Sasol ensures Zero Trust for SAP financials with bioLock

Issue 8 2022 Editor's Choice, Information Security, Security Services & Risk Management

Sasol is a global chemicals and energy company launched in South Africa over 70 years ago, and is currently listed on the Johannesburg Stock Exchange in South Africa and the New York Stock Exchange in the United States. It employs over 30 000 people and operates in 27 countries.


To assist in running and managing this enormous enterprise with many business units, Sasol makes use of eight SAP systems. The company updated its SAP payment processes making use of bioLock from realtime. A software solution, bioLock secures access to SAP via biometric authentication. However, the system does more than simply control access, it can be configured to protect fields and functions in the SAP system, only allowing certain people to access certain functions.

The latest bioLock MFA4SAP fraud prevention, compliance and accountability solution protects any function inside SAP with multiple authentication factors (MFA), including biometrics. Thomas Neudenberger, COO for realtime North America, says, “With zero trust, no actor can be trusted until they’re verified; bioLock allows you to set unlimited re-authentication checkpoints and use MFA technology, including biometrics, to ensure only specifically invited users get access to sensitive functions or data inside SAP.”

Sasol’s Enterprise Risk Management Framework

The Sasol Enterprise Risk Management (ERM) Framework sets the foundation for the businesses to effectively manage their risks in a standardised and systematic manner to prevent fraud. The goal of Sasol’s adoption of bioLock was to mitigate the risks associated with bank payment approvals and to enforce mandatory dual-approval rules built into the payment process. This necessitated the implementation of biometric authentication for the SAP Digital Signature approval process which, among other benefits, prevents people from circumventing GRC (governance, risk and compliance) roles by using a co-worker’s password, as well as preventing corruption and collusion.

“SAP GRC Software does a great job of defining bank payment amounts that authorised approvers must confirm, and now the GRC’s capabilities stop when the approver uses somebody else's password to approve the payment via SAP Digital Signature,” explains Lungile Mginqi, group CIO at Sasol and a board member of the Africa SAP User Group. “Adding bioLock as the second biometric factor gives Sasol the peace of mind to guarantee that only the intended SAP user, beyond any reasonable doubt, can confirm payment.”

The bioLock MFA process kicks in when an authorised user, having logged into the system initially with their username and password, wants to release a payment. The user is then required to confirm the SAP password sign-off with their fingerprint (the second biometric factor), to make sure the person is who they claim to be. Using biometrics makes the authorisation process very fast and convenient, and more secure, as opposed to the traditional way of having to re-enter their username and password. To change the rules of responsibility in the GRC process, two people are required to authenticate the change via this process – the ‘four-eyes’ principle.

The system monitors all activity and can alert management instantly if any anomalies in the process are discovered. In addition, all activities are logged to hold the appropriate people responsible.

The bioLock software was implemented by authorised realtime partner Linx/AS Africa. For more information contact Werner Simpson, Linx/AS Africa, +27 11 782 9007, werner@checkidinsap.co.za, www.checkidinsap.co.za


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Echoes of 2018? Follow-up on Woolworths explosions
Technews Publishing News & Events Security Services & Risk Management Retail (Industry) Facilities & Building Management
SMART Security Solutions follows up with Jimmy Roodt to find out more about an old connection to the Woolworths bombings from 2018. The investigation remains ongoing.

Read more...
Next-generation cash-in-transit vehicle
News & Events Security Services & Risk Management
Fidelity Services Group has unveiled a new, purpose-engineered Cash-in-Transit (CIT) vehicle designed to redefine crew protection, deter threats, and enhance operational resilience in an increasingly complex criminal environment.

Read more...
Sophos establishes South African legal entity to strengthen local operations
News & Events Information Security
Global cybersecurity company, Sophos, has announced the formation of its local legal entity, which will support local invoicing, partner enablement, compliance requirements and expanded regional investment.

Read more...
AURA partners with Discovery to launch Discovery 911
News & Events Security Services & Risk Management
AURA has announced a partnership with Discovery Insure to power the security-response component of its new Discovery 911 virtual panic-button offering, which is available through the Discovery Insure app.

Read more...
71% of organisations suffered an identity breach
News & Events Information Security
The State of Identity Security 2026 report from Sophos finds human error and poor non-human identity management are the root causes of most attacks, as agentic AI accelerates the risk.

Read more...
From the Editor's desk: Security goes mainstream
Technews Publishing News & Events
      Welcome to SMART Security’s SMART Mining & Industrial Security Handbook 2026. While the world is focused on cybersecurity and AI, physical security has become a board-level concern across South Africa’s ...

Read more...
Global security in 2026
Editor's Choice News & Events Security Services & Risk Management Industrial (Industry) Mining (Industry)
The World Security Report 2026 states: “In a world of increasing volatility, physical security has evolved. It is no longer just a defensive measure; it is a critical driver of corporate value.”

Read more...
Who is to blame for autonomous mistakes?
Editor's Choice Security Services & Risk Management Industrial (Industry) Mining (Industry)
Most supply agreements for AI-integrated equipment still closely resemble plant hire contracts from ten years ago: bilateral, human-focused, and silent on who bears the risk when a machine makes a decision on its own.

Read more...
Industry perspective on industrial cybersecurity
Technews Publishing News & Events Infrastructure Industrial (Industry)
The Industrial Security Harmonization Group has released a joint industry perspective highlighting a critical truth in industrial cybersecurity: secure communication is not determined by protocols alone, but by how they are deployed and managed in real-world environments.

Read more...
Cyber resilience is the real defence
Security Services & Risk Management Information Security Infrastructure
Cyber resilience has evolved into a form of strategic agility, ensuring that when an interruption occurs, the business does not just survive; it snaps back into place before the market even notices a pause.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.