SAP Cloud Identity Services
SAP Cloud Identity Services are our central solution for managing authentication, single sign-on, and the identity lifecycle. They improve system integration, provide a seamless user experience, and enhance security and compliance.
This blog post focuses on the key role of SAP Cloud Identity Services in ensuring that the right users will get access to the right tasks in the SAP Task Center. It offers you some guidance through the myriad of configuration options, choices, and alternatives.
Microsoft is deprecating Basic authentication for Exchange Online and Outlook, which requires SAP Cloud Identity Services users to migrate from username and password to OAuth-based authentication for enhanced security. SAP Cloud Identity Services now supports OAuth authentication for custom mail servers, providing a seamless transition from Basic to token-based authentication.
The Authorization Management service is a pivotal component within SAP Cloud Identity Services, providing a unified platform for managing authorizations across applications based on the SAP BTP and also the administration console of SAP Cloud Identity Services itself. Administrators can configure and assign policies through a centralized console, enhancing the efficiency and consistency of policy application across different services and users.
Missed SAP TechEd 2024? Watch the recordings of our virtual sessions to find out more about the security services available with SAP Business Technology Platform and get a concise summary of the most important security features and strategies.
This new blog post series aims to provide technical guidance on how to plan and implement IAM with SAP Cloud Identity Services and Microsoft Entra. In the first part, explore the implementation of a workflow-based access management solution to SAP Business Technology Platform with Microsoft Entra ID Governance.
Have you ever wondered how to connect your on-premise systems, such as SAP S/4HANA or SAP Application Server ABAP and others, to provision entities using SAP Cloud Identity Services? This blog post will guide you through the necessary configurations to enable the Identity Provisioning service to provision from/to such on-premise systems.
Explore how identity and access management (IAM) software from SAP supports building successful system integrations in cloud and hybrid environments. With SAP Cloud Identity Services and well-established IAM related industry standards, SAP improves system integration and helps provide a seamless user experience while also improving security and compliance.
Check out our new IAM reference architectures now available in SAP Discovery Center. They describe the authentication and identity lifecycle flows for SAP applications via SAP Cloud Identity Services; and how the different authorization technologies within the SAP portfolio can be used from a central point for the identity lifecycle.
Overview
SAP Cloud Identity Services are SAP’s central cloud IAM services for authentication, single sign-on, and identity lifecycle. SAP solutions integrate with SAP Cloud Identity Services and reuse its functionality where possible.
Authentication is delegated to Identity Authentication. User information is either directly read from the Identity Directory or the solution’s user store is integrated with SAP Cloud Identity Services via SCIM-based user provisioning. Newly built applications will use the Authorization Management service for policy-based authorization checks.
This standardizes the IAM setup, reduces duplicate functionality, and gives customers a clear setup and central IAM configuration and access point.
Solution overview presentation
Evolving Identity Authentication and Identity Provisioning into SAP Cloud Identity Services
SAP Cloud Identity Services – Why and How to Integrate Them for a Consistent Identity Lifecycle
Identity Authentication
Identity Authentication is a cloud service for authentication, single sign-on, and user management in SAP cloud and on-premise applications. It can act as an identity provider itself or be used as a proxy to integrate with an existing single sign-on infrastructure.
Identity Provisioning
Identity Provisioning offers a comprehensive, low-cost approach to identity lifecycle management in the cloud. It helps you provision identities and their authorizations to various cloud and on-premise business applications.
Identity Directory
The Identity Directory is the central component for persisting users and groups inside the SAP Cloud Identity Services. Using the Identity Directory not only simplifies the process of ensuring a proper user lifecycle, but also lays the foundation for integration with SAP cloud applications.
Authorization Management
The Authorization Management Service allows administrators to assign access based on policies centrally within SAP Cloud Identity Services. An access policy allows a user to perform certain actions on a resource, subject to restricting rules. These rules can be adapted by the administrator so that policies fit company requirements before being assigned to users.