Resources>Blog > SAP SuccessFactors

Embrace the Future of SAP Cloud Identity Services

Authored by Shilpa Shyamsunder

Harnessing Identity Authentication Service (IAS) and Identity Provisioning Service (IPS) for Secure and Efficient Identity Access Management

To begin with, SAP has discontinued offering the Single Sign-On (SSO) function in its SuccessFactors Platform. As a result, there is a need for an alternative method for logging in, which is where the Identity Authentication Service (IAS) and Identity Provisioning Services (IPS) come in. This change is beneficial because IAS serves as a centralized access point for all SAP SuccessFactors products. Now, customers can streamline the sign-on process for their users, eliminating the need to set up SSO for each individual product. This leads to a significantly improved day-to-day user experience.

To fully capitalize on these advantages and future-proof your SAP solutions, it’s crucial to migrate and ensure a seamless and powerful upgrade to your Identity Management Framework.

Why IAS/IPS?

SAP SuccessFactors supports Single Sign-On (SSO), and partners can enable SSO in provisioning and add an assertion party in the Manage SAML SSO setting.

Question: So, why is the Identity Authentication Service (IAS) necessary? Doesn’t adding IAS just create extra work?
Answer: The Identity Authentication Service (IAS) offers a lot of flexibility and can help overcome limitations within the SAP SuccessFactors application. It provides a more versatile and comprehensive approach to managing user access.

SAP Cloud Identity Services are a group of services in the SAP Business Technology Platform (SAP BTP) that help manage who can access what across different systems. They make it easier to log in once and access everything you need, while keeping your data and systems secure. These services include Identity Authentication, Identity Provisioning, Identity Directory, and Authorization Management.

Here are some key terms related to SAP Cloud Identity services good to be familiar with:

  • Identity Provisioning Service (IPS) is used to synchronize users from a source to a target or to provision and deprovision users based on identification and authorization. SuccessFactors is the source, and the Identity Directory is the target for our use case.
  • Identity Authentication Service (IAS) offers intuitive self-service choices, on-premises integration, and single sign-on for user authentication. IAS is used in our use case to authenticate users to SuccessFactors & Stories and in People Analytics and additional SAP apps in the future.
  • Identity Directory is a central repository for storing and managing users and groups.
  • Authorization Management uses the SAP Business Technology Platform to centrally manage user authorization for business applications.

Evolution in Motion: How It's Shaping the Future

  • SAP’s Intelligent Enterprise vision relies on a unified Identity Access Management system, integrating Identity Provisioning and Authentication on a single infrastructure.
  • Despite separate licenses, IAS and IPS will function together as a cohesive service.
  • The update to Identity Provisioning will streamline cloud solution integration by addressing complexities in secure communication protocols like OAuth and SAML.
  • Simplifying these protocols will strengthen security and ease integration, making it more straightforward and robust.
Consequently, SAP Cloud Identity Services will transform into the ultimate hub for both managing identity access and securing system-to-system communication.

Navigating Challenges and Unleashing Impact

Challenge at hand – Need to synchronize users from SAP SuccessFactors application to IAS. Concerns about syncing personal user details are common.

Workaround –

  • After migrating to IAS, partial SSO will be disabled and can’t be reactivated; future SAP SuccessFactors features require IAS-based authentication.
  • To use Partial SSO with IAS, users must be authenticated and their details synced through IAS as mandated by SAP.
  • User synchronization is only for essential fields like user ID, email, email, first name, last name, ensuring privacy by avoiding personal data.

Greatest Effect – To unlock IAS’s full potential, user synchronization is a must. SAP highlights it as a vital step for integrating with SAP SuccessFactors and setting the stage for smooth future integrations with other SAP solutions.

Unlocking the Treasure: Discovering the Benefits

SAP is urging all customers to transition to IAS, promising a more robust and secure login experience. As the old system’s expiration date approaches, ensuring a seamless transition for users is crucial to avoid any disruptions.

Discover the key advantages of embracing the migration:

  • Connection to other SAP solutions – Leveraging IAS as your identity provider paves the way for seamless future integrations with other SAP solutions.
  • Enhanced user experience – Augmented user logon experience by eliminating the password-specific URL and simplifying re-entry of email or username if cookies are cleared.
  • Fortified Security – Diverse login methods, such as password and two-factor authentication significantly reduce the risk of unauthorized access.
  • Financial gains – Save costs by simplifying identity management and eliminating the need to manage multiple systems. SuccessFactors customers get IAS as part of their license, and this enterprise-grade Identity Access Management feature is included free of charge.
  • Elevated Compliance – Adhere to industry regulations by leveraging IAS features. 

In a nutshell

SAP Cloud Identity Services function as the central hub for identity access management, enhancing security and adapting to dynamic business requirements. Its seamless integration with existing infrastructure and scalable solutions makes it a compelling choice for organizations aiming to elevate their identity access management practices.

INTEGRITTY’S Cloud Identity Mastery: How We Empower Your Implementation

Whether moving to the cloud, keeping your legacy system and building on top, or looking for a quick implementation, we help you build seamless roadmaps for your digital transformation. From single module, full suite, or hybrid implementations, our team of experts provides global and regional processes and experience.

Integritty offers a full complement to services required to be successful in implementing IAS / IPS and Cloud Identity Services.Please get in touch to find out more.