on 2024 May 28 1:30 PM
Hello Experts,
we are using a third party (IDM- IDP) solution on premise. in the on-premise IDP, we are using a government ID only.
in SF we want to use employee no as a user ID for End users to login to SF and we want to configure SSO between SF and this 3rd party IDP which understand only Government ID as a user ID.
can we use SAP Identity Authentication Services (IAS) as a proxy between SF and the on premise IDP to achieve this?
in SF the user ID(login ID ) will be the employee no that end users use to login to SF, then SF sends Employee no to IAS, in IAS custom attribute to be used to map employee no with government ID , then IAS identify the government ID of the received employee no then IAS sends government ID to IDP to complete the authentication .
is this possible ? IAS can help on this ? as SF doesn't have Government ID and IDP doesn't have employee no . we want IAS to do this mapping by somehow may be custom attributes and to establish the SSO.
your thoughts please .
Thanks
Request clarification before answering.
Yes, it is possible to use SAP Identity Authentication Services (IAS) as a proxy between SuccessFactors (SFSF) and the on-premise Identity Provider to achieve the desired Single Sign-On configuration. In IAS, create a custom attribute to store the mapping between the employee number and the government ID. Populate this custom attribute with the relevant mappings.
Better Approach: It makes sense to persist IDP data from a central user store (Single Source of Truth, SSOT) into the Identity Service (Identity Directory) to establish a unified user base. This approach will continue to be essential for various SAP SaaS/BTP applications in the future.
In gerneral I would recommend end users should only use one central ID as their login credential, so they only need to remember one ID for all applications. The Corporate IdP (your authenticating IdP) handles authentication, including SSO and MFA, and passes the data to the SAP IAS.
IAS can then use its persistence layer to map to various application-specific custom attributes and pass the required NameID incl. transformations and other claims to target applications such as SFSF but also others.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
4 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.