cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAML SSO - Azure Security groups for different enterprise apps

former_member587522
Explorer

on ‎10-07-2022 12:36 AM

0 Kudos

Hello,

I have a question about Azure security groups when configuring SAML SSO for SAP enterprise applications. I am configuring SSO with Azure as the same IDP for two cloud applications - SAP Marketing Cloud and SAP S4 Cloud (Both of these cloud applications have same SAP IAS). As part of SSO configuration, we define/restrict who have access to these enterprise applications in Azure by setting up a security group for each enterprise app and adding users to this security group.

Now since in IAS, I cannot have two separate custom IDP entries for same IDP (Azure1 and Azure2). How can we retain separate security groups in Azure? For example - for SAP Marketing Cloud users, we want Group1 users and for SAP S4 Cloud users, we want Group2 users. We don't want one common group for both the applications. Is it possible?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Colt
Active Contributor
‎10-07-2022 6:39 AM
0 Kudos

Hi M Samy

you can either federate and synchronize your groups and user assignments from Azure to IAS (IdDS) via IPS. This way, you can achieve your goal. Azure AD is your authenticating instance. In most cases, SAP IAS should have the final decision on whether a user is authorized to access different SAP SaaS applications.

Some advantes and concepts behind identity federation you can obtain from my latest blog

Also take a look here, guess this will help too.

Cheers Carsten

Show replies
Show replies
Ask a Question