Applications and services in SAP BTP and even the SAP BTP cockpit do not store user information. Instead, a redirect for authentication to an Identity Provider (IdP) is required. This concept makes it possible to decouple and centralize authentication functionality from application capabilities and authorization management. The SAP BTP offers the possibility to use the SAP ID Service or custom Identity Providers from your IT landscape.
SAP ID Service is the default identity provider in SAP BTP. It is a pre-configured, standard SAP public IdP (account.sap.com) that is shared by all customers. It has a pre-configured trust connection to all SAP BTP subaccounts. The SAP ID Service is fully managed and provided by SAP and you are only able to create a free user inside of this SAP ID Service. The SAP ID Service is also used for official SAP sites, including the SAP developer and partner community. It is the place where the S-Users, P-Users and D-Users are managed.
For many customers, users might be stored in corporate identity provider. SAP recommends using SAP Cloud Identity Services – Identity Authentication Service (IAS) as a hub.
You can connect IAS as a single custom identity provider to SAP BTP. Further, you can use IAS to integrate with corporate identity providers existing in your companies IT landscapes.