cancel
Showing results for 
Search instead for 
Did you mean: 
Read only

IAS Conditional Authentication: Authentication rules

plaban_sahoo28
Participant
0 Likes
3,245

Hi All, can you please explain as to why the users will need to be in IAS for a IDP for Context "Group" and 'User type'. The same is mentioned in

Add a New Authentication Rule | SAP Help Portal

if a user has to be present in IAS, then it defeats the purpose of having a IDP added

Regards
Plaban
View Entire Topic
Colt
Active Contributor
0 Likes

Hi Plaban,

if you provide more details about your requirements and objectives here, we might be able to provide a better answer. The presence of (one or many) external IDPs does not exclude the fact of having users in IAS. What I mean is that even if the user needs to be present in IAS (referring to the user profile and not necessarily that they need credentials or need to log in with this user), there is still a need for and benefit to having an external IDP for authentication justified.

Conditional Authentication Rules, as the name implies, require certain conditions. For example: I have an application and want to redirect all users from the "Company_XYZ" group to the Corporate IdP. To do this, groups/users need to be created in IAS or provided via SCIM. Then, when the user accesses the application, they provide their login identifier, and it is checked whether this user in IAS is a member of this group. If yes, their AuthNRequest is forwarded to the external IDP.

Makes sense?

Cheers Carsten