Central Store-Based Provisioning: The Ultimate Solution for Application User Sync from IPS šŸ”

Central Store-Based Provisioning: The Ultimate Solution for Application User Sync from IPS šŸ”
Estimated read time 4 min read

Central store-based provisioning enables the automatic provisioning of application-specific groups from the Identity Directory to the target systems whenever changes occur. These changes include user assignments or modifications of group attributes.

Note

Currently, application-specific groups are supported forĀ 

SAP Advanced Financial ClosingSAP Ariba ApplicationsSAP Analytics CloudSAP Application Server ABAPSAP Ariba Central Invoice ManagementSAP Sales Cloud and SAP Service CloudMicrosoft Entra IDLocal Identity Directory provisioning systems

Create Application-Specific Groups or Assign Application-Specific Groups to existing Group

you can create application-specific groups in the Identity Directory of your SAP Cloud Identity Services tenant and provision them afterward to target systems of your choice.

Operating with application-specific groups by Identity Provisioning service requires having a source system with set propertyĀ ips.application.id. By running provisioning jobs from such source system you can create, update, and delete application-specific groups in the Identity Directory of your SAP Cloud Identity Services tenant, depending on the values of their attributes.

Enable or Disable Central Store-Based Provisioning

You can enable or disable theĀ Central Store-Based ProvisioningĀ option in theĀ administration console forĀ SAP Cloud Identity Services.

UnderĀ Applications and Resources, choose theĀ ApplicationsĀ tile.Choose the application that you wantUnder theĀ ProvisioningĀ tab, enable or disable theĀ Central Store-Based ProvisioningĀ optionOnce the application has been updated, the system displays the messageĀ Application <name of application> updated.

When you enable theĀ Central Store-Based ProvisioningĀ for a specific application, whenever you update an application-specific group associated with this application, a provisioning of the updates is triggered, there is no need to run manual or scheduled jobs in the Identity Provisioning

IPS Transformation Changes

Select the relevant source system, open theĀ PropertiesĀ tab, chooseĀ EditĀ and add the propertyĀ ips.application.id =6f187cce-2f51-4efd-9bf4-9a8aabdd1c9cMonitor Central Store Logs

Central Store Logs provide information about the application-specific groups that have been provisioned from the Identity Directory to your target systems.

Note

Central Store LogsĀ are enabled and will appear underĀ Provisioning LogsĀ whenever changes to application-specific groups occur in the Identity Directory, such as assigning users or modifying group attributes.

Ā select your Identity Provisioning —>Ā  Provisioning LogsĀ —>Ā  Central Store Logs

Ā 

ā€‹Ā Central store-based provisioning enables the automatic provisioning of application-specific groups from the Identity Directory to the target systems whenever changes occur. These changes include user assignments or modifications of group attributes.NoteCurrently, application-specific groups are supported forĀ SAP Advanced Financial ClosingSAP Ariba ApplicationsSAP Analytics CloudSAP Application Server ABAPSAP Ariba Central Invoice ManagementSAP Sales Cloud and SAP Service CloudMicrosoft Entra IDLocal Identity Directory provisioning systemsCreate Application-Specific Groups or Assign Application-Specific Groups to existing Groupyou can create application-specific groups in the Identity Directory of your SAP Cloud Identity Services tenant and provision them afterward to target systems of your choice.Operating with application-specific groups by Identity Provisioning service requires having a source system with set propertyĀ ips.application.id. By running provisioning jobs from such source system you can create, update, and delete application-specific groups in the Identity Directory of your SAP Cloud Identity Services tenant, depending on the values of their attributes.Enable or Disable Central Store-Based ProvisioningYou can enable or disable theĀ Central Store-Based ProvisioningĀ option in theĀ administration console forĀ SAP Cloud Identity Services.UnderĀ Applications and Resources, choose theĀ ApplicationsĀ tile.Choose the application that you wantUnder theĀ ProvisioningĀ tab, enable or disable theĀ Central Store-Based ProvisioningĀ optionOnce the application has been updated, the system displays the messageĀ Application <name of application> updated.When you enable theĀ Central Store-Based ProvisioningĀ for a specific application, whenever you update an application-specific group associated with this application, a provisioning of the updates is triggered, there is no need to run manual or scheduled jobs in the Identity ProvisioningIPS Transformation ChangesSelect the relevant source system, open theĀ PropertiesĀ tab, chooseĀ EditĀ and add the propertyĀ ips.application.id =6f187cce-2f51-4efd-9bf4-9a8aabdd1c9cMonitor Central Store LogsCentral Store Logs provide information about the application-specific groups that have been provisioned from the Identity Directory to your target systems.NoteCentral Store LogsĀ are enabled and will appear underĀ Provisioning LogsĀ whenever changes to application-specific groups occur in the Identity Directory, such as assigning users or modifying group attributes.Ā select your Identity Provisioning —>Ā  Provisioning LogsĀ —>Ā  Central Store LogsĀ Ā Ā Read MoreĀ Technology Blogs by SAP articlesĀ 

#SAP

#SAPTechnologyblog

Avatar for

You May Also Like

More From Author