on 10-07-2022 12:36 AM
Hello,
I have a question about Azure security groups when configuring SAML SSO for SAP enterprise applications. I am configuring SSO with Azure as the same IDP for two cloud applications - SAP Marketing Cloud and SAP S4 Cloud (Both of these cloud applications have same SAP IAS). As part of SSO configuration, we define/restrict who have access to these enterprise applications in Azure by setting up a security group for each enterprise app and adding users to this security group.
Now since in IAS, I cannot have two separate custom IDP entries for same IDP (Azure1 and Azure2). How can we retain separate security groups in Azure? For example - for SAP Marketing Cloud users, we want Group1 users and for SAP S4 Cloud users, we want Group2 users. We don't want one common group for both the applications. Is it possible?
Hi M Samy
you can either federate and synchronize your groups and user assignments from Azure to IAS (IdDS) via IPS. This way, you can achieve your goal. Azure AD is your authenticating instance. In most cases, SAP IAS should have the final decision on whether a user is authorized to access different SAP SaaS applications.
Some advantes and concepts behind identity federation you can obtain from my latest blog
Also take a look here, guess this will help too.
Cheers Carsten
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
95 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.