Exploring the Identity Authentication Service

Objective

After completing this lesson, you will be able to explore Cloud Identity Services UI.

Identity Authentication

Overview

We will now examine authentication and Single Sign-On for users in the cloud.

The Identity Authentication Service (IAS) provides you with controlled cloud-based access to business processes, applications, and data. It simplifies your user experience through authentication mechanisms, Single Sign-On, on-premise integration, and convenient self-service options.

Choose one of the supported authentication methods to control access to your application, like Form, SPNEGO, Social, or two-factor authentication. Use the SAML 2.0 protocol to provide Single Sign-On. Integrate your application programmatically using authentication using API.

Configure Risk-Based Authentication

Help enforce two-factor authentication based on IP ranges, user groups, user type, or the authentication method to manage access to a business application.

Delegate Authentication

Delegate authentication to a third-party or on-premise IdP as default or based on a condition like IdP, e-mail domain, user type or user group, and thus enable SSO across on-premise and the cloud.

Use API

Use the SCIM REST API to manage users and groups, invite users, and customize end-user UI texts in any language.

How to Explore Identity Authentication Service

In this demonstration, you will familiarize yourself with some of the capabilities that the Cloud Identity Services provides. Some are common among Identity Authentication Services and Identity Provisioning Services, others are specific.

Note

To watch the following demonstration, and other demonstrations in this course, Chrome is the recommended browser.
DemoStart Demo

How to Explore Applications and Resources

In this demo, you will learn where to locate some security-relevant functions, from granting or restricting access to applications based on a range of IP addresses to establishing which kind of changes on security-related data should trigger a notification, for example, an e-mail change.

DemoStart Demo

How to Explore Identity Providers

The Cloud Identity Services offer multiple choices for Identity Authentication. In this demo, you will see a range of possible options from generic solutions compliant with industry standards like SAML (Security Authentication Markup Language) to well-known social media identity providers.

DemoStart Demo

How to Explore Users and Authorizations

This demo illustrates some of the capabilities of user management in the SAP BTP. For those who are familiar with well-known SAP systems like SAP ERP Central Component (ECC) and SAP S/4HANA, you will find a different approach to user management. A user can be defined and can inherit authorizations from an assigned group. As you explore further, you will learn that in addition to groups and role collections, other objects are also relevant to establish what actions a user can or cannot perform, for example scopes. Some concepts like exclude lists may be new, but at this stage, you are just beginning to understand the fundamentals of user management in SAP BTP.

DemoStart Demo

Log in to track your progress & complete quizzes

Learning

SAP FacebookSAP YoutubeSAP LinkedIn