on 2024 Dec 05 3:54 AM
With a mindset to automate repeated tasks, I'm exploring on how we can automate User Management on SAP BTP at all current possible levels such as
- Global Account
- Subaccount
- Cloud Foundry
- Kyma
- ABAP
I currently reviewed below API's
- https://api.sap.com/api/AuthorizationAPI
- https://api.sap.com/api/PlatformAPI
and BTP , CF CLI services.
While CLI gives us flexibility of User management, we need the client to be installed [local, cloud] to execute the tasks.
I'm seeking inputs on if we have a way to build and deploy a central user management tool on BTP that can give us a runtime to execute BTP , CF commands thereby manage User management from a UI service through CAPM.
Best Regards,
Sunil Chintalapati
Request clarification before answering.
You may use the SAP Cloud Identity Services. Each customer gets two tenants for free with his BTP licence. The APIs you mentioned are used by the SAP Cloud Identity Services. See: SAP Cloud Identity Services | SAP Community
SAP Cloud Identity Services are our central solution for managing authentication, single sign-on, and the identity lifecycle. They improve system integration, provide a seamless user experience, and enhance security and compliance.
SAP Cloud Identity Services consist of the following services:
The Identity Authentication service is a service that provides central capabilities for authentication and single sign-on. The Identity Provisioning service manages identity lifecycle processes for cloud and on-premise systems. The Identity Directory is the persistency layer inside the services. The Authorization Management service allows administrators to assign access based on policies centrally within SAP Cloud Identity Services. An access policy allows a user to perform certain actions on a resource, subject to restricting rules. These rules can be adapted by the administrator so that policies fit company requirements before being assigned to users.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank You JürgenAdolf.
I'm across the usage of CIS [IAS & IPS] for authentication to BTP services and applications.
It's good from End Users perspective.
But from platform users perspective, even using CIS-IAS as the default authenticator and mapping groups, in my understanding its limited to BTP cockpit role collections and cannot extend on to CF roles such as space developer etc.
With side by side extensions on BTP, developers and administrators cannot gain access to Cloud Foundry space/org using the IAS correct?
Best Regards,
Sunil
Hi Sunil,
to provide CF roles to platform users the only option is to use CF CLI command. However, if you don't want to develop your own wrapper API layer you can leverage the Automation Pilot service and its APIs. Automation Pilot will execute the commands and can be trigger via API. See https://help.sap.com/docs/automation-pilot/automation-pilot/assigncforgrole-command for details.
Kind Regards,
Matteo
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
52 | |
6 | |
6 | |
5 | |
5 | |
4 | |
4 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.