SAP Cloud Platform supports several authentication methods between the end user and the app running on the SAP Cloud Platform: Form-based/SAML, Basic, Cert, BasicCert and OAuth. This list encompasses all the authentication methods on the platform, however you should still review the authentication method that is being offered for the service that you plan to use. Each service on SAP Cloud Platform could have its own requirement.
This blueprint pays special attention to the form-based/SAML authentication method. This authentication method is implemented over the Security Assertion Markup Language (SAML) 2.0 protocol, so the authentication can be delegated to any identity provider that is SAML 2.0 compliant. This means that the following security deployments are possible:
This blueprint explains how an application running on SAP Cloud Platform can use a corporate identity provider available on the Internet to authenticate application users. The solution diagram above illustrates a basic architectural pattern implementing authentication using an Internet facing corporate identity provider.