Knowledge Prerequisites
What are IdP and SP?
-> An Identity Provider (IdP) is a system or service that creates, maintains, and manages identity information for users and provides authentication services to relying applications or service providers.
-> A Service Provider (SP) is a system or application that relies on an Identity Provider (IdP) to authenticate users and provide access to protected resources.What are SSO and SAML ?
-> Single sign-on (SSO) is a technology which combines several different application login screens into one. With SSO, a user only has to enter their login credentials (username, password, etc.) one time on a single page to access all of their SaaS applications.
-> SAML (Security Assertion Markup Language) is an XML-based open-source standard protocol used for exchanging authentication and authorization data between Identity Providers (IdP) and Service Providers (SP).
!!! SAML is a protocol for implementing SSO !!!What is IAS ?
-> SAP Identity Authentication Service (IAS) is a cloud service that provides secure authentication mechanisms for users accessing SAP and non-SAP applications. It acts as an Identity Provider (IdP) and supports SAML 2.0, OAuth 2.0, and OpenID Connect protocols.What is Okta ?
-> Okta is a cloud-based identity and access management (IAM) platform that enables organizations to securely connect the right people to the right technologies at the right time. It offers services such as SSO, MFA, user lifecycle management, and API access management.
3 different ways to log in Datasphere using SSO
IAS (IdP) -> DS (SP)
Scenario:
SAP IAS acts as the identity provider and directly authenticates users accessing Datasphere.Suitable for:
1) User information is maintained in IAS. Organizations using SAP’s native identity solution.
2) Seamless SSO access to all SAP cloud products.
Okta (IdP) -> DS (SP)
Scenario:
Okta directly acts as the identity provider for Datasphere. Suitable for:
1) Companies already using Okta or another external IdP.
2) User identities are centrally managed in Okta.
Okta (IdP) -> IAS (Proxy) -> DS (SP)Scenario:
Okta is the source of identities, but IAS is used as a proxy to enhance authentication flow and enable SAP-specific features.Suitable for:
1) Identities are managed in Okta.
2) Need to use IAS for advanced features like: Attribute mapping; Role-based access control; SAML assertion customization; Deep integration with SAP systems
3) Ideal for hybrid environments requiring both enterprise-level IdP control and SAP-specific integration.
Knowledge PrerequisitesWhat are IdP and SP? -> An Identity Provider (IdP) is a system or service that creates, maintains, and manages identity information for users and provides authentication services to relying applications or service providers. -> A Service Provider (SP) is a system or application that relies on an Identity Provider (IdP) to authenticate users and provide access to protected resources.What are SSO and SAML ? -> Single sign-on (SSO) is a technology which combines several different application login screens into one. With SSO, a user only has to enter their login credentials (username, password, etc.) one time on a single page to access all of their SaaS applications. -> SAML (Security Assertion Markup Language) is an XML-based open-source standard protocol used for exchanging authentication and authorization data between Identity Providers (IdP) and Service Providers (SP). !!! SAML is a protocol for implementing SSO !!!What is IAS ? -> SAP Identity Authentication Service (IAS) is a cloud service that provides secure authentication mechanisms for users accessing SAP and non-SAP applications. It acts as an Identity Provider (IdP) and supports SAML 2.0, OAuth 2.0, and OpenID Connect protocols.What is Okta ? -> Okta is a cloud-based identity and access management (IAM) platform that enables organizations to securely connect the right people to the right technologies at the right time. It offers services such as SSO, MFA, user lifecycle management, and API access management.3 different ways to log in Datasphere using SSOIAS (IdP) -> DS (SP)Scenario: SAP IAS acts as the identity provider and directly authenticates users accessing Datasphere.Suitable for: 1) User information is maintained in IAS. Organizations using SAP’s native identity solution. 2) Seamless SSO access to all SAP cloud products. Okta (IdP) -> DS (SP)Scenario: Okta directly acts as the identity provider for Datasphere. Suitable for: 1) Companies already using Okta or another external IdP. 2) User identities are centrally managed in Okta.Okta (IdP) -> IAS (Proxy) -> DS (SP)Scenario: Okta is the source of identities, but IAS is used as a proxy to enhance authentication flow and enable SAP-specific features.Suitable for: 1) Identities are managed in Okta. 2) Need to use IAS for advanced features like: Attribute mapping; Role-based access control; SAML assertion customization; Deep integration with SAP systems 3) Ideal for hybrid environments requiring both enterprise-level IdP control and SAP-specific integration. Read More Technology Blog Posts by SAP articles
#SAP
#SAPTechnologyblog
ALL THE DRAMA FROM Q2 IN FULL | Bielsko-Biala | UCI Downhill World Cup
