TL;DR: SAP IDM reaches end of mainstream maintenance in December 2027, and after that SAP will no longer issue security patches, bug fixes, or compliance updates, according to OpenIAM. The real issue is not whether to migrate, but whether identity governance teams use the next renewal cycle to choose a controlled path before unsupported infrastructure becomes an audit and operational liability.
NHIMG editorial — based on content published by OpenIAM: SAP IDM is being retired, what manufacturing companies need to do before their next renewal
By the numbers:
- After December 2027, SAP will no longer release security patches, bug fixes, or compliance updates for SAP IDM.
- An SAP IDM migration typically takes 16 to 24 weeks for a standard implementation.
- Extended maintenance ended in December 2025.
Questions worth separating out
Q: What happens when SAP IDM is retired before a replacement is ready?
A: The organisation loses supported identity lifecycle infrastructure, which means no new patches, no compliance updates, and no vendor-backed fixes for workflow or integration issues.
Q: When should manufacturing companies decide between SAP-native replacement and broader IGA?
A: The decision should happen at the next renewal cycle, not near the final maintenance cutoff.
Q: What breaks when SAP IDM is kept running after mainstream support ends?
A: The immediate break is supportability, followed by security and audit confidence.
Practitioner guidance
- Inventory SAP IDM dependencies now List every workflow, connector, approval chain, and HR integration that SAP IDM currently supports.
- Separate SAP-only controls from enterprise-wide controls Identify which access processes are truly SAP-bound and which also govern Microsoft, ServiceNow, Workday, or Salesforce.
- Map renewal timing to the 2027 deadline Align budget, procurement, and implementation milestones with the December 2027 mainstream maintenance cutoff.
What's in the full article
OpenIAM's full article covers the operational detail this post intentionally leaves for the source:
- A step-by-step comparison of the three SAP IDM migration paths, including when each path is most appropriate.
- A practical migration readiness checklist for organisations that need to brief SAP, procurement, and audit stakeholders.
- A longer breakdown of SAP IDM feature parity, including workflow, attestation, and SoD considerations.
- A manufacturer-focused discussion of timing, renewal planning, and implementation sequencing.
👉 Read OpenIAM's analysis of SAP IDM retirement and migration options →
SAP IDM retirement: what should manufacturing IAM teams do now?
Explore further
SAP IDM retirement exposes a lifecycle control dependency, not just a software upgrade problem. When a core identity system reaches end of support, the organisation’s joiner-mover-leaver process, attestation cadence, and audit defensibility all inherit product risk. That makes migration timing a governance decision, not a procurement afterthought. Manufacturing teams should treat the retirement as a control continuity test, because lifecycle governance only works while the platform behind it remains supported and changeable.
A few things that frame the scale:
- 88.5% of organisations acknowledge that their non-human IAM practices lag behind or are merely on par with their human identity and access management efforts, according to The 2024 Non-Human Identity Security Report.
- 23.7% of organisations share secrets through insecure methods such as email or messaging applications.
A question worth separating out:
Q: Who is accountable if an unsupported SAP IDM instance causes access-control failures?
A: Accountability sits with the organisation’s identity, SAP, and control owners, not with a vendor still providing mainstream support. Once mainstream maintenance ends, the business is knowingly operating unsupported infrastructure, so internal ownership for risk acceptance, migration planning, and audit response becomes the critical issue.
👉 Read our full editorial: SAP IDM retirement raises urgent renewal choices for manufacturers