cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Registration of a User in Custom Application in Cloud Identity Authentication Service

Go to solution
Aisurya
Participant

on ‎02-07-2018 2:01 PM

0 Kudos

Hi Experts,

Need help to register an user for an application in Cloud IDP when i enable the option in User Application Access "Private(Only users registered by the application can log on)"

Story : I have created Two Sub accounts in SCP (Subaccount1 , Subaccount2 ) and trust setting are changed and metadata exchange also done with two different sub accounts with two custom applications (App1 , App2) in Cloud IDP. The option enabled in custom applications in User Application Access "Private(Only users registered by the application can log on)" .

Subaccount1 <=> App1 , Subaccount2 <=> App2 .

There are 4 users in Cloud IDP. (User1,User2,User3,User4)

Query : User1,User2 should only authenticate for Subaccount1 and User3,User4 should be for Subaccount2 .

Request your help in this please.

Thanks,

Aisurya

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

MSo
Product and Topic Expert
Product and Topic Expert
‎02-08-2018 8:15 AM
0 Kudos

Hi Aisurya,


by setting the user application access to 'Private' only those users will be issued a SAML assertion that have a so called SP mapping for this particular SP. I.e. it will not be sufficent to provide valid credentials, but the Identity Authentication Service (IAS) also checks for this mapping.

How can a user get this mapping?
- You can establish an invite flow via your application and leverage the IAS invitation REST API to invite the users to that SP.
remark: Jam e.g. uses this flow for groups that do not allow self-registration but members can invite other users.
see https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/e55429fdaf394acebe6ee950b80... for details

- An admin can upload users for a particular SP in the IAS admin console. see

https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/33838e0760f8411daf758a1c118... for details.

- Programmatically via https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/e6bb70d5e43c4ff89ff700beb82...

Regards, Marko

Show replies
Show replies
Aisurya
Participant
‎02-13-2018 10:30 AM
0 Kudos

Thanks Marko. I will try way suggested.

Aisurya
Participant
‎02-21-2018 10:34 AM
0 Kudos

Hi Marko,

When i use REST API to create User in IDP in Post Man Rest Client , getting below error.

Name ID attribute is required.

Below SS from REST Client:

Header:

Body :

Request your help in this issue.

Thanks and Regards,

Aisurya

Answers (0)

Ask a Question