Hi Uwe,
a much more flexible solution to use other authentication services/identity provider (IdP) than SAP ID Service is already in the makings and will be available in a couple of weeks.
As an account owner, you will be able to configure the required trust relationship(s) to other IdPs (e.g. in the corporate network) for your account/tenant. Users accessing applications in the account will then be redirected for authentication to the chosen IdP for the tenant, and can login to NW Cloud with their already existing (e.g. corporate) account. In addition, you are able to configure identity federation settings per IdP, e.g. which user profile attributes (provided/exposed by the IdP) will be mapped to which principal attributes of the authenticated user in the NW Cloud application.
Role assignments and authorizations are also configurable, either "hard-coded" (i.e. user with ID X is assigned to web role Y in application Z), or dynamically, based on information provided by the IdP. This can result in a mapping as follows: If the IdP provides a (user profile) attribute with name "department" which equals the value "Purchasing", then assign the user to the web role "Buyer".
There is also a TechEd session this year focusing on exactly these new concepts in NW Cloud. Session ID is CD260.
Greetings
Martin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.