Adding User Groups to the Users in the Identity Provider

Objective

After completing this lesson, you will be able to add user groups to the users in the Identity Provider

Add User Groups to the Users in the Identity Provider

In IAS, select the User Groups tile.

Screenshot of the SAP Identity Authentication Service interface. The page shows the Users & Authorizations section with tiles: User Management, User Groups (highlighted), Administrators, Import Users, Export Users, Real-Time Provisioning, Schemas, Exclude Lists, and Identity Provisioning Service. The top menu includes Home, Users & Authorizations, Applications & Resources, Identity Providers, and Monitoring & Reporting. The bottom section displays Applications & Resources with tiles for Applications, Tenant Settings, Terms of Use Documents, Privacy Policy Documents, E-Mail Template Sets, and Password Policies. Numbers indicate counts on some tiles.

Note

Keep in mind that each User Group corresponds to a role collection in SAP Business Technology Platform and a user role in the SAP Intelligent Agriculture application.

Steps

  1. After selecting the user, (1) click on User Groups, and in the upper right corner, (2) choose Assign Groups.

    Screenshot of the SAP Identity Authentication Service showing user details for Gustavo Camargo. The left menu includes options: User Management, User Groups, Administrators, and more under Users & Authorizations. The main section displays tabs for User Details, Applications, Legal, Authentication, and User Groups (highlighted). The Assigned Groups section lists groups: intagri_Data_Scientist, intagri_Farm_Manager, intagri_Master_Data_Manager, intagri_Operations_Planner, and intagri_Operator, with corresponding display names and descriptions. Assign Groups is highlighted in the upper right corner.

    You can then select the relevant user group(s) for the user. For example, if this user is assigned the Farm Manager user group, they will have the necessary role and permissions to perform actions as a Farm Manager.

    When the user groups (roles) are assigned to a user, the roles will be available the first time the user logs into the system.

  2. The next step, will be assigning the farms for which they can perform these actions within the user assignment area of SAP Intelligent Agriculture.

    Note

    It's not necessary to add the roles to the subaccount. The role association can only be done in IAS (Identity Authentication Service), and will be replicated to the database the first time the user accesses the application.

    Video Summary

    This educational video explains how to add user groups to each user in the EAS (Enterprise Application Services). It is explained that each user group on EAS corresponds to a role in SAP Business Technology Platform (SAP BTP) and the Intelligent Agriculture application. The process of adding user groups leads to automatic role assignments on the user's first access to the application.

    The video also demonstrates how to select a user and assign them to user groups, indicating that these roles will be replicated in the application's database during the user's first access. Viewers are assured that it isn’t necessary to add these roles in the subaccount—only in the EAS. The addition of these user groups means that each role will consequently be added to the user's Intelligent Agriculture application. The video concludes with a promise for a future tutorial on managing these roles.

    Video Summary

    This video showcases the process of mapping roles for user groups. The action is taken in the context of accessing the Intelligent Agriculture application for the first time. The presenter selects and configures the Identity Provider (IDP), noting that the default IDP cannot be used for application access and a different IDP must be configured accordingly.

    The tutorial proceeds to demonstrate how to manage assignments, offering options to change permissions for each user for every particular 'farm'. In this setup, the first user who accesses the system has unrestricted rights enabling them to assign rights to other users. The video notes that every user automatically created in the system when created in the AIS.

    The tutorial also clarifies the correlation between user groups in the AIS and roles in the application. It illustrates how the removal of a user group in the AIS reflects in the application after logging in and out. The video concludes with an explanation of how roles can be updated in the AIS and subsequently in the application after logging out and logging back in.

Log in to track your progress & complete quizzes

Learning

SAP FacebookSAP YoutubeSAP LinkedIn