Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
Showing results for 
Search instead for 
Did you mean: 


Hi Everyone, I am an SAP Basis and BTP Administrator and help clients with their journey in getting onboarded to SAP BTP Platform. If you are from SAP Basis, UI5 / Fiori developer , BTP administrator Or just getting started with BTP journey, this blog post will be helpful for you in many aspects.

If you are new to BTP and trying to learn the basics , this blog post can help with learning an end to end scenario with full hand on - as everything used in this Blog is available in Free - tier.

In this blog post we will be talking about setting up Single Sign on between SAP BAS(Business Application Studio) and IAS(Identity authentication service) in BTP(Business technology Platform) Free Tier Environment.

Personal experience with many customers

There are many customers in SAP world who are just getting started with SAP BTP and don't want to request SUSER ID for every developer they onboard on BTP. This blog will help them to manage users in IAS and onboard seamlessly.

How this helps ?

Platform administrators will be able to manage users inside IAS tenant. Developers (in case of BAS) or business users(in case of any custom application deployed) will be able to login to Application (BAS or any custom application) using their user which is managed in IAS tenant (not the SUSER ID). They don't need SUSER-ID which is used mainly for access to SAP Websites, help portals , support portal etc.

Now lets get started ...


You should have SAP BTP Free tier account setup for this activity. You can follow below tutorials(blogs) to setup your BTP Free tier account.


Blog post:

Important Information

Cloud Identity Services is available in Free Tier now and we will be using it to do a quick SSO setup. Now we can request free IAS/IPS tenants in Cloud Foundry environment. This was not possible few months back.

Now let's see the steps which you need to follow to setup the environment.


Check Entitlements

We will be using 2 service - SAP Business application studio and Cloud identity service. Lets check if both are available in our subaccount.

Business Application Studio

Cloud Identity Service

In case you are not able to find the services , Click on Configure entitlements and Add it to your subaccount

Create Subscriptions to SAP BAS and Cloud Identity Service

Click On Instances and Subscription and click on Create- Select Business Application Studio in Services and Trial in Plan. Click on Create

Click On create again and select Cloud Identity Service and Default in Plan (Selecting Subscription creates a new free IAS tenant for you)

Once created, it creates your user as first Adminstrator and triggers and email to set the password to your registered email id(which you used to setup the BTP trial access).

Once you click on the link received in email, it will ask you to setup the password for your User

Click on Continue- it will take you to IAS admin console

Setup SSO between BTP Subaccount and IAS

Click on Security > Trust Configuration and Click on Establish Trust

Select IAS tenant - which you requested in previous step ( It shows all the IAS tenant which are there in your landscape) and click on Next button

Select the default domain

Configure Parameters - You can update the description. Origin key is not editable in scenario when we establish trust with this procedure and it takes sap.custom by default.

SSO setup is successfully completed

Make sure below options are selected as Yes.- Shadow user creation, Available for User Logon

In IAS Applications > It created an Application for this Subaccount

Setting up a test user in IAS for our SSO testing

Click on Users and Authorisations > Add User

Make sure that email verified checkbox is enabled.

Create this User in SAP BTP Subaccount

Assign SAP BAS Developer role collection

We have completed all the steps required for this scenario.

How to Test whether its working as expected?

Access BAS URL > It brings to screen where it ask to choose Identity provider> Select IAS tenant

Enter IAS - test user credentials( which we created in our previous step)

We are able to authenticate and access BAS

Click on OK

Testing is successfully completed


In this blog you have learnt how to establish SSO for any application(in this case BAS) with IAS in SAP BTP Free tier environment. Kindly let me know your feedback in comment section.

Happy learning !


Frequently asked questions by Users

Question1: Can i request IAS in free tier or it requires cost?

Answer: SAP has recently made Cloud Identity service( IAS/IPS) available in Free-tier so you can request it without any cost.


Question 2: How will developers onboarding be performed after performing SSO with IAS

Answer: User creation , Password reset, Management of users will be performed in IAS. Role collection assignment will be done in BTP Subaccount.


Question 3: There are multiple options while requesting Cloud Identity service Instance in BTP . Which option should i select?

Answer:  If you select Cloud Identity Service Subscription while requesting- it will request a New IAS tenant and will be sending an email to your email-ID set the password.
Labels in this area