Hi guys, I come back 🙂
This time, I want to share one tip about login to SAP Integration by custom identity provider. As you know, every logon into SAP Integration Suite, we have to input SAP SID/PID which we call it is SAP ID Service. But, if in customer’s landscape have AD Azure, we have to get user AD to logon SAP Integration Suite instead SAP ID Services.
To do this, we have to configure SAP IAS as custom Identity Provider in SAP BTP.
If we do not have custom Identity Provider then when login to Integration Suite, we will have to input SAP ID
Prerequitesites
- SAP BTP trial account
- Identity Authentication Services Tenant
Download SAML Metadata in sub account
Create application on IAS
Logon IAS tenant and create new application
Configuration new application
Import SAML of sub account into application
Configuration Subject Name Identifier
Configuration Assertion Attributes
CREATE USER AND GROUP IN IAS
Create user
After save, IAS will send information to active user into email. Check email to active
Set your password
Create group
Add user into group
Download SAML of IAS into SAP BTP sub account
Create new trust configuration
Mapping BTP Role collection into Role of ISA
We can map 1 ROLE IAS to many ROLES Collection of Integration Suite.
In this step, we can create ROLE Collection custom and add more group into it.
Login to Integration Suite with IAS
SUMMARY
In this article, I shared how to use custom authentication provider replace for Default Identity Provider in SAP BTP by SAP Cloud Identity Service – one of services on SAP BTP. Thanks for your reading and any advise, kindly leave your comment on this.
Thanks.
Joseph Huy Nguyen
SAP Zero to Hero 