cancel
Showing results for 
Search instead for 
Did you mean: 

IAS User/Group management from multiple Identity Provider for Workzone Application

msarwer
Discoverer
0 Kudos
484
  • We are working with "SAP Cloud Identity Services" and "SAP Build Workzone" application.
  • SAP Build Workzone --> Agent Connection is our target application for all users, which requires user to be present on it's user data-store to drive permissions properly.
  • We have two types of users: Internal and External
  • We need all users to be synced to Workzone, which is setup through IAS Source/Target system.
  • Internal users using Azure Entra to authenticate. Corporate IdP is setup in IAS. SCIM Sync has been established to synchronize users from Azure Entra.
  • External users uses IAS as their authentication service provider. They are on-boarded directly on to IAS.
  • Both of these uses types uses same security Group for the specific application.

Our issue is, Every time we run SCIM Read/Re-sync job, it is removing external users from the IAS security group. Is there a way to limit the SCIM Sync job just work with Internal UserType for the Group assignments? 

View Entire Topic
WouterLemaire
Active Contributor
0 Kudos

Have you tried the new CIS API? https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/migrating-identity-authent...

This one supports patch method which normally would allow you to solve this problem. See the api on apihub: https://api.sap.com/api/IdDS_SCIM/resource/Groups 

msarwer
Discoverer
0 Kudos

We're running an SCIM sync from Azure on the source and writing to IAS as target. 

We have set    "ias.support.patch.operation" to TRUE on our Target Properties. But it is not working. It still wipes out users that are source from Entra.