Tell us what you think

We want to create the best possible experience for our learners. Your feedback helps us to improve the experience for everyone.

Exploring the Identity Authentication Service

Objective

After completing this lesson, you will be able to exploring Cloud Identity Services UI

Identity Authentication

Overview

We will now examine authentication and single sign-on for users in the cloud.

The Identity Authentication Service provides you with controlled cloud-based access to business processes, applications, and data. It simplifies your user experience through authentication mechanisms, single sign-on, on-premise integration, and convenient self-service options.

Choose one of the supported authentication methods to control access to your application, like Form, SPNEGO, Social, or two-factor authentication. Use SAML 2.0 protocol to provide single sign-on. Integrate your application programmatically using authentication using API.

Configure Risk-Based Authentication

Help enforce two-factor authentication based on IP ranges, user groups, user type, or the authentication method to manage access to a business application.

Delegate Authentication

Delegate authentication to a third-party or on-premise IdP as default or based on a condition like IdP, e-mail domain, user type or user group, and thus enable SSO across on-premise and the cloud.

Use API

Use SCIM REST API to manage users and groups, invite users,and customize end-user UI texts in any language.

How to Explore Identity Authentication Service

In this demonstration, you will familiarize yourself with some of the capabilities that the Cloud Identity Services provides. Some are common amongst Identity Authentication Services and Identity Provisioning Services, others are specific.

Note

To watch the following demonstration, and other demonstrations in this course, Chrome is the recommended browser.

DemoStart Demo

How to Explore Applications and Resources

In this demo, you will learn where to locate some security-relevant functions, from granting or restricting access to applications based on a range of IP addresses to establishing which kind of changes on security-related data should trigger a notification, for example an email change.

DemoStart Demo

How to Explore Identity Providers

The Cloud Identity Services offer multiple choices for Identity Authentication. In this demo, you will see a range of possible options from generic solutions compliant with industry standards like SAML (Security Authentication Markup Language) to well-known social media identity providers.

DemoStart Demo

How to Explore Users and Authorizations

This demo illustrates some of the capabilities of User Management in the SAP BTP. For those who are familiar with well known SAP systems like SAP ECC and SAP S/4HANA, you will find a different approach. A user can be defined and inherit authorizations from a group assigned to them. As you will have the chance to acquire more knowledge, you will find that, besides groups and role collections, other objects are relevant to establish what a user can do or not do, for example scopes. Some concepts like Exclude lists will be new to some, but at this stage you are still beginning.

DemoStart Demo

Next lesson