cancel
Showing results for 
Search instead for 
Did you mean: 

How to automate SAP BTP Platform User management?

0 Kudos
339

With a mindset to automate repeated tasks, I'm exploring on how we can automate User Management on SAP BTP at all current possible levels such as 

- Global Account

     - Subaccount

         - Cloud Foundry

         - Kyma

         - ABAP

I currently reviewed below API's

https://api.sap.com/api/AuthorizationAPI

https://api.sap.com/api/PlatformAPI

and BTP , CF CLI services.

While CLI gives us flexibility of User management, we need the client to be installed [local, cloud] to execute the tasks.

I'm seeking inputs on if we have a way to build and deploy a central user management tool on BTP that can give us a runtime to execute BTP , CF  commands thereby manage User management from a UI service through CAPM.

Best Regards,

Sunil Chintalapati

 

View Entire Topic
JürgenAdolf
Product and Topic Expert
Product and Topic Expert

You may use the SAP Cloud Identity Services. Each customer gets two tenants for free with his BTP licence. The APIs you mentioned are used by  the SAP Cloud Identity Services. See: SAP Cloud Identity Services | SAP Community

SAP Cloud Identity Services are our central solution for managing authentication, single sign-on, and the identity lifecycle. They improve system integration, provide a seamless user experience, and enhance security and compliance.

SAP Cloud Identity Services consist of the following services:

The Identity Authentication service is a service that provides central capabilities for authentication and single sign-on. The Identity Provisioning service manages identity lifecycle processes for cloud and on-premise systems. The Identity Directory is the persistency layer inside the services. The Authorization Management service allows administrators to assign access based on policies centrally within SAP Cloud Identity Services. An access policy allows a user to perform certain actions on a resource, subject to restricting rules. These rules can be adapted by the administrator so that policies fit company requirements before being assigned to users.

0 Kudos

Thank You JürgenAdolf.

I'm across the usage of CIS [IAS & IPS] for authentication to BTP services and applications.

It's good from End Users perspective.

But from platform users perspective, even using CIS-IAS as the default authenticator and mapping groups, in my understanding its limited to BTP cockpit role collections and cannot extend on to CF roles such as space developer etc.

With side by side extensions on BTP, developers and administrators cannot gain access to Cloud Foundry space/org using the IAS correct?

Best Regards,

Sunil

JürgenAdolf
Product and Topic Expert
Product and Topic Expert
0 Kudos
Hello Sunil, if I did understand your comment correctly, does the new functionality solve your question? Provisioning of members in the Cloud Foundry environment (organizations and spaces) using Identity Provisioning : https://roadmaps.sap.com/board?BA=42F2E964FAAF1EDB80C512AD4FEB20ED&range=CURRENT-LAST#;INNO=E78B0E47...
0 Kudos
Thank You JürgenAdolf. That is helpful.