SAP Business One 10.0 System Landscape Directory (SLD) uses Keycloak as its Identity and Access Management (IAM) solution. During the installation, a dedicated realm for SAP Business One is created in Keycloak by default, with the SAP Business One Authentication Server set as the default identity provider. However, the default identity provider is limited to SAP Business One logins only. To enable Single Sign-On between SAP Business One, SAP Business Technology Platform (SAP BTP) applications, and other cloud applications or services, you should add and use an external identity provider (IdP), such as the Identity Authentication service.
In this video, you’ll learn how to configure IAM for SAP Business One using Identity Authentication service as an IDP. This configuration establishes a trust relationship between the service provider (SAP Business One SLD) and the Identity Authentication service tenant. This enables SAP Business One to delegate user authentications to the Identity Authentication service for Single Sign-On (SSO).
Applying this configuration involves:
- Adding SAP Business One as a new application in the Identity Authentication service tenant.
- Configuring the Identity Authentication service as the IDP in the SAP Business One System Landscape Directory (SLD).
- Binding the Identity Authentication service users to SAP Business One companies and users.
Note
If your organization has already purchased SAP Cloud Solutions that bundles the Identity Authentication service, it is entitled to an Identity Authentication service tenant, and you can access it if you are one of the tenant's administrators. If no tenant exists, you need to get an SAP BTP account and an Identity Authentication service tenant prior to configuring the IAM. Refer to the following resources: