Hi guys, next article in series SAP IDENTITY AUTHENTIATION SERVICE (IAS), in this article I want to share my understand about IDENTITY PROVISIONING SERVICE (IPS). What’s this ?

Identity Provisioning Service – IPS is a service in IAS.

Imagine below context

The process can be used for directory synchronization, provisioning, and user access control. The top–down user sync process begins by gathering user data from an external source and then mapping the data to the user directory. The mapped data is then used to create user accounts, update existing user accounts, and delete user accounts as needed. This process can be automated using SAP Identity Provisioning Service(IPS) or manual processes (not recommended).

The process is beneficial as it allows administrators to quickly and easily manage user access and user data across multiple platforms with complete automated way.

IPS can resolve 2 scenario

Scenario one – Sync user data from AD Azure into IAS

Scenario two – Distribute user from IAS into SAP Cloud application (BTP, S4HC, SF, SAC, …)

For tutorial simple and with demo purpose IAS/IPS, I just sync user from IAS into SAP BTP ABAP Environment.

My Scenario

On IAS, I create one group ABAP Developer, and add user into it. After that I will use this user logon to SAP BTP ABAP environment by ADT Eclipse.


I finish this article, we need:

  • SAP BTP Trial account
  • SAP BTP ABAP Environment (FreeTier)
  • SAP IAS Tenant
  • Application Development Tool – ADT Eclipse

Step by step

Create Business Role on SAP BTP ABAP Environment

Create User group on IAS


User group on IAS must have name the same with Business Role on SAP Application cloud. Example SAP BTP ABAP ENV

Create user on IAS

Add user into user group in IAS

Create source system (IAS) by IPS

Download certification outbound of source and inport into user system of IAS

Configuration properties for source system

This step, we can reference on SAP help to know what value to configure. This is my cofiguration

Create target system (SAP BTP ABAP Environment) on IPS

Download certificate outbound of target system

This step, we have to download certificate of outbound to configure communication user in SAP BTP ABAP Environment. It’s mean create connection from IAS to SAP BTP ABAP also

Download outbound certificate

Go to SAP BTP ABAP Environment and create communication user, import certificate also

Create communication system on SAP BTP ABAP

This step we will create communication system on SAP BTP with inbound connection from IAS to SAP BTP. We also import user on above step as inbound user

Create communication Arrangement with scenario SAP_COM_0193

This step, we will create communication aarangments with scenario SAP_COM_0193. We also add system and user above in this configure.

We also get API URL of this communication arrangement to configure in properties of target system in IAS.

Configuration properties for target system on IAS

This step we have to configure properties for target system on IAS. This step we can reference on SAP help for more details.

OK well done. Next we will test this scenario by run job and check log.

Run Job from source system to sync user from IAS to SAP BTP ABAP

Run Job

Check job log

Check on SAP BTP ABAP Environment

Connect ADT with this user


Ok well done, so long but just screen capture :). In this article I shared my understand how to provision user from IAS into SAP BTP ABAP Environment and login user in IAS into SAP BTP ABAP by ADT eclipse. Thanks for your reading, any advise kindly leave your comment on this.


Joseph Huy Nguyen

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.