Skip to Content
0
Sep 08, 2023 at 01:20 PM

Need help in coding- SAP IAS/ IPS SSO

101 Views

Hello Everyone- I have the below scenario from my client-

1- Users who have email domain like @abc.com, @xyz.com etc.. should login via SSO

2- All other users with email domains @gmail.com, @hotmail.com etc.. should login via TOTP

I have done the below till now-

Step1- I went to IAS>> Applications>> Successfactors >> Conditkonal Authenticaton>> Made rules with Identity provider as Azure. I am attaching screenshot.

Step 2- Tenant Settings>> Risk based Authentication>> Default Authentication Rule is TOTP and made rules in such a way that for others it is Allow ( means SSO). I am attaching screenshot. for this also

Step 3- Went to IPS and ran Read job, users added in SF are seen in IAS.

SAP has told me that if new users/ existing users to be added in these User groups based on email domains we need to write a code as below link- in Transformations

https://help.sap.com/docs/identity-provisioning/identity-provisioning/transformations

The code i wrote is as below-

SAMPLE CODE AS PER SAP - users from matin email should get added in Martin group

users from domain domain should get added in domain group>>>>>>>


{
"condition": "$. contains '< martin.se>'",
"constant": "<martin.se>",
"targetPath": "$.groups[1].value"
},


{
"condition": "$. contains '< domain.se>'",
"constant": "<domain.se>",
"targetPath": "$.groups[2].value"

Question- Where should i put this code ( is it IAS/ IPS)- Source / target? SAP says it cannot help me.

and is this code correct?

Please advice me on this