Hi guys, next article in series SAP IDENTITY AUTHENTIATION SERVICE (IAS), in this article I want to share my understand about IDENTITY PROVISIONING SERVICE (IPS). What’s this ?
Identity Provisioning Service – IPS is a service in IAS.
Imagine below context
The process can be used for directory synchronization, provisioning, and user access control. The top–down user sync process begins by gathering user data from an external source and then mapping the data to the user directory. The mapped data is then used to create user accounts, update existing user accounts, and delete user accounts as needed. This process can be automated using SAP Identity Provisioning Service(IPS) or manual processes (not recommended).
The process is beneficial as it allows administrators to quickly and easily manage user access and user data across multiple platforms with complete automated way.
IPS can resolve 2 scenario
Scenario one – Sync user data from AD Azure into IAS
Scenario two – Distribute user from IAS into SAP Cloud application (BTP, S4HC, SF, SAC, …)
For tutorial simple and with demo purpose IAS/IPS, I just sync user from IAS into SAP BTP ABAP Environment.
On IAS, I create one group ABAP Developer, and add user into it. After that I will use this user logon to SAP BTP ABAP environment by ADT Eclipse.
I finish this article, we need:
- SAP BTP Trial account
- SAP BTP ABAP Environment (FreeTier)
- SAP IAS Tenant
- Application Development Tool – ADT Eclipse
Step by step
Create Business Role on SAP BTP ABAP Environment
Create User group on IAS
User group on IAS must have name the same with Business Role on SAP Application cloud. Example SAP BTP ABAP ENV
Create user on IAS
Add user into user group in IAS
Create source system (IAS) by IPS
Download certification outbound of source and inport into user system of IAS
Configuration properties for source system
This step, we can reference on SAP help to know what value to configure. This is my cofiguration
Create target system (SAP BTP ABAP Environment) on IPS
Download certificate outbound of target system
This step, we have to download certificate of outbound to configure communication user in SAP BTP ABAP Environment. It’s mean create connection from IAS to SAP BTP ABAP also
Download outbound certificate
Go to SAP BTP ABAP Environment and create communication user, import certificate also
Create communication system on SAP BTP ABAP
This step we will create communication system on SAP BTP with inbound connection from IAS to SAP BTP. We also import user on above step as inbound user
Create communication Arrangement with scenario SAP_COM_0193
This step, we will create communication aarangments with scenario SAP_COM_0193. We also add system and user above in this configure.
We also get API URL of this communication arrangement to configure in properties of target system in IAS.
Configuration properties for target system on IAS
This step we have to configure properties for target system on IAS. This step we can reference on SAP help for more details.
OK well done. Next we will test this scenario by run job and check log.
Run Job from source system to sync user from IAS to SAP BTP ABAP
Check job log
Check on SAP BTP ABAP Environment
Connect ADT with this user
Ok well done, so long but just screen capture :). In this article I shared my understand how to provision user from IAS into SAP BTP ABAP Environment and login user in IAS into SAP BTP ABAP by ADT eclipse. Thanks for your reading, any advise kindly leave your comment on this.
Joseph Huy Nguyen