Efficient user management is the core of any organization’s digital ecosystem. SAP Cloud Identity Services offers a powerful tool in the form of the Identity Authentication Service. With this service, you can delegate identity authentication to a trusted identity provider (IdP). The Identity Authentication Service , provides organizations with controlled cloud-based access to vital business processes, applications, and data.
This service simplifies the user experience. There are multiple ways of authentication mechanisms. such as single sign-on, on-premise systems integration and convenient self-service options for users. User management becomes not only more secure but also incredibly user-centric.
This blog post will describe the crux of user management within digital infrastructure, focusing on the integration between SAP Cloud Identity Services’ Identity Authentication Service (IAS) and SAP Business Technology Platform (BTP).
Using Identity Authentication service with SAP BTP
Identity Authentication service provides Authentication and single sign-on for users in the cloud.
We can onboard business users on SAP Cloud Identity Services. These business users can then access services, applications provided by SAP BTP.
The business users can also be created in bulk with mass import. One of our customers wanted to give all of its dealers access to web services. These web services were provided to dealers with SAP BTP Integration Suite.
Tenant administrators on SAP Cloud Identity Services can manage user accounts via the administration console and via APIs.
The user management enables you to create, modify, and delete users and their attributes, and manage the user accounts in the user store of Identity Authentication.
1. Create user
1.1 Create users via the Add option in the administration console
As a tenant administrator, you can create a new user in the administration console for SAP Cloud Identity Services.
1.2 Create users via a CSV file import in the administration console
We can also do mass import of business / technical users. As a tenant administrator, you can create new users or update existing ones with all user data, including attributes from a custom schema, via a CSV file upload. With the CSV file, you can import up to 25000 users to create new users or to update existing users.
The CSV file must contain at least the following three columns:
userName or loginName
emails.value or mail
name.familyName or lastName
Below is the sample of CSV file.
1.3 Create users programmatically via API
Below APIs can be used to create, update and delete users.
Identity Directory Service [ https://api.sap.com/api/IdDS_SCIM/overview]
Identity Authentication Service [https://api.sap.com/api/IAS_SCIM/overview]
Tenant administrator credentials can be used to authenticate with these APIs.
2. Search users
2.1 Search users in the administration console
Users can be searched on the admin console with their attributes such as FirstName, Lastname, email id, SCIM ID.
2.2 Search users via API
3. List and edit user details
The following options are offered for listing and editing user details
List a specific user and edit the information about that user via the administration console
List and update user details via API
Update user details via a CSV file import
Manage user password via the administration console
4. Delete users
Deleting users is offered via the administration console, but can also be executed programmatically via API.
5. Manage the user group assignment
Tenant administrators can create groups. A group is a collection of users. Groups serve to create sets of users who have something in common.
Groups can be assigned and unassigned to users
via the administration console for SAP Cloud Identity Services.
SAP Cloud Identity Services with the Identity Authentication Service, offers an elegant solution for User management. By delegating identity authentication to an identity provider, businesses simplify and secure their user management processes. The Identity Authentication Service, when integrated with SAP BTP, revolutionizes how organizations control, secure, and enhance the user experience within their digital ecosystem. It’s a dynamic partnership that empowers businesses to navigate the ever-evolving digital landscape with ease.