SAP Cloud Identity Services offered as Trial Versi...

MSo · ‎04-13-2023

Introduction

SAP offers different Trial and so-called Free Tier instances for the Business Technology Platform (BTP) with which one can try out BTP with certain limits and time constraints. The SAP Cloud Identity Services (SCI) were so far only offered for BTP Free Tier accounts, however SCI was recently also made available as part of BTP trial accounts.

Service Offering and Limitations

The trial versions of SCI offer almost the full functional scope, just limited to a maximum of 50 users and connectivity plan not being available. Thus, corporate user store scenario or user provisioning from/to on-premise environments will not be possible with trial tenants. But aside from that trial users – and admins – can try out the SAP Cloud Identity Services free of charge.

One can request one SCI tenant per BTP global (trial) account. The SCI tenant can then be used in all subaccounts as application identity provider. The tenant cannot be used as a platform identity provider.

SCI tenant lifetime is bound to the BTP trial account (90 days – see Trial Lifecycle for details); if the BTP trial account is terminated, the corresponding SCI tenant will also be retired.

Landscape: SCI trial tenants are only offered in US East region. Thus, independent from the BTP trial landscape – currently offered in the US and Singapore – SCI tenants will always be deployed in US East region.

Service Request

Here’s how you can request your own SAP Cloud Identity Services trial tenant:

Go to your SAP BTP Trial account -
in case you don’t have one yet, please have a look at the following tutorial.

Navigate to a subaccount -> Service Marketplace -> the Cloud Identity Services default plan should be auto-entitled:

Create a new instance for Cloud Identity Services default plan:

Verify that SCI tenant creation was successful:

You will receive an account activation email for your admin user in the newly created SCI tenant

and with that user you can access the admin console of your SCI tenant:

Going back to the BTP cockpit:
you may use the new SCI tenant as application identity provider for your BTP subaccount.
Go to your BTP trial subaccount -> Security -> Trust Configuration:

‘Establish Trust’ button will create a trust configuration from the BTP subaccount to SCI based on the OpenID Connect protocol:

It is also an option to establish the trust manually based on the SAML protocol.

In the SCI administration console -> Applications & Resources -> Applications you will see the trust configuration that was established by your BTP trial account:

That’s it!
Applications you deploy in your BTP subaccount can now delegate authentication to the SCI tenant you just created. And in the SCI admin console you may configure the various options for authentication, multi-factor authentication or use SCI just as a proxy for a corporate identity provider that you may have established.

Links

BTP Trial Accounts and Free Tier (help docu)

SCI Tenant Model & Licensing -> Trial Tenant (help docu)

Get a Free Account on SAP BTP Trial (developer tutorial)

SAP BTP Free Tier and Trial Environment (SAP community blog)

Conclusion

If you ever wanted to get hands-on experience with the SAP Cloud Identity Services, it’s now the right time to do so.

yogananda · ‎04-13-2023

Great marko.sommer for Introducing this to BTP Trail account!

This is really going to be Game changer 🙂

martinfrick · ‎04-15-2023

Hi team,

I can only second yoganandamuthaiah This is a real game changer! Thanks for all your hard work making it possible!

Wow!

nils-lutz · ‎04-15-2023

Hello there,

+1. Love to see this as a addition to the free-tier world.

Huge!

Chandrashekhar · ‎04-16-2023

Dear Marco

Thank you!

Glad to know that SCI made available as part of BTP trial account. However, when I tried to follow the steps as per the blog, the SAP Identity Service is not shown for my trial account. Could you please suggest if any prerequisite need to be followed.

Just to Add my Sub account is in below location.

Provider Amazon Web Services (AWS)

RegionUS East (VA)

Environment Multi-Environment

SCI Trial

MSo · ‎04-17-2023

Maybe it's a BTP Trial account created at a time when the Identity Services plan was not yet available for Trial? (SCI plan was enabled beginning of April)

Chandrashekhar · ‎04-17-2023

Dear Marko

Thank you!

Quite possible, I tried to add the SCI from the Entitlements for my trial subaccount, and this works as expected.

Steps Followed:

From the trial account -> Entitlements, Click on Configure Entitlements -> Add Service Plan -> Cloud Identity Services.

Best Regards

Chandra

MSo · ‎04-17-2023

Thanks Chandra for confirming!
By chance I found an old trial account of mine and could activate SCI as you described it:-)
Best, Marko

Kishore · ‎06-04-2023

Hello Marko,

I created an instance for Cloud Identity Services in my trial account. I am getting an error while trying to establish a trust. I am doing this step as part of activation of SAP Build Apps

MSo · ‎06-05-2023

Hi Kishore,
SAP Build apps integrates with IAS based on OpenID Connect protocol.
Establishing the trust requires the 'application plan' for the Identity Services.
Unfortunately this plan is still missing in BTP Trial accounts. We are working on it to add it.
Marko

MSo · ‎06-27-2023

Update: Application Plan is meanwhile enabled for BTP Trial accounts.

NazeerAhamad_M · ‎09-20-2023

Thanks allot Marko for sharing the valuable information with screens, it was really helpful to start of 🙂 as a beginner.

Just to add on before going to Step 3, one should check if the "Default" is enabled or not? if not enabled only "Application" will be available to choose and it will fail. If Default is not enabled, then we have to go to BTP cockpit -> select your account -> Entitlements -> Configure Entitlements-> search for Cloud Identity Services-> enable Default and then save and proceed with Step 3.

This is how it worked for me.

Thanks,

Nazeer