cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Where should Cloud Identity Service be implemented?

Go to solution
batoul_kserawy
Explorer

on ‎07-13-2023 7:36 AM

0 Kudos

Hi everyone,

I wondered where in the Global account should a customer implement their Cloud Identity Service.

Does it matter where it is being implemented?

I read something about tenants, and that the Identity service is actually linked to it, but I couldn't understand that very well, can someone help me with that? And explain to me the différance of where to implement the service if there is any.

Show replies
Show replies
Answer
View Entire Topic
sushilgupta857
Active Participant
‎07-13-2023 9:57 AM

Hi batoul.kserawy,

When we request cloud identity service - we get two options

First is create subscription of this service - this will give you IAS tenant which can be used by any subaccount in you BTP Cockpit. I think it doesn’t matter in which subaccount you create this service as the person who creates it gets email to generate his password and access to IAS tenant is managed inside IAS(user store).

There is another called instance of this service - prerequisite will be to extablish trust between the subaccount and IAS tenant using oidc - after this developer can create instances of cloud identity service and bind their applications to it. This creates another application inside IAS which can help in giving them more control on every application they deploy and can be managed separately. This cloud indentity service instance is created in specific subaccounts where developers are working and want to bind their applications.

hope this helps !

regards

Sushil k gupta

Show replies
Show replies
batoul_kserawy
Explorer
‎07-13-2023 12:25 PM
0 Kudos

Thank you, Sushil!
That was very helpful. 🙂
When a customer sign a contract for a new Global Account with us, they will automatically get a tenant assigned to this account, right?
If they then went and created a further Cloud Identity Service Subscription, then they will get extra costs which could have been avoided, if they used the default one that was delivered with the Global Account. Did I understand that right?

sushilgupta857
Active Participant
‎07-13-2023 8:03 PM
0 Kudos

Hi Batoul,

SAP provides bundled IAS/IPS (cloud. Identity service) tenants with BTP (usually one test and one prod tenant in bundled license - free). Customers are entitled to it and can login with their SUSER-ID to this URL -https://iamtenants.accounts.cloud.sap/

and check if there is already a bundle tenant requested for them or not. They can check details like who is the administrator for those tenants also on this link.

If not they can request the tenants.

Your understanding is correct !

I can see in another comment sonia has shared some good documentation which can help with more details.

Regards

Sushil K Gupta

Ask a Question