This blog post will explain how to use the SAP Identity Provisioning Service (IPS) to automatically provision users from SAP Marketing Cloud (SMC) Standard, Professional and Enterprise Edition to SAP Identity Authentication Service (IAS). You can also automatically provision users from SMC to SAP Analytics Cloud (SAC) as explained in this blog post. Setup in SAP Marketing Cloud The following steps show....

This blog post will explain how to use the SAP Identity Provisioning Service (IPS) to automatically provision users from SAP Marketing Cloud (SMC) Standard, Professional and Enterprise Edition to SAP Analytics Cloud (SAC). As a prerequisite you have to setup user provisioning from SAP Marketing Cloud to SAP Identity Authentication Service as explained in this blog post. Setup in SAP Analytics Cloud....

This blog is part of a five-part series. I recommend starting here: Enterprise Security Services – Security for the Cloud Age We are now in the third category, Risk and Compliance, and I am leaving my home turf – technology. Nevertheless, this is an important topic. As a developer or administrator, you should be aware of the functionality available....

The purpose of this blog is to provide step by step instructions on setting up SSO between C4C and SAC. The high-level steps are as below. Step 1: Get your Custom SAML Identity Provider (IDP) provisioned   Step 2: Enable your Custom SAML IdP for your SAP Analytics Cloud (SAC) Tenant   In IDPTENANT App:....

As a new customer to the SAP S/4HANA Cloud, public edition solution, the very first system you are going to get, and use is called the Starter System.  This system has a set of master data and a set of 225+ SAP Best Practice scopes loaded to help you explore its capabilities and conduct the....

In this blog, I will try to make you feel comfortable in understanding how you can manage transformations with graphical and JSON text editor. Are you interested in knowing how to map between Source & Target attributes ? How to Manage Transformations Access the Identity Provisioning administration console. From the UI home page, choose a....

Let’s know more about SAP Identity Provisioning Service (IPS) – Properties.. What is Properties in terms of IPS? Properties can help you filter which entities and entity attributes are read from the source system or written to the target system. for example – Azure Active Directory or Azure Directory will be source system where all of....

What is Top-Down User Sync ? Top–down user sync is a process that allows user data from an external system to be synchronized with a user directory in an organization. This process can be used for directory synchronization, provisioning, and user access control. The top–down user sync process begins by gathering user data from an external source and then mapping the data to the user directory. The mapped data is then used to create user accounts, update existing user accounts, and delete user accounts as needed. This process can be automated using SAP Identity Provisioning Service(IPS) or manual processes (not recommended). The process is beneficial as it allows administrators to quickly and easily manage user access and user data across multiple platforms with complete automated way. Bring all your Users from External IAM System to SAP IAS The challenge of bringing users from an external IAM(Identity Authentication Management) system to SAP IAS(Identity Authentication Services) can be daunting. It requires an understanding of both systems and a complete workflow to ensure the process is seamless and secure. The first step is to determine the data needed to be transferred from the external system. This will depend on the use case and the specific requirements of SAP IAS. Once the data is identified, the next step is to create a Standard or SCIM connector for the external system. This connector will be used to transfer the data from the external system into SAP IAS. The connector will need to be tested thoroughly to ensure that the data is transferred accurately and securely before it is used in SAP IAS. Once the SCIM connector is tested and approved, it can be used to move the data from the external system into SAP IAS. When the data is in SAP IAS, it needs to be mapped to the appropriate fields within SAP IAS. This is done by creating custom mappings within the system. Once the mappings are complete, the data can be imported into SAP IAS and the users can be added to the system. Below is the typical flow of User Provisioning Sync   In this....

We are aware about the use of BizX login page for login of Onboardee in ONB2.0. From 2H2022, SAP has officially released the feature of having IAS(Identity Authentication System) available to be integrated with ONB2.0 for New hires. This brings the option of having better security for login of Onboardee and leverage features of IAS....

If your instance is already upgraded to version 2 of IAS, then proceed with ONB integration configuration as per this article. If not then refer to the article IAS for ONB2.0 New Hires – 1 to upgrade your IPS from version 1(ODATA) to version 2(SCIM). Create new sequence in Manage Data > Sequence > Create New. This....

Once the configurations explained in the previous articles is completed, you are expected to set up few transformations . I did not perform any transformations in source, but following are few transformations used in the target system. Below transformation under default userType mapping to set the user type in the IAS profile of user. Below....

Triggering group assignments based on a user attribute is among the recent enhancements of Identity Provisioning capabilities. What does this mean and how can you make use of it? It means that you can directly assign or unassign whatever users you want (based on their attribute values) to any group that exists on the target....

early this year I checked out and watched the most interesting TechEd sessions in the SAP IAM space. This is a summary of relevant aspects without claiming to be complete. This blog contains updates from SAP TechEd concerning the SAP Cloud Identity Services deals with user provisioning through SCIM APIs and the approach of using one aggregated....

We all know, that SAP’s strategy is cloud-first. Logically more and more services and solutions are offered there. At the same time, the reality for a lot of companies is that they have many of their systems and processes still in the on-premise world. As we have to face the reality, the hybrid option is....

with the latest major release 3.0 of SAP S/4HANA Cloud for advanced financial closing (AFC) on January 19th, 2023, the new feature System for Cross-domain Identity Management (SCIM V2) was introduced. Background of this feature In previous releases of SAP S/4HANA Cloud for advanced financial closing (AFC), it was only possible to introduce users and user groups into the system via CSV....

