An identity provider (IdP) is a service that manages and stores identity information for individuals or entities, such as usernames, passwords, and other personal data. It provides authentication and authorization services, allowing users to access multiple applications and services using a single set of login credentials.
IdPs are commonly used in Single Sign-On (SSO) systems, where users can log in once and access various applications without having to log in separately to each one. Examples of identity providers include Google, Microsoft, and Okta.
Applications and services in SAP BTP and even the SAP BTP Cockpit do not store user information locally. Instead, authentication requires redirecting to an IdP. This concept allows for decoupling and centralizing authentication functionality from application capabilities and authorization management. The SAP BTP offers the possibility of using the SAP ID Service or custom identity providers from your IT landscape.
SAP ID Service is the default identity provider in SAP BTP. It is a preconfigured, standard SAP public IdP (account.sap.com) that all customers share. It has a preconfigured trust connection to all SAP BTP subaccounts. The SAP ID Service is fully managed and provided by SAP and you can only create a free user inside this SAP ID service. The SAP ID Service is also used for official SAP sites, including the SAP developer and partner community. It is where the S-Users, P-Users, and D-Users are managed.
For many customers, users can be stored in a corporate identity provider. SAP recommends using SAP Cloud Identity Services—Identity Authentication Service (IAS) as a hub.
You can connect IAS as a single custom identity provider to SAP BTP. Further, you can use IAS to integrate with corporate identity providers in your company's IT landscape.
Lesson Summary
Now, you can describe what is the main role of the identity providers in the context of the SAP ecosystem.