Hello Everyone- I have the below scenario from my client-
1- Users who have email domain like @abc.com, @xyz.com etc.. should login via SSO
2- All other users with email domains @gmail.com, @hotmail.com etc.. should login via TOTP
I have done the below till now-
Step1- I went to IAS>> Applications>> Successfactors >> Conditkonal Authenticaton>> Made rules with Identity provider as Azure. I am attaching screenshot.
Step 2- Tenant Settings>> Risk based Authentication>> Default Authentication Rule is TOTP and made rules in such a way that for others it is Allow ( means SSO). I am attaching screenshot. for this also
Step 3- Went to IPS and ran Read job, users added in SF are seen in IAS.
SAP has told me that if new users/ existing users to be added in these User groups based on email domains we need to write a code as below link- in Transformations
https://help.sap.com/docs/identity-provisioning/identity-provisioning/transformations
The code i wrote is as below-
SAMPLE CODE AS PER SAP - users from matin email should get added in Martin group
users from domain domain should get added in domain group>>>>>>>
{
"condition": "$.
contains '<
martin.se>'",
"constant": "<martin.se>",
"targetPath": "$.groups[1].value"
},
{
"condition": "$.
contains '<
domain.se>'",
"constant": "<domain.se>",
"targetPath": "$.groups[2].value"
Question- Where should i put this code ( is it IAS/ IPS)- Source / target? SAP says it cannot help me.
and is this code correct?
Please advice me on this