Hi,

We are currently looking to connect our cloud SMD instance to an on premise Sharepoint instance. The SMD user accounts are provided via the standard SAP ID service (not a SAP Cloud Identity Tenant) and our KDC is our on premise AD domain controller.

We have the implementation guide for connecting to Sharepoint via the Hana Cloud Connector and are clear on the requirements from this.

We are clear on how principle propagation works from the service point of view from HCC to obtain tokens on behalf of the SMD users via the KDC. Where we are less clear is how and where the mapping of a SAP ID user from SMD (the inbound requester) gets mapped to an AD user so that the HCC token relates to the right set of access rights.

i.e.

SAP ID "S1234567" used to access SMD. The same user has an on premise AD user jbloggs@domain.com which has access to content on the sharepoint site. Where and how do we define S1234567 = jbloggs@domain.com to execute the Sharepoint access as the correct user?

Many thanks

Jon