IAS - SAC Role Maping

tskwin · ‎2025 Apr 14

Hello Experts,

I have the following scenario: Azure as the IdP, IAS as a proxy, and SAP Analytics Cloud (SAC).

My want is to implement IAS in a way that Azure AD groups are mapped to SAC teams, and then assign the corresponding SAC roles via SAML mapping.
For example: Azure group sac_adm → SAC team sac_adm → SAML mapping assigns the sac_adm role.

However, I have a few SAC teams where users within the same team need to have different roles in SAC.
How can this be achieved — having one team, but users within that team with different SAC roles?

Many Thanks

Best regards

JBARLOW · ‎2025 Apr 14

A purely theoretical answer, mainly as I've not done it hands on,

Azure AD:

Assign users to different Azure AD groups that represent their roles
Ensure these groups are sent in the SAML assertion via a custom attribute (e.g., groups or role).

IAS:

Set up a SAML assertion rule to pass the group/role value (e.g., role=sac_adm) to SAC.
Optionally, use IAS transformation policies to control what gets passed.

SAC:

Set up role mappings based on the SAML attribute role=sac_adm → assign the sac_adm role.
Separately, assign users to SAC Teams manually or via a different attribute (e.g., team=sac_project1).

Summary

SAC teams = folder/content access
SAC roles = governed by SAML attributes
You can have users in the same SAC team but assign different SAC roles using distinct Azure AD group memberships and SAML attribute mappings.

By Category

Related Content

Activity Groups

Industry Groups

Influence and Feedback Groups

Interest Groups

Location Groups

Customer Only Groups

Forums

Related Resources

Products

Learning and Support

About

My Account

My Account

IAS - SAC Role Maping

Know the answer?

Need more details?

Accepted Solutions (0)

Answers (1)

Answers (1)