cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to manage SCP-IAS application registration via IdM SCI-Connector?

ulfl
Explorer

on ‎07-07-2019 5:58 PM

0 Kudos

Current version of SCI-Connector (com.sap.idm.connector.sci) only provisions via "SCIM REST API" and does not handle application registration via "User Management REST API" . We already extended SCI-Connector to register an application for a user besides creating the user resource.

Since we now connect more applications to the same SCP-IAS tenant, and not every user is allowed to access every applications, we set user application access to "Private" in SCP-IAS, which forces registration to an application before it can be accessed.

Question: What is the best way in IdM to handle the authorizations to different applications in a single SCP-IAS tenant? I see the following two main options:
a) separate IdM-Repositories for each application and assign "Only-Privileges" as needed
b) single IdM-Repository and privileges per application

Question to SAP would be if the SCI-Connector will be further enhanced by SAP to manage application registration. What is the roadmap of the SCI-Connector?

Best regards,
Ulf Licht

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

antonstanev
Advisor
Advisor
‎07-17-2019 7:40 AM
0 Kudos

Hello Ulf,

Correct, IdM’s IAS connector (formerly known as SAP Cloud Identity (SCI) connector) does not have application registration capabilities.

On your first question, it’s not possible to handle the authorisations to different applications in a single IAS tenant using the standard capabilities of IdM’s IAS connector.

Any extensions or further improvements of IAS connector are not planned.

As an alternative, you can consider using the SAP Cloud Platform Identity Provisioning Service (IPS) and its Hybrid Scenario: SAP Identity Management. In this scenario, you can connect IdM to number of cloud systems through IPS (including IAS). That way you will benefit from the wider range of capabilities IPS provides in its IAS connector. Please refer to IPS’ documentation for more details: https://help.sap.com/viewer/f48e822d6d484fa5ade7dda78b64d9f5/Cloud/en-US/d45c8a331b8d4706bc2af3f0d60...

For example, you can assign your users to different IAS groups and to use Risk-Based Authentication rules to control the access to applications based on user groups.

Kind regards,

Anton

Show replies
Show replies
Ask a Question