cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

IAS with Work Zone, Standard Edition

Go to solution
ChristianLopez
Explorer

on ‎2023 Jun 17 4:13 AM

0 Kudos
4,683

Hi community

I have different questions regarding the topic IAS with Work Zone, Standard Edition. Background: In my trial account, I activate my custom IAS and establish the trust between the subaccount and the IAS, no issues with that part.

Questions

1. With this configuration, I'm able to "select between default and IAS" if I open the site (launchpad). The question is, when the solution is deployed to prod, the best option to view the login when the user enters the site URL from IAS is disabled the option "Available for User Logon" for the Default Identity Provider?

2. In the settings of the Site Manager (in Work Zone, Standard Edition) exists the tab "Identity Authentication". If I activate this, an application in the Cloud Identity Service is created. With this option, now I can directly access to the login page defined in the IAS if I put the site URL in the browser.

The thing with this option is that, when I enter to the application Work Zone, Standard Edition (to access the site manager) the login is only with a user in the IAS. Who can I separate the access to the "administrative stuff" (site manager) with the default IAS and the site with the custom IAS?

3. And finally, with point two already generated, I wonder if it is possible to generate a different login screen in the custom IAS for each site that is generated in Site Manager. Example, provide two different sites and do the rebranding with different logos in the login screen and emails.

Best regards.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

nageshcaparthy
Product and Topic Expert
Product and Topic Expert
‎2023 Jul 04 7:17 AM
0 Kudos

Hi Christian,

Here are my comments,

1. Yes, you can disable the Default Identity Provider during your production system assuming all your business users will be connecting via IAS and they can be authenticated with the URL directly and may not be part of the default IDP.

2. You can access the Workzone link directly which is available in your SAP Subaccount - Instance and Subscriptions. That will be the actual link that you can share with your users who are not part of your subaccount members with authorizations from IAS.

3. If you are talking about Branding for the IAS login page, I believe that will be one, however, I am not sure about it. May be this blog can help - https://blogs.sap.com/2019/05/17/customize-sap-identity-authentication-ias-ui/

Regards,

Nagesh

Show replies
Show replies
florian_buech
Product and Topic Expert
Product and Topic Expert
‎2023 Jul 04 9:44 AM

1) Correct, the default IdP (SAP ID Service) only makes sense for S/P-Users; disabling this for the application logins to instead use your custom IAS makes sense. That way, users will automatically show the IAS login screen.

2) If you directly integrate WZ / IAS, then the sub-account (XSUAA) trust setup is no longer utilized for Work Zone. For other services on the same sub-account (e.g. Process Automation), the trust like "default IDP" would still be leveraged.

3) While the IAS login can be customized: Use a Custom CSS | SAP Help Portal, this is done on application level. All sites within a Work Zone subscription leverage the same IAS trust / application & hence same theme.

Answers (1)

Answers (1)

rakeshkar2514_8
Explorer
‎2024 May 29 6:42 AM
0 Kudos

Hi All,

I don’t see the Identity authentication tab on SAP build workzone settings section. Although i have configured my trial account with Custom IAS teant and also i have the Launchpad admin role.

 

Please check and help me with the issue.

Show replies
Show replies
radim_nenal
Discoverer
‎2025 Mar 27 4:45 PM
0 Kudos
Hello, I am facing the exact same problem. I've set the Trust Configuration and added roles for Launchpad (Work Zone) but still missing the Identity Authentication tab in SAP Build Work Zone. Is it necessary to run Work Zone Launchpad under Default Identity Provider account instead of a custom IAS user? (As I saw it in the Joule Activation missing here: https://discovery-center.cloud.sap/protected/index.html#/mymissiondetail/147483/cardName/Create%20SA...) Unfortunately in my case the green Welcome screen with the option of choosing Default Identity Provider didn't appear, so cannot access the Work Zone Launchpad with my Default Identity Provider account. The link for Work Zone Launchpad redirects me directly to the custom IAS tenant login screen. What should I do to access the missing Identity Authentication tab in SAP Build Work Zone? Thank you!
Spandan
Newcomer
‎2025 Aug 05 6:22 AM
0 Kudos
Unfortunately in my case the green Welcome screen with the option of choosing Default Identity Provider didn't appear, so cannot access the Work Zone Launchpad with my Default Identity Provider account. The link for Work Zone Launchpad redirects me directly to the custom IAS tenant login screen. What should I do to access the missing Identity Authentication tab in SAP Build Work Zone? Thank you!
Ask a Question