cancel
Showing results for 
Search instead for 
Did you mean: 

Business role provisioning from Microsoft Entra

Vladimir_Kogan
Participant
0 Kudos
177

Dear Gurus.

We are going to use Microsoft Entra as  Corporate Identity Provider for access to  BTP Subaccount and application. There are 2 points that need clarification.

1) How exactly we can create a role provisioning from Microsoft Entra to specific BTP subaccount?

2) When one user has different roles in different subaccounts. How the provision will distinguish between them?

I mean the same use Subaccount admin in the development subaccount and viewer only on production one?

Thank you.

Regards

Vladimir

View Entire Topic
gregorw
Active Contributor
0 Kudos

Maybe it would be enough to allow shadow user creation and assign the Role Collection by mapping the Group provided via the Assertion. 

But if shadow user creation should not be active you could define a Identity Authentication source system that only transfers user match the filter defined in the  ias.group.filter property. This source system should be the one used in the target system SAP BTP XS Advanced UAA (Cloud Foundry).