Describing SAP Cloud Platform Identity Services - Identity Authentication

Objectives

After completing this lesson, you will be able to:

  • Describe SAP Cloud Platform Identity Services - Identity Authentication

SAP Cloud Platform Identity Services - Identity Authentication

SAP Cloud Platform Identity Authentication Service is a cloud service that provides services for authentication, single sign-on (SSO), user management, and on-premise integration. It also provides convenient user self-services such as registration and password reset for employees and partners.

The identity authentication service provides security features for protecting access to applications, support to define risk-based authentication rules, two-factor authentication, and delegated authentication to on-premise user stores and other identity providers for secure authentication and user management cloud based systems as well as on-premise systems.

It provides services for authentication, single sign-on, and user management. SAP Cloud Platform Identity Authentication Service (AIS) can be used with SAP Identity Management or deployed along with other service offerings from SAP, such as Identity and Access Management as a service.

SAP Cloud Platform Identity Authentication is offered as a stand-alone service. However, being tightly integrated with SAP Cloud Platform, it is also provided as part of it as well as a part of many other cloud solutions from SAP. This establishes it, de facto, as the central authentication hub for customers using both SAP and non-SAP software.

Key features of SAP Cloud Platform Identity Authentication are:

1. Single Sign-On (SSO)
SAP Cloud Platform Identity Authentication offers single sign-on capabilities that allow users to log in once and gain access to a variety of applications and services without needing to sign in again.
2. Multifactor Authentication:
It allows administrators to increase the security of their applications by requiring users to verify their identity using more than one method of validation.
3. User Store:
It provides a user store which can be used to manage users and their identities across multiple applications.
4. Identity Federation
This feature enables users to utilize their existing corporate credentials to authenticate with SAP Cloud applications through SAML 2.0-based federation.
5. Risk-Based Authentication
With this feature, the system determines the risk level of a request and can elevate or reduce the authentication level based on the risk score.
6. Provisioning and Deprovisioning
Administrators can easily manage user accounts, including adding, modifying, or deleting user accounts, based on the changes in the underlying identity information.
7. Social Sign-On
Users can use their social network identities from providers like Facebook, LinkedIn, and so on, to access the cloud application.
8. Mobile authentication
This feature allows for secure mobile authentication via SAP's Authenticator app.
9. Compliance
It complies with several industry standards, including GDPR, and privacy and security regulations. It also supports country-specific data centers.
10. Self-Service
It enables self-service password resets and self-registration to reduce the burden on administrators.
11. Reporting
Provides comprehensive reporting and auditing capabilities.

SAP Cloud Platform Identity Authentication – XYZ Manufacturing Ltd (Example Company)

XYZ Manufacturing Ltd. uses a multitude of cloud services and applications, including an inventory management system, HR system, collaboration tools, and a custom-built sales tracking solution on the SAP Cloud Platform. Each of these applications required separate sign-in, creating a burden for the employees, who had to remember several usernames and passwords. Moreover, the IT department had to manage all these separate accounts, which was a complex and time-consuming task.

To solve these issues, XYZ Manufacturing Ltd. opted to use SAP Cloud Platform Identity Authentication. This tool allowed the organization to set up single sign-on (SSO) capabilities, meaning that employees could now use a single pair of credentials to access all their necessary applications, simplifying their login process significantly and increasing productivity.

XYZ Manufacturing Uses SAP Cloud Identity Authentication to Enhance Security

Moreover, SAP Cloud Platform Identity Authentication provided multifactor authentication which enhanced the security across all systems. Risk-based authentication was utilized to provide different levels of access based on the sensitivity of the data.

The integration of SAP Cloud Platform Identity Authentication simplified and centralized the user management process for the IT department as they could now easily manage user accounts from one place. Any change in user status was updated across all the applications, saving time and avoiding discrepancies.

In addition, the reporting features improved the auditing process, providing visibility and accountability on who accessed what data and when.

Overall, SAP Cloud Platform Identity Authentication helped XYZ Manufacturing Ltd. to simplify their user and access management, improve their security, and increase employee productivity.

Log in to track your progress & complete quizzes