USER ACCESS & PERMISSIONS
SAP Business Technology Platform Security
This is a community for learning, sharing, and getting help with the security services and features in SAP Business Technology Platform (SAP BTP) and their functional capabilities. Share your stories, connect with experts, and stay up to date on the latest developments.
SAP Cloud Identity Services
SAP Cloud Identity Services are our central solution for managing authentication, single sign-on, and the identity lifecycle. They improve system integration, provide a seamless user experience, and enhance security and compliance.
SAP Cloud Identity Services consist of the following services:
- Identity Authentication
- Identity Provisioning
- Identity Directory
- Authorization Management
SAP Cloud Identity Services topic page
SAP Authorization and Trust Management Service
The SAP Authorization and Trust Management service lets you manage user authorizations and trust to identity providers. Identity providers are the user base for applications. We recommend that you use an Identity Authentication tenant, an SAP on-premise system, or a custom corporate identity provider. User authorizations are managed using technical roles on application level, which can be aggregated into business-level role collections for large-scale cloud scenarios.
Developing Secure Applications on the SAP BTP Cloud Foundry Runtime (Tutorial)
Implement Instance-Based Access Control
Creating Role Collections in SAP BTP
Secure a Node.js Application and Make it Available to Other Subaccounts
SECURE CONNECTIVITY
SAP Connectivity Service
The SAP Connectivity service lets you establish connectivity between your cloud applications and on-premise systems running in isolated networks.
SAP Destination Service
The SAP Destination service lets you retrieve the backend destination details you need to configure applications in the Cloud Foundry environment.
Cloud Connector
The Cloud Connector provides a secure tunnel between SAP BTP applications and on-premise systems to access relevant data:
- Serves as a link between SAP BTP applications and on-premise systems.
- Combines an easy setup with a clear configuration of the systems that are exposed to the SAP BTP.
- Lets you use existing on-premise assets without exposing the entire internal landscape.
SAP Private Link Service
SAP Private Link service establishes a private connection between selected SAP BTP services and selected services in your own IaaS provider accounts. By reusing the private link functionality of our partner IaaS providers, it lets you access your services through private network connections to avoid data transfer via the public Internet.
COMMUNICATION & ENCRYPTION
SAP Credential Store
SAP Credential Store service provides a repository for passwords, keys and keyrings for applications that are running on SAP BTP. It enables the applications to retrieve credentials and use them for authentication to external services, or to perform cryptographic operations and TLS communication. SAP Credential Store is exposed to the applications via a REST API.
SAP Custom Domain Service
SAP BTP allows subaccount owners to make their SAP BTP applications reachable and secure via a custom domain that is different from the default domain – for example, subdomain.mydomain.com. The SAP Custom Domain service lets you configure your own custom domain to publicly expose your application, instead of using the default subdomain.
Decentralized Identity Verification
Decentralized Identity Verification is a service on SAP BTP based on self-sovereign identity (SSI) to manage digital identities. By using Decentralized Identity Verification, companies and individuals have the sole ownership over their identities and personal data and can share them securely with others. The service enables applications to use SSI for inter-company communications and sign, verify, and manage verifiable credentials.
AUDITING & MONITORING
SAP Audit Log Service
The SAP Audit Log Service is a core, security, and compliance-based SAP BTP service to provide means for audit purposes. The default and advanced capabilities of the SAP Audit Log Service are available for SAP BTP Applications and Services.
Audit Logging in the Cloud Foundry Environment
SECURE DEVELOPMENT & OPERATIONS
SAP Malware Scanning Service
Use SAP Malware Scanning service to scan business documents for malware. Integrate this service with your custom-developed apps running on Cloud Foundry. When your apps upload business documents, your apps can call the SAP Malware Scanning service to check for viruses or other malware.
Application Vulnerability Report for SAP BTP (Beta)
With the application vulnerability report for SAP BTP, you can detect and remediate open-source application vulnerabilities in your SAP BTP deployed applications.
Secure Programming with SAP Cloud Application Programming Model (CAP)
SAP Cloud Application Programming Model (CAP) is a framework of languages, libraries, and tools for building enterprise-grade services and applications. It guides developers along a path of proven best practices and a great wealth of out-of-the-box solutions to recurring tasks.
CAP offers automatic authorization enforcement in the CAP-supported runtimes Node.js and Java. No manual coding of permission checks are required because it is automatically enforced during runtime. Developers can still implement individual permission checks.