cancel
Showing results for 
Search instead for 
Did you mean: 

Can Azure AD be used in SAP Task Center config in place of SAP Identity Services for User Auth

pnagar
Participant
0 Kudos
337

Hi Experts,

I have to configure SAP task Center for my S4 system which is connected via Cloud Connector to subaccount where task center instance is running. I have gone through lot's of notes and Blog's but everywhere its written that we need to have & use SAP Cloud Identity Services as a prerequisite for SAP Task Center and the integration with the task providers. But in our case we use Custom identity Provider .i.e Azure AD. So we want to make use of Azure AD in place of SAP Cloud Identity Services. Guys please comments your views if it possible and if yes then how we can use it.

View Entire Topic
WouterLemaire
Active Contributor
0 Kudos

It is indeed required to have cloud identity service for task center because it works with the global userid. I think it is possible to make it work without but you’re on your own…

Besides that, you can use Cloud Identity Service as a proxy for your azure ad or entra id. That way you are following the prerequisite and you can use your azure id/ entra id.

pnagar
Participant
0 Kudos

Hi @WouterLemaire any idea about how we can make it work without Cloud identity service ?

WouterLemaire
Active Contributor
0 Kudos
Setting up the trust between the BTP account that has task center service running is just exchanging metadata files. But task center requires you to use the global user id which (if I’m not mistaken) is generated by CIS. So you’ll have to handle this yourself and provision this generated user id to your backend as well. But could be more behind the scenes that I’m missing…
pnagar
Participant
0 Kudos
@WouterLemaire thanks for your replies and involvement also plz help me out if i can i get any clue to start this customization.
WouterLemaire
Active Contributor
0 Kudos
Im not an expert in entra id but you could connect it directly with BTP subaccount the same way the documentation describes it with ias: https://learn.microsoft.com/en-us/entra/fundamentals/scenario-azure-first-sap-identity-integration . Instead of IAS you do this directly with your BTP subaccount. That should be the first step. Afterwords you should try to generate the global user id and provision it to your backend. Which provisioning tool do you use? This could be done with IPS.
SomaskandanK
Product and Topic Expert
Product and Topic Expert

Task center uses Identity_Authentication_Connectivity_IDS destination as mentioned in the page https://help.sap.com/docs/task-center/sap-task-center/identity-directory-connectivity to get the required user details and need to configure this destination with IAS information, no other identity directory is mentioned here. So the API may be designed to pull the details from IAS only, but it may work if other Identity Directory works through same configuration/API.

Thanks!!!