Identity Services – the gateway to the SAP cloud world
SAP Identity Services is a collection of tools with which you can map the most important identity management processes.
Specifically, these include
- Identity Directory Service (SAP IDDS)
- Identity Provisioning Service (SAP IPS)
- Identity Authentication Service (SAP IAS)
Identity Directory Service
An SAP directory service in which all user and group assignments are stored (analogous to e.g.AD/AAD)
Identity Provisioning Service
A service that provisions group assignments in the backend system, including attribute mappings and transformations
Service The IdP from SAP. This can be used to implement MFA and SSO scenarios or forwarded to the Cooperate IdP as a proxy.
Variant 1: Customer IAM in use
- HR master data from SAP SuccessFactors (or another HR system) is sent to the IDM system used by the customer.
- IDM sends the user accounts or group assignments for all SAP cloud systems to the SAP IdDS.
- IDM sends the user accounts or group assignments for all NON-SAP cloud systems directly to the affected system.
- With the help of the SAP IPS, the user attributes are transformed and mapped to the backend attributes of the respective system.
- The IPS provisions the appropriate attributes to the backend system.
Variant 2: Without Customer IAM
- HR master data is sent from SAP SuccessFactors (or another HR system) to the SAP BTP service “SAP Master Integration”.
- SAP Master Data Integration creates the corresponding user accounts on the SAP IdDS.
- Changed master data or group assignments are automatically triggered in SAP IPS for provisioning.
- Mappings are used to provision the attributes from the SAP IPS for (SAP) cloud systems directly to the backend.
- On-premise SAP systems are supplied with attribute changes or group/authorization assignments via the SAP Cloud Connector.
- For non-on-premise SAP systems, the corresponding interfaces must be specifically examined.