Skip to Content
0

Registration of a User in Custom Application in Cloud Identity Authentication Service

Feb 07 at 02:01 PM

118

avatar image

Hi Experts,

Need help to register an user for an application in Cloud IDP when i enable the option in User Application Access "Private(Only users registered by the application can log on)"

Story : I have created Two Sub accounts in SCP (Subaccount1 , Subaccount2 ) and trust setting are changed and metadata exchange also done with two different sub accounts with two custom applications (App1 , App2) in Cloud IDP. The option enabled in custom applications in User Application Access "Private(Only users registered by the application can log on)" .

Subaccount1 <=> App1 , Subaccount2 <=> App2 .

There are 4 users in Cloud IDP. (User1,User2,User3,User4)

Query : User1,User2 should only authenticate for Subaccount1 and User3,User4 should be for Subaccount2 .

Request your help in this please.

Thanks,

Aisurya

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Best Answer
Marko Sommer
Feb 08 at 08:15 AM
0

Hi Aisurya,


by setting the user application access to 'Private' only those users will be issued a SAML assertion that have a so called SP mapping for this particular SP. I.e. it will not be sufficent to provide valid credentials, but the Identity Authentication Service (IAS) also checks for this mapping.

How can a user get this mapping?
- You can establish an invite flow via your application and leverage the IAS invitation REST API to invite the users to that SP.
remark: Jam e.g. uses this flow for groups that do not allow self-registration but members can invite other users.
see https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/e55429fdaf394acebe6ee950b80b11db.html for details

- An admin can upload users for a particular SP in the IAS admin console. see

https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/33838e0760f8411daf758a1c11818cc4.html for details.

- Programmatically via https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/e6bb70d5e43c4ff89ff700beb82b25fe.html

Regards, Marko

Show 2 Share
10 |10000 characters needed characters left characters exceeded

Thanks Marko. I will try way suggested.

0

Hi Marko,

When i use REST API to create User in IDP in Post Man Rest Client , getting below error.

Name ID attribute is required.

Below SS from REST Client:

Header:

Body :

Request your help in this issue.

Thanks and Regards,

Aisurya

header1.png (11.6 kB)
body2.png (24.0 kB)
0