AI agents, copilots, and automation tools are increasingly embedded in ERP and financial systems (Oracle, SAP), creating governance gaps around unmanaged machine identities, long-lived API keys, and shadow AI workflows. The post outlines a framework for treating AI identities with the same rigor as human users: applying Joiner-Mover-Leaver (JML) lifecycle management, enforcing least-privilege and SoD policies, and maintaining a central identity control plane. A 10-point checklist covers inventory, ownership assignment, policy-driven approvals, continuous monitoring, and audit-ready evidence for CISOs, CFOs, and audit committees.
Table of contents
How AI actually touches ERP and financial dataWhat “good” looks like: design principlesJML for AI: Joiner, Mover, LeaverThe AI identity control planeA practical 10‑point checklistHow to Govern AI Access to ERP and Financial SystemsHow AI actually touches ERP and financial dataWhat “good” looks like: design principlesJML for AI: Joiner, Mover, LeaverThe AI identity control planeA practical 10‑point checklistSort: