Central Store-Based Provisioning: The Ultimate Solution for Application User Sync from IPS 🔁

byA.A.Sumudu Ranasinghe
0

2025-02-20_21-36-183.png

Central store-based provisioning enables the automatic provisioning of application-specific groups from the Identity Directory to the target systems whenever changes occur. These changes include user assignments or modifications of group attributes.mermaid-diagram-2025-03-01-213905.svg

Note

Currently, application-specific groups are supported for 

  • SAP Advanced Financial Closing
  • SAP Ariba Applications
  • SAP Analytics Cloud
  • SAP Application Server ABAP
  • SAP Ariba Central Invoice Management
  • SAP Sales Cloud and SAP Service Cloud
  • Microsoft Entra ID
  • Local Identity Directory provisioning systems

Create Application-Specific Groups or Assign Application-Specific Groups to existing Group

you can create application-specific groups in the Identity Directory of your SAP Cloud Identity Services tenant and provision them afterward to target systems of your choice.2025-03-01_13-26-58.png

Operating with application-specific groups by Identity Provisioning service requires having a source system with set property ips.application.id. By running provisioning jobs from such source system you can create, update, and delete application-specific groups in the Identity Directory of your SAP Cloud Identity Services tenant, depending on the values of their attributes.

Enable or Disable Central Store-Based Provisioning

You can enable or disable the Central Store-Based Provisioning option in the administration console for SAP Cloud Identity Services.

  • Under Applications and Resources, choose the Applications tile.
  • Choose the application that you want
  • Under the Provisioning tab, enable or disable the Central Store-Based Provisioning option
  • Once the application has been updated, the system displays the message Application <name of application> updated.2025-03-01_13-08-24.png

When you enable the Central Store-Based Provisioning for a specific application, whenever you update an application-specific group associated with this application, a provisioning of the updates is triggered, there is no need to run manual or scheduled jobs in the Identity Provisioning2025-03-01_12-43-12.gif

IPS Transformation Changes

Select the relevant source system, open the Properties tab, choose Edit and add the property ips.application.id =6f187cce-2f51-4efd-9bf4-9a8aabdd1c9c2025-03-01_13-30-40.pngMonitor Central Store Logs

Central Store Logs provide information about the application-specific groups that have been provisioned from the Identity Directory to your target systems.

Note

Central Store Logs are enabled and will appear under Provisioning Logs whenever changes to application-specific groups occur in the Identity Directory, such as assigning users or modifying group attributes.

 select your Identity Provisioning --->  Provisioning Logs --->  Central Store Logsyogananda_0-1740865346219.png



from New blog articles in SAP Community https://ift.tt/EtNfUrM
Tags:
A.A.Sumudu Ranasinghe

Department of Industrial Information Technology. Uva Wellassa University.

Post a Comment

Previous Post Next Post