cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Shadow user in BTP

tskwin
Explorer

on ‎04-18-2024 10:36 AM

0 Kudos

Hello,

What are the possible methods for automatic user provisioning from SAP IAS to SAP BTP while "Create Shadow Users During Logon" option in SAP BTP is deactivated ?

Or do users need to be created manually in SAP BTP in that case?

Many thanks for every tip ?

 

Best Regards

 

Show replies
Show replies
Answer
View Entire Topic
rileyrainey
Product and Topic Expert
Product and Topic Expert
‎04-18-2024 8:24 PM
0 Kudos

The only method I'm aware of to get "automatic user provisioning" is to utilize the create shadow user functionality.  Our team has used it inside SAP to allow us to authenticate users without requiring addition of specific scopes (and the associated manual provisioning of users). In our use case, we add a middleware function to the appprouter designed to verify that the user's e-mail is associated with a specific domain - we only have to take that extra step as our IDP can source non-SAP accounts.  There's probably variations to that you could apply as well.

Is there a reason you wish to avoid the create shadow user capability, though?

(and -- if it would help -- I can provide an example of the middleware function).

Show replies
Show replies
tskwin
Explorer
‎04-22-2024 12:20 PM
0 Kudos

Hello @rileyrainey,

Thank you for your response.

There's no specific reason, but as far as I know, SAP documentation recommends disabling automatic creation of shadow users for better control. It would be great if you could provide an example of the middleware function.

Many Thanks 

Best Regards

rileyrainey
Product and Topic Expert
Product and Topic Expert
‎04-22-2024 2:32 PM
0 Kudos
tskwin,
Ask a Question