SAP Business One introduces the Identity and Authentication Management (IAM) service, allowing users to authenticate with their Identity Provider’s (IDP) user when Signing-in to SAP Business One.
Connecting SAP Business One with an Identity provider can help you manage user access in a secured manner without compromising on user experience during sign-in to SAP Business One.
An identity provider (IdP) is a service that stores and verifies user identity. IdPs are typically cloud-hosted services, and they often work with single sign-on (SSO) providers to authenticate users.
An identity provider (IdP) stores and manages users' digital identities. Think of an IdP as being like a guest list, but for digital and cloud-hosted applications instead of an event. An IdP may check user identities via username-password combinations and other factors, or it may simply provide a list of user identities that another service provider (like an SSO) checks.
IdPs are not limited to verifying human users. Technically, an IdP can authenticate any entity connected to a network or a system, including computers and other devices. Any entity stored by an IdP is known as a "principal" (instead of a "user"). However, IdPs are most often used to manage user identities.
Why are IdPs necessary?
Digital identity must be tracked somewhere, especially for cloud computing, where user identity determines whether or not someone can access sensitive data. Cloud services need to know exactly where and how to retrieve and verify user identity.
Records of user identities also need to be stored in a secured fashion to ensure that attackers cannot use them to impersonate users. A cloud identity provider will typically take extra precautions to protect user data, whereas a service not dedicated solely to storing identity may store it in an unsecured location, such as a server open to the Internet.
IAM can be activated by configuring IDPs and Users under newly added ‘Identity Providers’ and ‘Users’ tabs in SAP Business One System Landscape Directory (SLD) control center.
After upgrading to 10.0 FP 2208, The following Identity Providers appear by default under ‘Identity Provider’ tab in SLD:
It is also possible to add OIDC (Open ID Connect) IDP by clicking on ‘Add’
Identity Providers tab in SLD
By default, to preserve backward compatibility, IDPs are set to ‘inactive‘ after upgrade. There is no change to the Sign-in experience for SAP Business One users unless an IDP is activated.
Before an IDP is activated, there are a few important prerequisites that need to be fulfilled:
The newly added ‘Users’ Tab in SLD, acts as a ‘one stop shop’ for:
Note: The licenses assigned to SAP Business One company users remain unchanged after enabling the identity and authentication management.
Once an IDP is activated in SLD, SAP Business One users will experience a new Sign-in window. Depending on landscape’s IDP configuration (IDP type, number of IDPs activated), users are redirected to their IDP within SAP Business One Sign-in window to authenticate.
Watch the quick demo below on how to setup Microsoft Azure as an identity provider in SAP Business One and Sign-in to SAP Business One Web client with an Azure account.
As IAM has a noticeable footprint on a user’s Sign-in journey in addition to behavioral changes in SAP Business One, it is highly recommended reviewing ‘Identity and authentication management in SAP Business One‘ How-to-guide to learn more about the following topics:
The Identity and authentication management service is planned be rolled out in a phased manner.
With 10.0 FP 2208, IAM is supported by the following SAP Business One Products:
Please note that with 10.0 FP release, The IAM service is not supported by existing SAP Business One Cloud versions provided in Europe of N. America. It is planned to be supported in SAP Business One Cloud in later versions.
We hope this blog was useful to you as an introduction to SAP Business One’s Identification and Authentication Management service. I’m looking forward to hear about your experience working with IAM in SAP Business One.
Cloud Factory is an ERP specialist, helping you implement ERP systems such as MYOB Advanced, SAP Business One, Microsoft Dynamics 365, Microsoft Dynamics 365 Business Central, Wiise, PowerPlatform and Korber K.Motion Warehouse Edge.