Skip to Content

Authenticating Native/Hybrid mobile apps via SCP Identity Authentication Service (IAS)

Hi Experts,

I have the following scenario for a customer:

- An existing SCP subaccount has a default Identity Provider set as the corporate IdP.

- We will develop new apps, 1 of which is a Native iOS app deployed to SCP Mobile Services.

- This new application is supposed to authenticate via SCP IAS instead of corporate IdP.

My question:

Since the subaccount's default IdP is the corporate IdP, is there a way in Mobile Services to configure specific native/hybrid apps to authenticate via IAS? Currently, you only have the options in the below screenshot.

I know that you can do the reverse and use IAS as the default and then set up a corporate IdP. But are there other approaches? (assuming we are not allowed to change the default IdP due to governance restrictions).

Cheers,

Greg

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

3 Answers

  • Apr 02 at 07:08 AM

    Hi Greg,

    I don't know mobile services, but as you probably control the application's URL this should be possible.

    To use a secondary (non-default) IDP the application URL needs to be assembled like this:

    https://<app name>.hana.ondemand.com/index.jsp?saml2idp=<idp name>

    Source: https://help.sap.com/viewer/65de2977205c403bbc107264b8eccf4b/Cloud/en-US/dc618538d97610148155d97dcd123c24.html#loioade5359a931b45b680301ebc3b6f3cb3

    Cheers, Lutz

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Lutz,

      Thanks for the answer but that is for web apps or portal. My question is specifically for native or hybrid apps which are not accessed via web links and whose security is configured in mobile services.

      Cheers,

      Greg

  • Apr 02 at 09:32 AM

    Hi,

    While i am still trying to de-cipher the ask here, IAS just acts like a reverse proxy and the list you have pasted above represents the Auth mode/protocol as such. Are you trying to authenticate the app users via on-prem IDP ?

    Thanks and Regards,

    Rakshith

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Rakshith,

      Basically my question is: can you explicitly define, in SCP mobile services, which IdP a hybrid/native app should use?

      In my scenario i have both corporate IdP(default) and IAS in my subaccount and would like to specify which IdP an app is using.

      Cheers,

      Greg

  • Apr 02 at 12:41 PM

    Hi Greg,

    You can only have 1 IDP per sub-account and as far as i know, you cannot configure which IDP to use explicitly on a per-app basis.

    Hope that helps.

    Thanks and Regards,

    Rakshith

    Add comment
    10|10000 characters needed characters exceeded