Sasol ensures Zero Trust for SAP financials with bioLock

Issue 8 2022 Editor's Choice, Information Security, Security Services & Risk Management

Sasol is a global chemicals and energy company launched in South Africa over 70 years ago, and is currently listed on the Johannesburg Stock Exchange in South Africa and the New York Stock Exchange in the United States. It employs over 30 000 people and operates in 27 countries.


To assist in running and managing this enormous enterprise with many business units, Sasol makes use of eight SAP systems. The company updated its SAP payment processes making use of bioLock from realtime. A software solution, bioLock secures access to SAP via biometric authentication. However, the system does more than simply control access, it can be configured to protect fields and functions in the SAP system, only allowing certain people to access certain functions.

The latest bioLock MFA4SAP fraud prevention, compliance and accountability solution protects any function inside SAP with multiple authentication factors (MFA), including biometrics. Thomas Neudenberger, COO for realtime North America, says, “With zero trust, no actor can be trusted until they’re verified; bioLock allows you to set unlimited re-authentication checkpoints and use MFA technology, including biometrics, to ensure only specifically invited users get access to sensitive functions or data inside SAP.”

Sasol’s Enterprise Risk Management Framework

The Sasol Enterprise Risk Management (ERM) Framework sets the foundation for the businesses to effectively manage their risks in a standardised and systematic manner to prevent fraud. The goal of Sasol’s adoption of bioLock was to mitigate the risks associated with bank payment approvals and to enforce mandatory dual-approval rules built into the payment process. This necessitated the implementation of biometric authentication for the SAP Digital Signature approval process which, among other benefits, prevents people from circumventing GRC (governance, risk and compliance) roles by using a co-worker’s password, as well as preventing corruption and collusion.

“SAP GRC Software does a great job of defining bank payment amounts that authorised approvers must confirm, and now the GRC’s capabilities stop when the approver uses somebody else's password to approve the payment via SAP Digital Signature,” explains Lungile Mginqi, group CIO at Sasol and a board member of the Africa SAP User Group. “Adding bioLock as the second biometric factor gives Sasol the peace of mind to guarantee that only the intended SAP user, beyond any reasonable doubt, can confirm payment.”

The bioLock MFA process kicks in when an authorised user, having logged into the system initially with their username and password, wants to release a payment. The user is then required to confirm the SAP password sign-off with their fingerprint (the second biometric factor), to make sure the person is who they claim to be. Using biometrics makes the authorisation process very fast and convenient, and more secure, as opposed to the traditional way of having to re-enter their username and password. To change the rules of responsibility in the GRC process, two people are required to authenticate the change via this process – the ‘four-eyes’ principle.

The system monitors all activity and can alert management instantly if any anomalies in the process are discovered. In addition, all activities are logged to hold the appropriate people responsible.

The bioLock software was implemented by authorised realtime partner Linx/AS Africa. For more information contact Werner Simpson, Linx/AS Africa, +27 11 782 9007, [email protected], www.checkidinsap.co.za


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

From the editor's desk: We’ve only just begun
Technews Publishing News & Events
The surveillance market has expanded far beyond the analogue days of just recording and/or monitoring screens. The capabilities of surveillance technology today extend to black screen monitoring with ...

Read more...
The future of the surveillance channel
Duxbury Networking Technews Publishing Elvey Security Technologies SMART Security Solutions Surveillance
The video surveillance market has evolved from camera-based specifications to integrated solutions that solve customers’ problems. Moreover, the growth of AI and cloud has changed the channel even more, with more to come.

Read more...
CCTV control room operator job description
Leaderware Editor's Choice Surveillance Training & Education
Control room operators are still critical components of security operations and will remain so for the foreseeable future, despite the advances of AI, which serves as a vital enhancement to the human operator.

Read more...
AI means proactive surveillance
DeepAlert Technews Publishing SMART Security Solutions AI & Data Analytics Surveillance
SMART Security Solutionsasked DeepAlert for some insight into how AI is transforming video surveillance, even to the extent of it being taught to protect the privacy of those in the cameras’ view.

Read more...
The state of the VMS market
Arteco Global Africa Milestone Systems Cathexis Technologies Technews Publishing Surveillance
SMART Security Solutions asked three platform vendors in South Africa, one that is developed and maintained in the country with an international market, for their views on the state of the VMS market and where it is headed.

Read more...
SAFPS issues SAPS impersonation scam warning
News & Events Security Services & Risk Management
The Southern African Fraud Prevention Service (SAFPS) is warning the public against a scam in which scammers pose as members of the South African Police Service (SAPS) and trick and intimidate individuals into handing over personal and financial information.

Read more...
Phishing attacks through SVG image files
Kaspersky News & Events Information Security
Kaspersky has detected a new trend: attackers are distributing phishing emails to individual and corporate users with attachments in SVG (Scalable Vector Graphics) files, a format commonly used for storing images.

Read more...
Amendments to the Private Security Industry Regulations
Technews Publishing Agriculture (Industry) News & Events Associations
SANSEA, SASA, National Security Forum, CEO, TAPSOSA, and LASA oppose recently published Amendments to the Private Security Industry Regulations regarding firearms.

Read more...
Local is a lekker challenge
Secutel Technologies Technews Publishing AI & Data Analytics
There are a number of companies focused on producing solutions locally, primarily in the software arena, but we still have hardware producers churning out products, many doing business locally and internationally.

Read more...
A passport to offline backups
SMART Security Solutions Technews Publishing Editor's Choice Infrastructure Smart Home Automation
SMART Security Solutions tested a 6 TB WD My Passport and found it is much more than simply another portable hard drive when considering the free security software the company includes with the device.

Read more...