Skip to Content

How to import/update users for a specific application?

Dec 08, 2017 at 03:57 PM


avatar image

Hi experts,

we currently have 2 applications in our SCP IAS. Now I want to create users for just 1 specific application. I read the documentation for this case ( ), but cannot find an example what attribute I need to import in the CSV so that the system knows for which application the user is authenticated. In the documentation I just find the hint that I need to set the user access in the application to private.

Does someone has experience values?

Best regards,


10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Marko Sommer
Dec 20, 2017 at 12:49 PM

Hi Deborah,

the term ‚Importing users for a specific application‘ technically means that those users get an ‚SP mapping‘ for the application that they were uploaded.

One can see this mapping as part of the user profile in the Administration Console of the Identity Authentication (IAS) tenant à User Management à (select a user) à Applications.

This mapping information can be used to control the access of users to a particular application. If you would like to limit access of users for an application you can configure it in the Admin Console à Applications à (select the app) à Authentication and Access à User Application Access. Here you may choose ‘Private’ and then IAS will issue a SAML assertion only for those users who have an SP mapping for that application.

Side remark: such an SP mapping can also be set programmatically via the User Management API (

Additional side remark: the above mentioned SP mapping capability is one way to control the access to an application; alternatively you can achieve that via user-group assignment and configuring the risk based authentication for an application (

These two alternatives for access control are visualized in the product overview presentation for IAS - - slide 15 (SP mapping) and 17 (risk based authentication).

Regards, Marko Sommer, Product Management Identity Authentication

Show 2 Share
10 |10000 characters needed characters left characters exceeded

Hi Marko,

thank you for your reponse. I looked at the resources you mentioned. But, I still don't know how to do 'SP mapping' for users... Can you give me a specific example please how to do it manually and through the API? Thank would be great!

My situation in our test tenant:

I put the User Application Access in the Application 'SAP Jam' on 'Private'. However, if I create users (manually with initial password) they are immediately users in our 'SAP Jam' Application, although I haven't assign the SP Mapping of this users to the Application... And I cannot do SP mapping or I don't know how, see following screenshot:

But if I compare it to my user in the SCP IAS I see that SP Mapping is existing... See screenshot below:

Do you know Marko Sommer why this is behaving like that? Or do you have a specific example what needs to be set in the user to restrict the access to just one application?

In the User Management REST API documentation I find just the following parameters:

user_profile_id login_name first_name last_name language valid_from valid_to source_url target_url send_email spCustomAttribute1 spCustomAttribute2 spCustomAttribute3 spCustomAttribute4 spCustomAttribute5

Which of those parameter defines the SP Mapping? Do I perhaps need to specify the service provider ID to make SP Mapping for a user?

Thanks a lot in advance!

Best regards, Deborah Albrecht


Marko Sommer do you have an update for me how to do SP Mapping for users?

BR, Deborah Albrecht

Deborah Albrecht Feb 01 at 01:32 PM

Florian Buech can you maybe help?

tips are highly appreciated :)

10 |10000 characters needed characters left characters exceeded