Reference Architectures for Implementing SAP Cloud Identity Services
- Predefined Best Practices: Reference architectures are based on industry best practices, reducing the time required to design IAM solutions from scratch.
- Streamlined Decision-Making: They provide a clear blueprint for integrating IAM with SAP systems, minimizing confusion, and analysis paralysis during the planning stages.
- Consistency Across Systems: They ensure a consistent approach to managing user identities, roles, and permissions across multiple SAP systems (for example, SAP ERP Central Component (SAP ECC), SAP S/4HANA, SAP Fiori).
- Reduction of Errors: By following a proven framework, customers avoid costly mistakes that might arise from designing IAM solutions in an ad hoc manner.
- Adaptable to Growth: Reference architectures are designed to scale as businesses grow and add more SAP modules or systems.
- Support for New Technologies: They align with SAP's roadmap and evolving technologies, ensuring compatibility with future updates.
Working with Reference Architectures
- Consider your current mode of operation regarding the proposed reference architecture. Outline a rough picture of your current components and how they interact with one another. You can check the data and other flows to be considered in the reference architecture for completeness. Do not try to include all aspects of your landscape into the draft; the goal is to focus on a given topic.
- Now that you have an idea of your landscape, you can check what your delta to the proposed reference architecture is: why are you using two instead of one component? Why don't you use certain components and functionalities at all? Are there any pain points you would like to avoid? What are those pain points and what is their priority to you?
- From this view on your current landscape, the reasons why it looks the way it does, and your thematic pain points including their priorities, you can now check if it makes sense to adopt the reference architecture and what this adoption should look like. Is there an intermediate mode of operation before you can adopt the future mode? What else needs to be considered? As security is an integrative topic, you might need to talk to other teams before you decide on any outcome.
- Also consider POCs (proof of concepts) for testing that your solutions work in your environment. They can help you point to prerequisites that you didn't consider previously.
Reference Architecture for Identity and Access Management (IAM) in SAP Landscapes
The figure explains the reference architecture for Identity and Access Management (IAM) in SAP landscapes.
The core of the Reference Architecture for IAM consists of SAP BTP and SAP Cloud Identity Services which play a vital role in SAP's IAM strategy. These elements serve as the foundation for secure user access and management across various SAP solutions. While it is possible to directly connect some applications to your own IAM solution, bypassing SAP Cloud Identity Services, SAP recommends that you integrate through SAP Cloud Identity Services. An increasing number of scenarios require its use and direct point-to-point connections may not deliver optimal performance.
For more practical, implementation-focused reference architectures that explain the domains of Authentication, Authorization, and Identity Provisioning, see SAP Discovery Center. The next lessons will explain these reference architectures.