Hi Debadata,
in general, you can distinguish between two scenarios:
1. SAP Gui
2. Browser based access (Fiori, most Cloud Applications, WebDynpro, ...)
For SAP Gui, to my knowledge, only the SAP solution using the Secure Login Client is supported in RISE. There, you need the CommonCryptoLib as a cryptographic library in the backend. You can use Kerberos, local x.509 client certificates (incl. SmartCards) or shortlived x.509 certificates from the Secure Login Service. The latter one allows for scenarios like Multifactor Authentication as well as an integration in the customers own authentication infrastructure.
For the Browser, the recommendation (https://discovery-center.cloud.sap/refArchDetail/ref-arch-cloud-leading-authentication) is to integrate with Cloud Identity Service (SCI) either via SAML2 or OIDC (sometimes you have the choice, sometimes the application only supports one or the other) and then integrate there with the customer authentication infrastructure using either some form of local authentication at SCI with MFA or certificates or WebAuthn, or use a corporate IdP as a central point of authentication integrating there with SAML2 or OIDC.
These are the most common scenarios, and as well the ones I have seen working in a lot of customer environments.
Best regards,
Tobias
Bluesky
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.