Hello!
I've checked note 3105025 for the new OpenID configuration available via transaction SOIDC. Note states: "...instances of "SAP Cloud Identity Services - Identity Authentication" can for instance operate as OpenID Provider.."
As per my unde...
Hi All,
I'd like to share with you a scenario that we´ve identified were a FF user can bypass the user exit mechanism of GRC EAM. I´d appreciate your inputs to understand what´s the best option to eliminate this risk.
Let´s say i´m a FF user, ZFFUS...
Hello Experts!We're currently configuring SAP NW SSO 2.0 and we're getting an error when log-in to the SL Web Client having an expired certificate.The scenario is a Secure Login Server component installed on the same SAP Application Server where a SA...
Hi!We're experiencing an issue with the repository sync job for one connector. When selecting the full option, the sync for users and profiles report success but for the role sync we get the error "Error in RFC; 'Error in module RSQL of the database ...
Hi Guys,We've just installed SP06 and we came across the issue described in the title of the discussion.Rules have been generated and we're using the standard "global" ruleset. The rules seem to be generated successfully ( I've checked in the NWBC th...
HiWe had a similar scenario with two different domains, but we are not using the old kerberos naming in the snc/identity_as. We have users going via the load balancer as described in note https://me.sap.com/notes/3250948 and parameter configured as p...
Hi ZebaYou'll need to keep unique emails in order to be able to synch SF users to IAS. You can assign dummy emails to users in SF and add a transformation in IAS so IPS will generate unique emails for all those users with same email. Let's say you ad...
Hi The scenario you're describing is part of the scope of an IDM Solution. SAP is deprecating its SAP IDM solution and migrating to Microsoft (https://techcommunity.microsoft.com/t5/microsoft-entra-blog/sap-identity-management-to-microsoft-entra-id-m...
Hi RajIf you provision only using template based request you might be able to achieve it using two EUP configs and assign each one to a specific template request.I had a similar problem with a requirement to temporarily provision different SNC names ...
HelloI wonder why IAS authentication rules are out of the table for this scenariohttps://help.sap.com/docs/cloud-identity-services/cloud-identity-services/add-new-authentication-ruleI Understand that from a technical standpoint a network restriction ...