Professional Documents
Culture Documents
Introduction
Delegated Authentication
Further Information
This is the current state of planning and may be changed by SAP at any time.
SAP Cloud Platform Identity Authentication provides secure access to web applications.
It is a software as a service (SaaS) offering by SAP
Access protection
Identity federation based on SAML 2.0
Web single sign-on and desktop SSO
Secure on-premise integration with existing authentication system
Social and strong authentication
Risk-based authentication
Authenticate Cloud
applications Authenticate Self registration
Social authentication
SSO Identity …
Identity Data Authentication
Authentication On-premise
Authenticate
Active Directory
Data
Cloud On-premise
Corporate applications
SF Employee Microsoft:
S4HANA IBP
Central Office365, Azure
C4C
Jam Cloud Analytics Travel, …
Cloud for Customer
Authentication, SSO
Authentication, Provisioning
On-premise
HCM Identity Management
HR IDM IdP
Cloud On-Premise
Facebook Google+
Twitter
Social Authentication
(optional)
… ….
Innovation
Management
SAP Document
Center Other
Cloud Portal Sites
Corporate Network
Public access
Self registration is allowed
Social authentication [optional]
Internal access
User status Only users already registered
new, active, are entitled to access
inactive, locked
Private access
Only users registered for the
application can access
Custom password policies serve the need to comply with corporate security guidelines
Allow
U p
Two-factor authentication
Deny
Corporate Network
SPNEGO* authentication
Users authenticated with corporate
dentity Authentication LDAP enjoy single sign-on to cloud
Service
applications without re-authentication
Applicat ions Reuse of existing corporate identity
infrastructure
Secure authentication and SSO for
cloud and on-premise web applications
Kerberos Increase user productivity in B2E
token
scenarios
LDAP
Corporate LDAP
credentials AS AAP
Corporate Network
* Simple and Protected GSSAPI Negotiation Mechanism
Secure your business network and allow partner users to login via their corporate IdP
„ User Group 1“
SAML IdP 1 can access via
SAML IdP 1
dentity Authentication
Service
Application
SAML IdP 2
„ User Group 2“
can access via
SAML IdP 2
SAP Cloud Platform Identity Authentication as a proxy to multiple SAML identity providers
Authentication is initiated by the SAML identity provider
Upon successful authentication, a check for correct user group assignment can be configured (optional)
User administration
Web based user management
User search
Mass user import/export
Monitor user access
Integration
Programmatic integration via
SCIM REST APIs
User self services reduce TCO especially for B2C- and B2B-scenarios
User profile
Edit details & change password
Mobile device activation (for TFA)
(Un-)Link social accounts
Product features
Responsive UIs
Multilanguage support
User interface, email templates and registration policies can be adjusted to corporate needs
Customization features
Company Logo
Application name and logo
Color style
Terms of use & privacy policy
Adjust UI texts via API
Mail templates (account confirmation,
forgot pwd., et al.)
Product features
Responsive UIs
Multilanguage support
Marko Sommer
Product Manager
marko.sommer@sap.com
Christian Cohrs
Product Manager
christian.cohrs@sap.com
Appendix
Acronym glossary
C4C SAP Cloud for Customer SAML Security Assertion Markup Language
HCP SAP HANA Cloud Platform SCIM System for Cross-domain Identity Management
IdP / SP Identity Provider / Service Provider (SAML) TCO Total Cost of Ownership
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company.
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate
company) in Germany and other countries. Please see http://global12.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices.
Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors.
These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP SE or its
affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP SE or SAP affiliate company products and
services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as
constituting an additional warranty.
In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop
or release any functionality mentioned therein. This document, or any related presentation, and SAP SE’s or its affiliated companies’ strategy and possible future
developments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time
for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-
looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place
undue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions.