Hi venkatesh.machineni,
I am assuming that each app is a completely different app and that you aren't talking about having a multi-tenant app on BTP (which would translate into having a single app deployed on a sub-account which could be accessed by multiple tenants[sub-accounts])
- Each subaccount has its own Trust relationship with its Identity Provider (SAML 2.0).
- Each IdP will be in charge of authenticating different users.
- Each sub-account will have a different application, which in turn will be able to provide a different set of roles to its accompanying instance of XSUAA. All apps should be 'bound' do an instance of XSUAA in order to provide authentication and the roles should at least define a scope named 'uaa-user'
- Each set of roles will be associated to one or more Role Collections.
- A Role Collections can be assigned to an IdP user directly or to an IdP Group of users.
Please read more here:
https://blogs.sap.com/2020/08/20/demystifying-xsuaa-in-sap-cloud-foundry/
Therefore, in such situation all you have to do is to go into each subaccount and select the 'Security' menu for "Role Collections" on your BTP Cockpit. Find the XSUAA Role Collection that was created for each application and then assign it to that particular user by editing the Role Collection or assign it to a Group of Users for which that particular user belongs to. You could also setup your IdP trust relationship to automatically assign a Role Collection to a group. So, every time a new users is on-boarded into your connected IdP, that user will automatically be able to log on to your application.
Best regards,
Ivan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.