Hello SAP Community
I am working on a project where we need to ensure secure inter-tenant communication within SAP Identity Authentication Service (IAS). Specifically, we need to verify API keys for requests coming from one tenant to another.
Background: Our requirement involves SupportIAS forwarding token requests to CustomerIAS. To ensure the security and validity of this process, we have outlined the following steps:
1. Authenticate Request Source: Verify that the request is coming from the trusted SupportIAS.
2. Verify Permissions: Ensure the Support Engineer has the necessary permissions to impersonate the selected user.
3. Data Integrity Check: Validate the integrity of the user details and selected user ID.
Key Questions:
1. Inter-tenant Communication: Does IAS support such inter-tenant communication out of the box?
2. API Key Verification: What mechanisms are available within IAS to verify API keys for internal communications?
3. Documentation: Is there any official documentation or best practices guide that covers these topics?
Request for Guidance: I would greatly appreciate any insights, best practices, or pointers to relevant documentation that could help us validate and implement this approach effectively.
Thank you in advance for your assistance!
Best regards,
[Bhaskar]
Bluesky
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.