e., SAP S/4HANA, and SAP ECC.ReviewNow synchronizes user, access, and execution data from SAP Private Cloud systems and can leverage the same governance data sources that are available in those environments.
SAP GRC Access Control delivers structured user access certification workflows as part of a broader governance suite. However, ReviewNow extends traditional access certification by introducing additional automation, execution-level visibility, and configurable governance controls.
Key Differences
SAP GRC supports structured compliance certification. ReviewNow enhances review intelligence, automation efficiency, and operational risk visibility.
Key Differences
- Execution Awareness: ReviewNow incorporates transaction usage data (frequency, last execution, volume trends) to provide context during review decisions.
- Approval Flexibility: Supports multi-level, customizable approval hierarchies aligned to business structure and risk tiers.
- Automation Depth: Enables recurring review cycles, automated reminders, and configurable enforcement actions, reducing manual follow-up effort.
- Risk Contextualization: Displays transaction criticality and licensing classification indicators to support informed certification decisions.
- SoD Review Integration: Can utilize Segregation of Duties risk data from SAP GRC or third-party tools to conduct focused risk-based reviews.
- Audit Readiness: Provides real-time, pre-configured reporting aligned to common audit requirements.
SAP GRC supports structured compliance certification. ReviewNow enhances review intelligence, automation efficiency, and operational risk visibility.