SAP Cloud Platform Authentication: Identity Authentication Service

Authenticate user credentials using SAP Cloud Platform Identity Authentication service

Lines Of Business


SAP Cloud Platform supports several authentication methods between the end user and the app running on the SAP Cloud Platform: Form-based/SAML, Basic, Cert, BasicCert and OAuth. This list encompasses all the authentication methods on the platform, however you should still review the authentication method that is being offered for the service that you plan to use. Each service on the SAP Cloud Platform could have its own requirement.

This blueprint pays special attention to the form-based/SAML authentication method. This authentication method is implemented over the Security Assertion Markup Language (SAML) 2.0 protocol, so the authentication can be delegated to any identity provider that is SAML 2.0 compliant. This means that the following security deployments are possible:
  • SAP Cloud Platform Identity Authentication service
  • Corporate user store
  • 3rd party corporate identity provider
  • SAP ID service

SAP Cloud Platform Identity Authentication service is a cloud solution for identity lifecycle management for SAP Cloud Platform applications, and optionally for on-premise applications. It provides services for authentication, single sign-on, and on-premise integration as well as self-services such as registration or password reset for employees, customer partners, and consumers.

This blueprint explains how an app running on SAP Cloud Platform can use the Identity Authentication service as an identity provider (IdP) to authenticate application users. The solution diagram above illustrates a basic architectural pattern implementing authentication using the SAP Cloud Platform Identity Authentication service.

Download the blueprint 

Bill of Material - SAP Cloud Platform Components for Licensing Considerations

Note that the following Bill of Material is for reference purposes only. The following table is only an example of the SAP Cloud Platform services and components required for this use case. Please consult your SAP Account Executive regarding your specific licensing needs. Calculations below are based on 100 users.

SAP Cloud Platform services


Licensing metrics



SAP Cloud Platform Identity Authentication


Simplify and secure cloud access from anywhere, on any device.

Logons in blocks of  100

3,000 logons

Customers can use the SAP Cloud Platform pricing estimator to calculate the required investment for a particular project. Scale up or down on services as required.

Members and partners of SAP PartnerEdge* can evaluate the development of an application for this use case – most development licensing is covered by the packs offered by the SAP partner licensing services. Click here for details.

*excluding open ecosystem basic.