I’ve been tinkering around with SAP’s Cloud Identity Services lately, sometimes for my clients’ projects, the other times out of sheer curiosity. From barely knowing about Cloud Identity Service to integrating it with SAP Business Network to use Business Network as the Identity Provider (IdP) it has been quite a pleasant experience. In this blog....

The SAP Task Center service enables integration with various SAP applications to provide a single entry point for end users to access all their assigned approval tasks. The tasks can be accessed by end users through the SAP Task Center Web application This blog details integration of Task Center in BTP with S/4HANA on-premise. Prerequisites:....

When it comes to the SAP Cloud Identity Services, some of the most common questions raised in implementation projects revolve around: “What would be the best option for us out of all available ones?”. This blog will explain what those options are and how to choose among them. So let’s start from the beginning! What....

Working with Identity Provisioning transformations requires some knowledge of JSON data format and JSONPath syntax. A good understanding of the system-specific user and group attributes is also a must. But even if you feel confident in your expertise, managing transformations can be tough at times. “How do I map user or group attributes from source....

In this blog we cover some basics, explain the functionality, and use cases of the most relevant standards like SAML 2.0, OAuth 2.0, and OpenID Connect. In addition, we provide you with a configuration guideline that provides a deeper insight and supports your identity federation setup between your SAP IAS and Azure tenants. UPDATE: E-Book for this blog....

This is the final part of the 3 blog posts about the reference architecture for Identity and Access Management scenarios: SAP Reference architecture for IAM – Employee provisioning  with Azure AD SAP Reference architecture for IAM – Employee provisioning  with SAP IAS SAP Reference architecture for IAM – HR Driven identity lifecycle management – Recruit-to-Retire (this....

I’m still new to cloud development with SAP and got confused the other day about the different roles that exist in the BTP, IAS and Launchpad service. I want to write this blog to help people who are also just new in this environment. Simply put: BTP = Roles / Role Collections IAS = Groups Launchpad Service =....

Introduction There is no doubt that security is the MOST critical topic for any organizations.  Nowadays organizations cannot afford to have any security issues in their solutions. Specially in cloud world, it is extremely important to bridge the gap between development and security.   In my previous blog series Fundamentals of Security in SAP BTP, we....

Migrating your Identity Provisioning tenant from SAP BTP, Neo environment to SAP Cloud Identity Services infrastructure brings key benefits. Would you click the Migrate button when you read this? Or processes like update, upgrade, migrate – you name it, make you feel apprehensive about change no matter what the benefits are? It’s a known fact....

The SAP Cloud Identity Services offer a lot of out of the box intergrations that lets you sync user data between different applications. Using the (SCIM) 2.0 REST API for managing resources (users, groups and custom schemas) it is possible to create users and groups in the identity directory programmatically. Overview | Identity Directory Service....

As a Identity Authentication – tenant administrator, you can now configure target systems for real-time provisioning and provision users to these target systems. Prerequisites Identity Authentication Admin Access Target System SCIM API URL (SCIM 2.0) Provision All the Users to Target Systems Tenant administrators can provision users of Identity Authentication to Identity Provisioning target systems . At a High Level Flow Remember....

This article is mainly for partners and customers who wants to automate internal & external users sync (on-boarding) to SAP IAS by using the below SCIM APIs from your external system or applications. I have listed out all the examples for you to understand.. This below flow makes you understand to automate Users Sync from....

Just as driving simulator helps with driving, provisioning job simulator helps with provisioning. By using driving simulators, you gain confidence on the road, experience the consequences of your actions (without risk of real damage) and ultimately learn how to avoid accidents. With the latest new feature of Identity Provisioning – the Simulate job, it’s pretty....

While using Identity Provisioning Service(IPS) to run user data sync between SuccessFactors and Identity Authentication Service(IAS) I was faced with the challenge to identify duplicate email addresses within SuccessFactors. To check for duplicate Emails please do the following: Navigate to Admin Center Open Check Tool Under Application select User Management Here you will see User Information inside....

Note: This post is part of a series. For a complete overview visit the Principal Propagation in SAP Integration Suite. This blog post explains how to propagate the identity of a principal from an app on BTP Cloud Foundry environment to SAP S/4HANA Cloud using SAP Integration Suite. This is done using OAuth 2.0 SAML Bearer....

Note: This post is part of a series. For a complete overview visit the Principal Propagation in SAP Integration Suite. This blog post covers the use case of an external system communicating with SAP S/4HANA Cloud using Principal Propagation via Integration Suite, so forwarding the identity of a user across several systems including mediation. This is....

Note: This post is part of a series. For a complete overview visit the Principal Propagation in SAP Integration Suite. This blog post covers the use case for communicating an external system or client (for example Postman) with SuccessFactors using Principal Propagation in SAP Integration Suite, that is forwarding the identity of a user across several....

This blog post is part of the series covering Principal Propagation in SAP Integration Suite. As explained in SAP Cloud Integration help page, you can set up Principal Propagation with SAP BTP to forward the identity of a user across several systems and avoid the use of technical users in each of the systems involved. In....

Dear All, In this article, I will share a way how to subscribe your Identity Provisioning Service(IPS) User Sync Job Notifications which will determine job status through mail notifications. This can be used to set up daily jobs and have notifications sent when the scheduled run with failure or success. In this way, Adminstrator can....

Single sign-on (SSO) is a session/user authentication process that permits users to enter a single name and password to access multiple applications. While SSO uses a single login (username/password) to access all applications within the same organization, federated SSO (FSSO) goes a step further and extends SSO across enterprises. In other words, FSSO allows access to multiple systems....