SSO integration with SAP Cloud Identity Service as SP
SAP BTP(Business Technology Platform) is a unified environment that combines several technologies to help businesses build cloud solutions and create personalized experiences. Many companies use it to build their ERP apps.
SAP Cloud Identity Services are a group of services, designed to enable identity and access management across systems. They aim to provide a seamless single sign-on experience for users in the cloud while ensuring that system and data access are secure.
SAP Cloud Identity Services is used by SAP BTP and other customer self-build apps e.g. the Fiori apps.
Assuming you have used "SAP Cloud Identity Services" to build apps to manage some parts of your company's business and data, and you intent to extend your solution scope to integrate with other systems and data, you can consider to do the SSO integration of IdP created from SiX IDaaS & IAM tenancy with "SAP Cloud Identity Services" as SP(Service Provider). Since this IdP provide a versatile SSO enablement and integration framework for many applications, you can naturally connect these applications with "SAP Cloud Identity Services" build apps together.
After you do the integration, "SAP Cloud Identity Services" apps user can use the user account of IdP from SiX IDaaS & IAM tenancy to sign in "SAP Cloud Identity Services" building apps, your user data will be connected naturally together. You can leverage this user linkage to connect other system data to streammline your business flows in your whole end to end solution portfolio.
TIP
As recommended by SAP, it also encourage customers to federate corporate IdP with SAP Cloud apps e.g. SAP BTP, SAP SAAS etc., then corporate can link the data in SAP apps with the data in corporate's other systems.
SiX IDaaS & IAM intent to help customers building an industrial grade IdP around corporate AD, it can help customers to link the data in corporate's other systems with data in SAP apps, based on employee's global user ID.
Steps to integrate SiX IDaaS & IAM IdP with SAP Cloud Identity Service as SP
1. Create the IdP, OAuth Client tenant in SiX IDaaS & IAM
Refer to Create IdP for SPA
2. Set the OAuth Client parameters in SAP Cloud Identity Service tenant
Set the OAuth Client parameters as guided in SAP Cloud Identity Service.
TIP
Since SAP Cloud Identity support federeate IdP in OIDC/SAML2 protocol, your OAuth Client is ready for integration.
Steps to integrate SiX IDaaS & IAM federated IdP with SAP Cloud Identity Service as SP
1. Create the federated IdP, OAuth Client tenant in SiX IDaaS & IAM
Refer to Federate IdP authentication through enterprise AD
2. Set the OAuth Client parameters in SAP Cloud Identity Service tenant
Set the OAuth Client parameters as guided in SAP Cloud Identity Service.
TIP
Since SAP Cloud Identity support federeate IdP in OIDC/SAML2 protocol, your OAuth Client is ready for integration.