Community
Technology Blog Posts by SAP
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Provisioning SAPs Self-Sovereign Identity Wallet (Decentralized Identity Verification)

christianla
Product and Topic Expert
Product and Topic Expert
‎2025 Mar 24 6:22 AM
1,266

SAP’s Decentralized Identity Verification service provides a secure and efficient way to manage digital identities. After subscribing to SAP's Decentralized Identity Verification, you gain access to the Decentralized Identity Verification Provisioning (DIV Provisioning) service, which allows partners to manage multiple SSI Wallets called Decentralized Identity Verification (DIV).

This blog post will guide you through the process of creating a tenant of the DIV using SAP’s provisioning admin dashboard or API.

Prerequisites

Before creating a DIV tenant, ensure that:

  • If you have not yet subscribed, go to the SAP Partner Portal and subscribe to the TDD license: SAP Partner Portal - TDD License. Once subscribed, you get an DIV entitlement. In a second step the provisioning can be triggered from SAP for Me. Therefore you need a S-User with admin rights.
  • You have the necessary administrative permissions in SAP BTP to create tenants.

Provisioning a Decentralized Identity Verification Tenant

The Administration Dashboard allows administrators to create and manage Decentralized Identity Verification tenants easily. Follow these steps to create a new tenant:

  1. Open the Administration Dashboard
    Access the Administration Dashboard using the link provided in SAP for Me. Then, log in with your administrator credentials.

  2. Create a New Tenant:
    To initiate the provisioning process, first click on the Create button. Then, provide an ID and name for the tenant before clicking Create again.
    1_provisioning_1.png

  3. Monitor the Provisioning Process:
    The process is asynchronous and may take a few seconds to complete. While the provisioning is in progress, the new tenant will appear on the Overview page with a status of Pending. Once the status updates to Completed, the tenant is ready for use.

    1_provisioning_1b.png


For automation and integration purposes, you can create a Decentralized Identity Verification Tenant using SAP’s API. Follow these steps:

  1. Obtain API Credentials and Authenticate:
    in SAP for Me is a link to BTP subaccount where your DIV provisioning service is created. There you can create and download service credential of the DIV provisioning service. Afterwards you can use the following API call to authenticate.
POST {authUrl}/oauth/token HTTP/1.1
Authorization: Basic {clientid} {clientsecret}
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials

The response will include an access token, which must be used in API requests.

2. Send an API Request to Create a Tenant:
Use the following API endpoint:

POST {provisioningSrv}/api/v1.0.0/operations
Content-Type: application/json
Authorization: Bearer {token}

{
    "entity": "customer-wallet",
    "action": "provision",
    "payload":{
        "customerName": "Customer 1",
        "customerId": "1",
        "divWalletServiceName" : "main",
    }
}


3. Handle the API Response:

This is an asynchronous operation. The response will include an operation ID, which can be used to verify the provisioning status. You can use the following API call to check the status of the operation:

GET {provisioningSrv}/api/v1.0.0/operations/{operationId}
Content-Type: application/json
Authorization: Bearer {token}

{

}

Once the operation completes, you will receive credentials to work with the tenant API and a link to the tenant's Administration Dashboard.

4. Usage of newly Created Tenant

After the tenant is created, the service key required to interact with the tenant is returned via the operation status API call. The condensed sample response is provided in the following chapter. To authenticate, three parameters are required, and the response also includes the service URL to access the wallet APIs.

GET {provisioningSrv}/api/v1.0.0/operations/{operationId}
Content-Type: application/json
Authorization: Bearer {token}

{

}

Response:

{
   "operationId":"597f3cec-b025-4517-92da-782e76e34314",
   "status":"completed",
   "data":{
      "customerId":"1",
      "customerName":"Customer 1",
      "customerWalletId":"d5233c5d-9908-44cb-83ee-25637ef21a15",
      "serviceKey":{
         "uaa":{
            "clientid":"…",
            "clientsecret":"…",
            "url":"https://2-lvkhpmn8.authentication.eu10.hana.ondemand.com",

         },
         "url":"https://dis-integration-service.eu10.div.cloud.sap"
      }
   }
}

The following API call demonstrates how the service key, provided by the provisioning service, can be used for authentication and to interact with the tenant. By including the service key and the authentication URL.

POST { data.serviceKey.uaa.url }/oauth/token HTTP/1.1
Authorization: Basic { data.serviceKey.uaa.clientid } { data.serviceKey.uaa.clientsecret }
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials

The API will return a token, which can then be used in the Authorization header of subsequent API calls to securely interact with the tenant. 

GET {data.serviceKey.url}/api/v2.0.0/applications
Content-Type: application/json
Authorization: Bearer {token}

{

}

 

 

Conclusion

Creating a DIV Tenant in SAP’s Decentralized Identity Verification service is straightforward using either the Provisioning Admin UI or the API. This process ensures that organizations can efficiently manage self-sovereign identity (SSI) wallets while leveraging SAP’s Decentralized Identity Verification.

Next step: 

Preparing an SSI Wallet for a Catena-X Participant in a Dataspace

Read more