Skip to Content

How to import/update users for a specific application?

Hi experts,

we currently have 2 applications in our SCP IAS. Now I want to create users for just 1 specific application. I read the documentation for this case (https://help.sap.com/doc/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/33838e0760f8411daf758a1c11818cc4.html ), but cannot find an example what attribute I need to import in the CSV so that the system knows for which application the user is authenticated. In the documentation I just find the hint that I need to set the user access in the application to private.

Does someone has experience values?

Best regards,

Deborah

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Dec 20, 2017 at 12:49 PM

    Hi Deborah,

    the term ‚Importing users for a specific application‘ technically means that those users get an ‚SP mapping‘ for the application that they were uploaded.

    One can see this mapping as part of the user profile in the Administration Console of the Identity Authentication (IAS) tenant à User Management à (select a user) à Applications.

    This mapping information can be used to control the access of users to a particular application. If you would like to limit access of users for an application you can configure it in the Admin Console à Applications à (select the app) à Authentication and Access à User Application Access. Here you may choose ‘Private’ and then IAS will issue a SAML assertion only for those users who have an SP mapping for that application.

    Side remark: such an SP mapping can also be set programmatically via the User Management API (https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/e6bb70d5e43c4ff89ff700beb82b25fe.html)

    Additional side remark: the above mentioned SP mapping capability is one way to control the access to an application; alternatively you can achieve that via user-group assignment and configuring the risk based authentication for an application (https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/bc52fbf3d59447bbb6aa22f80d8b6056.html)

    These two alternatives for access control are visualized in the product overview presentation for IAS -

    https://www.sap.com/documents/2015/07/e4803e8e-5b7c-0010-82c7-eda71af511fa.html - slide 15 (SP mapping) and 17 (risk based authentication).

    Regards, Marko Sommer, Product Management Identity Authentication

    Add comment
    10|10000 characters needed characters exceeded

  • Feb 01 at 01:32 PM

    Former Member can you maybe help?

    tips are highly appreciated :)

    Add comment
    10|10000 characters needed characters exceeded