Introduction
Hi Everyone, I am an SAP Basis and BTP Administrator and help clients with their journey in getting onboarded to SAP BTP Platform. If you are from SAP Basis, UI5 / Fiori developer , BTP administrator Or just getting started with BTP journey, this blog post will be helpful for you in many aspects.
If you are new to BTP and trying to learn the basics , this blog post can help with learning an end to end scenario with full hand on – as everything used in this Blog is available in Free – tier.
In this blog post we will be talking about setting up Single Sign on between SAP BAS(Business Application Studio) and IAS(Identity authentication service) in BTP(Business technology Platform) Free Tier Environment.
Personal experience with many customers
There are many customers in SAP world who are just getting started with SAP BTP and don’t want to request SUSER ID for every developer they onboard on BTP. This blog will help them to manage users in IAS and onboard seamlessly.
How this helps ?
Platform administrators will be able to manage users inside IAS tenant. Developers (in case of BAS) or business users(in case of any custom application deployed) will be able to login to Application (BAS or any custom application) using their user which is managed in IAS tenant (not the SUSER ID). They don’t need SUSER-ID which is used mainly for access to SAP Websites, help portals , support portal etc.
Now lets get started …
Important Information
Cloud Identity Services is available in Free Tier now and we will be using it to do a quick SSO setup. Now we can request free IAS/IPS tenants in Cloud Foundry environment. This was not possible few months back.
Now let’s see the steps which you need to follow to setup the environment.
Steps:
Check Entitlements
We will be using 2 service – SAP Business application studio and Cloud identity service. Lets check if both are available in our subaccount.
Business Application Studio
Cloud Identity Service
In case you are not able to find the services , Click on Configure entitlements and Add it to your subaccount
Create Subscriptions to SAP BAS and Cloud Identity Service
Click On Instances and Subscription and click on Create- Select Business Application Studio in Services and Trial in Plan. Click on Create
Click On create again and select Cloud Identity Service and Default in Plan (Selecting Subscription creates a new free IAS tenant for you)
Once created, it creates your user as first Adminstrator and triggers and email to set the password to your registered email id(which you used to setup the BTP trial access).
Once you click on the link received in email, it will ask you to setup the password for your User
Click on Continue- it will take you to IAS admin console
Setup SSO between BTP Subaccount and IAS
Click on Security > Trust Configuration and Click on Establish Trust
Select IAS tenant – which you requested in previous step ( It shows all the IAS tenant which are there in your landscape) and click on Next button
Select the default domain
Configure Parameters – You can update the description. Origin key is not editable in scenario when we establish trust with this procedure and it takes sap.custom by default.
SSO setup is successfully completed
Make sure below options are selected as Yes.- Shadow user creation, Available for User Logon
In IAS Applications > It created an Application for this Subaccount
Setting up a test user in IAS for our SSO testing
Click on Users and Authorisations > Add User
Make sure that email verified checkbox is enabled.
Create this User in SAP BTP Subaccount
Assign SAP BAS Developer role collection
We have completed all the steps required for this scenario.
How to Test whether its working as expected?
Access BAS URL > It brings to screen where it ask to choose Identity provider> Select IAS tenant
Enter IAS – test user credentials( which we created in our previous step)
We are able to authenticate and access BAS
Click on OK
Testing is successfully completed
No comments:
Post a Comment