GRC Builder ARM (Access Risk Management)

Cloud-based identity governance with out-of-the-box Microsoft Entra ID integration, SoD risk control, and compliance

The GRC Builder ARM solution, developed by Porttus, is a powerful cloud-based platform for managing access and risk in both SAP and non-SAP environments. It supports both single-tenant and multi-tenant architectures, and can also be deployed on-premises for organizations that require full control over the solution.

Designed by GRC and Security experts with deep knowledge of SAP’s authorization architecture, GRC Builder stands out as a highly effective alternative to SAP GRC Access Control and SAP Identity Access Governance (IAG) — offering superior cost-effectiveness and a modern, user-friendly interface that enhances the overall user experience.

WITH A COMPREHENSIVE SET OF FEATURES, GRC BUILDER DELIVERS:
• Real-time Segregation of Duties (SoD) risk analysis.
• Risk simulation before access is granted.
• Emergency access management with full workflows and audit trails.
• Access impact analysis to evaluate permissions, associated risks, and potential SAP FUE license consumption prior to approval.
• Automated access review and recertification processes.
• Customizable SoD rule management, adaptable to various organizational structures.
• Out-of-the-box Risk Matrices for multiple ERP systems: SAP ECC, SAP S/4HANA, SAP SuccessFactors, TOTVS, Oracle, and more.
• Pre-built compensating control templates, enhanced by an AI assistant capable of evaluating SoD/SAT risks and recommending optimized compensating controls.
• Executive dashboards for continuous risk, access monitoring, and SAP license consumption visibility (FUE).
• Configurable workflows for access request approvals and tracking (Access Governance), including preventive controls that assess SoD risks and FUE license impact before granting access.
• Integrated SAP FUE license management, enabling proactive monitoring, usage control, and real-time impact analysis of additional access requests on licensing consumption.
• A Deciding factor feature, offering a gamified visual tool to illustrate risk violations vs. broken rules.

GRC Builder helps organizations comply with the Sarbanes-Oxley Act (SOX) and implement COSO framework best practices, especially in internal controls related to access governance and continuous monitoring of SoD risks — ensuring end-to-end governance and audit readiness.

Whether deployed in the cloud or on-premises, GRC Builder provides unmatched flexibility, control, and user experience. It empowers business and audit teams with autonomy and real-time visibility over access, risks, and licensing impacts across SAP and non-SAP systems, making it the ideal solution for companies seeking compliance, efficiency, and governance with reduced complexity and cost.

GRC Builder features native, out-of-the-box integration with Microsoft Entra ID, enabling the implementation of a full Identity Governance and Administration (IGA) process, where the identity lifecycle runs in parallel with Segregation of Duties (SoD) risk monitoring. Access requests initiated via Entra ID can be enriched with real-time SoD analysis and SAP FUE license impact evaluation, ensuring that approvals are risk-aware and license-compliant by design. Additionally, Porttus has developed a customized interface for Microsoft Entra approvers, ensuring a consistent look and feel when approving both identity requests and SoD risk validations.