Describing Identity Provisioning Services

Objective

After completing this lesson, you will be able to explore SAP Cloud Platform Identity Provisioning Service (IPS).

Identity Provisioning Service

Identity Provisioning is designed to provide customers with easy identity and access management for cloud-based solutions. As with the Identity Authentication service, the Identity Provisioning service can be used with SAP Identity Management to extend Compliant Identity Management to cloud-based systems or deployed as part of SAP Identity and Access Management as a service. The service automates those processes and helps you provision identities and related authorizations to various cloud and on-premises business applications.

Diagram showing the Identity Provisioning process. Cloud users' attributes are retrieved and accounts are created and authorized. On-Premise users' attributes are also retrieved, involving a corporate network.

The Identity Provisioning solution allows you to do the following:

  • Manage user accounts and authorizations across Cloud and On-Premise systems
  • Provision identities from user stores in the Cloud and On-Premise
  • Centralized end-to-end life cycle management of corporate identities
  • Fast and efficient administration of user onboarding
  • Enable business applications to support Single Sign-On with Identity Authentication quickly

As a Key Value Proposition, the solution provides the following:

  • Rapid scenario extensions using optimized connectors for provisioning users and groups among multiple supported SAP and non SAP cloud and On-Premise systems
  • Connectors for source, target, or proxy systems in your provisioning scenario
  • Flexible data transformations, in which connectors can be customized using either the graphical editor or the JSON editor
  • Automatic delivery of default provisioning systems for specific SAP Cloud solutions
  • Real-time provisioning with dedicated source systems
  • Consumable either directly through built-in APIs or from the user interface (UI), so the UI is integrated into the administration console in SAP Cloud Identity Services, together with the rest of its services
  • SCIM-compliant integration with identity management solutions
  • Ability to deal with cloud and on-premises user stores as sources, relying on dedicated integration with any local identity stores to ease adoption of the IAM reference architecture
  • Comprehensive job scheduling for provisioning processes
  • Fast and efficient administration of user onboarding
  • Centralized end-to-end life cycle management of corporate identities in the Cloud
  • Automated provisioning of existing On-Premise identities to Cloud applications
Diagram showing SAP Cloud Identity Service and SAP Cloud Business Applications. End User accesses applications with Single Sign-On after Identity Authentication and Provisioning. Apps include SAP Concur and SAP Hybris.

Identity Provisioning enables an organization to manage identity life cycle processes for On-Premise and Cloud applications centrally. The solution complies with System for Cross-domain Identity Management (SCIM) standards. It provides for provisioning and deprovisioning users and their authorizations to cloud business applications using identity data from existing central user stores.

The service supports policy-based assignments via rules defined based on user input. Identity mapping across multiple data models is supported. This allows Identity Provisioning to act as an Identity Directory to store and aggregate identity data in the cloud. The service can take data from multiple user data sources and merge the attribute context from different sources before writing to target systems.

SAP Cloud Identity Services - Identity Provisioning supports various systems for provisioning, including both SAP and non SAP applications. Supported systems are expanding consistently, but some critical systems include:

  • SAP S/4HANA: Identity Provisioning can be used to manage user identities and access permissions for SAP's premier ERP solution.
  • SAP SuccessFactors: User data can be synchronized, simplifying the management of employees' access to HR services.
  • SAP Cloud Identity Access Governance (IAG): This solution provides central access control for SAP systems across various platforms.
  • SAP Cloud Platform: Identity Provisioning can manage access to applications hosted on the Cloud platform.
  • Microsoft Active Directory: Many organizations use this as the primary store for user information. It can be integrated with Identity Provisioning to automate identity processes.
  • Microsoft Azure AD: This is also supported for synchronizing user identities and roles with cloud-based applications.
  • SCIM-Enabled solutions: SCIM is an open standard that automates user provisioning. It can create, update, and deprovision identities in cloud-based applications and services or synchronize identities between different systems.
  • SAP Ariba, SAP Fieldglass, SAP Concur, and other cloud-based SAP applications.

Note

Make sure to check the latest list of supported systems on SAP's official website or by contacting their support services, as they continually add support for more systems and applications.

Learn more: SAP Cloud Identity Services - Identity Provisioning.

Lesson Summary

You can now describe the main features of the Identity Provisioning Service.

Learning

SAP FacebookSAP YoutubeSAP LinkedIn