Skip to Content
Aug 18 at 02:03 PM

Using SAP IAS groups to authorize users in a corporate IdP scenario


Hi all,

we have a corporate IdP to authenticate our end users with Kerberos. We are using SAP IAS to bring the login to our BTP cloud foundry application platform. We want to use the IAS groups to authorize the users in the cloud foundry application platform to access the business application studio. Our SAP IAS is setup in proxy mode and the authentication requests from the cloud foundry applications are redirected to the corporate IdP. We have setup the scenario as described in the blog post: SAP Business Technology Platform Security | Hands-on Video Tutorials | SAP Blogs

Is it possible to use the IAS group assignments to autorize and role map the groups to the cloud foundry groups?

Can SAP IAS map the user authenticated by the corporate IdP to the local IAS user? If I setup the application trust to send the groups attribute, I can see in the SAML reponse for the application that no attribut group is sent.

Thanks and regards