Hi all!

The customer does not want users to be created in the Cloud Identity Store > is no longer a valid objection.

Honestly, I can’t hear it anymore. It is the responsibility of SAP consultants to convey to companies that user persistence in the IdDS is necessary to ensure future readiness. Please just keep that in mind. #nodiscussionsaboutpersistingusersintheIdDS 😅

To underline this here is a quote from the current framework CIO Guide: Identity Lifecycle in SAP Landscapes Focusing on Identity and Access Management Services | Source

"To utilize new applications and features in SAP BTP, it is essential that the Identity Directory in SAP Cloud Identity Services includes all relevant users. Currently, almost all SAP applications and each SAP BTP subaccount maintain their own user stores. This legacy setup complicates remote management and compliance. The rapid development of cloud technologies has introduced various software stacks and methods of interacting with these user stores. SAP’s strategy aims to simplify this complexity through SAP Cloud Identity Services in the long term. The objective is to centralize user and group management within SAP Cloud Identity Services, enabling remote management of the entire SAP cloud landscape using APIs. New applications and SAP BTP features necessitate that users are present in the Identity Directory. To utilize these features, the Identity Directory must be populated with all relevant users, facilitating functions such as assigning policies through the Authorization Management service. While the initial setup of SAP Cloud Identity Services for the first application might require additional effort, it significantly reduces the workload for subsequent applications, as there will be no need to populate additional application-specific user stores."

In recent years, SAP has been executing a strategy to centralize IAM through SAP Cloud Identity Services. Many SAP solutions are already integrated and bundled through this service, and we plan to continue this integration journey.

Integration and extension capabilities will continue to improve in future releases of services for managing identities in intelligent enterprises. Your toolset for handling complex landscapes and third-party integrations will expand, providing a smoother user experience. In summary, a key strategy at SAP is to enhance existing solutions to offer consistent security and identity management capabilities for intelligent enterprises, ultimately aiming for seamless integration across your entire enterprise. Future improvements in identity and access management will enable security and integration by default, with preconfiguration and automation to manage authentication, authorization, and governance efficiently.