SAP Cloud Platform Authentication: Corporate Identity Provider

Authenticating user credentials on the SAP Cloud Platform using a corporate identity provider accessible from the Internet

Lines Of Business
Scenarios

Overview

SAP Cloud Platform supports several authentication methods between the end user and the app running on the SAP Cloud Platform: Form-based/SAML, Basic, Cert, BasicCert and OAuth. This list encompasses all the authentication methods on the platform, however you should still review the authentication method that is being offered for the service that you plan to use. Each service on SAP Cloud Platform could have its own requirement.

Supporting Resources

This blueprint pays special attention to the form-based/SAML authentication method. This authentication method is implemented over the Security Assertion Markup Language (SAML) 2.0 protocol, so the authentication can be delegated to any identity provider that is SAML 2.0 compliant. This means that the following security deployments are possible:

  • SAP Cloud Platform Identity Authentication service
  • Corporate user store
  • 3rd Party Corporate Identity Provider
  • SAP ID service

This blueprint explains how an application running on SAP Cloud Platform can use a corporate identity provider available on the Internet to authenticate application users. The solution diagram above illustrates a basic architectural pattern implementing authentication using an Internet facing corporate identity provider.

Download the blueprint