cancel
Showing results for 
Search instead for 
Did you mean: 

Setting up IAS for SAP Support access

martinstenzig
Contributor
0 Kudos

Our Identity Authentication Service setup is using Office 365 as the default Identity provider. When the user logs in to the SAP application they are automatically authenticated or prompted with the correct Microsoft entry screen.

Now I have SAP support tickets and SAP reps would like to get access to the subscriptions to investigate bugs. What's the best way to grant SAP people access?

Option 1: Create users in the Azure AD - Don't like that version as I don't want to "buy" users for SAP support people

Option 2: Create conditional authentication in the application - Don't like that option because I have a pop-up that always asks for the email address before it routes to the necessary IDP?

Option 3: I thought just creating the sap email address as user directly to the role collection, but SAP still seems to get a MS popup screen for authentication.

Any suggestion as to what the best setup is or what other people have done?

View Entire Topic
istvanbokor
Advisor
Advisor
0 Kudos

Hi martin.stenzig3,

Just use your corporate IdP as default IdP, and create the user for Support in IAS, with the Allow Identity Authentication Users Log On Option.

See: https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/2ec9a7f7c80a42f1abec683fa94...

Cheers,
Istvan

martinstenzig
Contributor
0 Kudos

Yeah, that's my option 2 above, but what I don't like about it is that now I have an additional screen that pops up to enter the email first. I guess that cannot be avoided.

istvanbokor
Advisor
Advisor
0 Kudos

Hello,

No, this is not conditional authentication. I'm talking about Allow Identity Authentication Users Log On Option. If you enable that, it creates a specific URL, so that the IdP will be IAS and not corporate IdP. End-users won't have an additional screen. Just test this feature.

Regards,
Istvan

aasavaribhave
Advisor
Advisor
0 Kudos
Allow Identity Authentication Users Log On Option is supported for SAML 2.0 applications only., what options are available when OpenID is used instead of SAML for establishing trust with IAS