Enterprise Resource Planning Blog Posts by SAP
Get insights and updates about cloud ERP and RISE with SAP, SAP S/4HANA and SAP S/4HANA Cloud, and more enterprise management capabilities with SAP blog posts.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Introducing Identity and Authentication Management in SAP Business One Cloud

Guy_Sujetzki
Product and Topic Expert
Product and Topic Expert
‎2024 Jun 06 4:14 PM
2,285

 

Identity and Authentication Management in SAP Business One Cloud

If you’re working on SAP Business One in a Cloud environment, there is a good chance you are using Cloud Control Center (CCC) to manage the product's Lifecycle operations leveraging from its integration with Microsoft’s Active Directory service. Since CCC’s launch, the built-in integration to Active Directory service has served as the primary backbone for managing users access to SAP Business One in a secured and reliable manner.
With CCC’s PL 20, we’re taking it one step further by adding the option to use Identity Provider (IDP) services for signing-in to SAP Business One. By utilizing IDP services in CCC, hosting providers can offer their customers a seamless user experience by signing in to SAP Business One with their own IDP accounts (e.g. same Azure account they may use for MS365) and utilizing security best practices such as Two Factor Authentication.

Getting started

If you are familiar with Identity and Authentication management (IAM) solution in SAP Business One (Click here to read my latest blog on it), good news 😎 you are well on the way to mastering the setup of IAM also in Cloud Control Center as the configuration steps are almost identical.
To configure IAM in Cloud Control Center, follow the five simple steps below:

1️⃣  Register FP 2405 as a software repository in CCC

2️⃣  Activate “Enable Third Party Identity Provider” Global Setting

3️⃣  Add an Identity Provider and activate it

4️⃣  Add an Identity Provider user and bind it to company users

5️⃣  Sign-in to SAP Business One with an IDP user


Here’s a quick 📹 (no audio) capturing the steps above.


Take aways

Now that you got a hang of it, here are a few tips and tricks to take with you:

  • Enable Third Party Identity Provider” Global Setting
    The new “Enable Third Party Identity Provider” Global Setting will be automatically visible in Cloud Control Center PL 20 once version SAP Business One 10.0 FP 2405 (or higher) is registered as a software repository.  
    The option to Sign-in to SAP Business One with an Identity Provider (via Open-ID Connect) is only available for Service units on version SAP Business One 10.0 FP 2405 or higher.

  • Enable Mapping of IDP User to Active Directory User” checkbox
    A major advantage of CCC’s built-in integration with Active directory is its ability to automatically manage folder permissions and presentation server access for Active Directory users based on their Service Unit allocation in Cloud Control Center.
    To continue leveraging from this feature, make sure you tick the “Enable Mapping of IDP User to Active Directory User” checkbox during IDP user creation.
    With this mapping, a customer user can log into Remote Desktop Services with the Windows domain user account, and then Sign-in to SAP Business One client with the IDP user account.

  • Single Sign-On
    When working with the built-in Domain Active Directory as the identity provider, Active Directory users will continue leveraging from a Single Sign-On (SSO) experience as existed in previous CCC versions, under a new “Choose Company” window.

  • Partner Support User (PSU)
    To continue using the PSU functionality with IDP users, the Operator’s IDP user must have a mapping to an Active Directory User.

  • Customer specific IDP
    A hosting provider may setup Landscape Identity Providers (these Identity Providers will be shown in the IDP drop down list when adding an IDP user for customers across the landscape) in addition to customer specific Identity Providers (these Identity Providers will be shown together with the landscape IDPs in the IDP drop down list when adding an IDP user under a specific customer).

Documentation

For further reading, be sure to check out "Identity and Authentication Management in SAP Business One Cloud" How-to-Guide, walking you through implementation, usage and behavioral changes in SAP Business One Cloud when working with IAM.

I hope this Blog was useful to you as an introduction to the Identity and Authentication Management solution in SAP Business One Cloud PL 20. I look forward to hearing about your experience from working with IAM in SAP Business One Cloud, be sure to leave your feedback in the comments section below.



 



14 Comments