cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Transfer (azure) Active Directory Groups to SAP Cloud Identity Authentication Service

Go to solution
jonasmeyer1
Explorer

on ‎06-14-2018 3:06 PM

0 Kudos

We've built a SAML/SSO Trust between IAS and azure AD for the authentication of SAP Cloud applications and SCP subaccounts (platform users).

Now to manage the users in groups, we'd want to transfer assigned AD groups to IAS to further work with them and on that basis manage the access to single Cloud apps.

Has anyone made some experiences in a similar setup?

Show replies
Show replies
Answer
View Entire Topic
former_member183326
Active Contributor
‎06-14-2018 11:38 PM
0 Kudos

With your scenario you firstly set up a job using SAP IPS. In this job it would be Azure as your source system, provisioning to IAS, so IAS will be your target system: https://help.sap.com/viewer/f48e822d6d484fa5ade7dda78b64d9f5/Cloud/en-US/f217bd39c17d47cdb4f89ed19cb...


Then a second job using SAP IPS, this time IAS will be your source system and you can configure either a standard out of the box connector if it is relevant or a SCIM connector if it's custom. Some services providers can do this dynamically upon logging in, like SAC and others cannot, like C4C (this may be subject to change with new releases).

You can configure mapping from IAS to the SP's. So for ex, if you have a role created in SAP SAC, this can be mapped to a group in IAS or AD, either works.


From what I gather you want to provision AD groups to IAS groups dynamically, I'm not sure if this feature exists in IAS yet. The documentation may help with this:

https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/

Show replies
Show replies
Ask a Question