Showing results for 
Search instead for 
Did you mean: 

Assign multiple RoleCollections in BTP based on one Group assignment in IAS

0 Kudos

Dear Community,

I would like to use the IPS to provision users and group assignments in the BTP subaccount via SAP BTP XS Advanced UAA (Cloud Foundry).

Is it possible to assigne more the one Group (RoleCollection) in BTP based on only one group assignemt in IAS?

Thanks & Regards

Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Marvin,

It is possible to map IAS User Group (Source) to XSUAA Role Collections (Target). You have to add these to the transformations.

But the question is, is this something that needs to be done via provisioning or via SAML mapping. If you have implemented SSO (recommended approach) with SAML and IAS, then we’d recommend to map the access via SAML token.

Incase, SSO is not implemented (!!) you may consider the IPS provisioning approach. Though I’d recommend from good practice to use logical mapping instead of data mapping.

By logical mapping, I mean the user group and role collection have relatable naming convention. Eg IAS_Group_AccountDeliverable in IAS and RC_ AccountDeliverable in XSUAA. This is easier and user friendly and also easily maintained.

By data mapping, ah, this is traditional. Eg SalesAppAccounts in IAS as group and AccountDeliverable in XSUAA as RC. This could become tedious to manage and maintain depending on design, needs and numbers.


Ganesh S

0 Kudos

Hi sapganesh ,

thank you very much for your reply!

Thats good news! Would it be possible that you can provide an example transformation for such scenario?

I'm struggeling finding the correct source and target path for the transformation.

We do have SSO in place and using our corporate IdP. However, for a specific use case we do need the users available in the Subaccount.

Thanks for naming convention which I will definitly consider.


Accepted Solutions (0)

Answers (0)