SAP Cloud Identity – New Capabilities Available with the Latest Release
With the latest release of the SAP Cloud Identity we offer several new capabilities:
- extended branding
- social login
- responsive user interfaces
- registration form setup
- SAML trust configuration improvements.
Extended branding offers a setup of a custom global logo on the SAP Cloud Identity forms for log-on, registration, upgrade, password update, and account activation for all applications in a tenant. With the first SAP Cloud Identity release we already offered a Custom Logo Setup on Application Level.
The custom global logo is used to replace the SAP Cloud Identity product logo, displayed by default on the bottom left side or top left side of the SAP Cloud Identity forms. The custom global logo is different from the logo, used on application level. When a custom global logo is set up for a tenant, it is visible on the logon page together with the logo of the application, see Figure 2 below.
For more details, how to setup a custom global logo on tenant level and also the details about the size and type of the image, see the documentation Configure a Tenant Logo.
Figure 1. Display of the default SCI Log On form:
Figure 2. Display of an SCI Log On form with custom branding, including application logo, custom colors and custom global logo on tenant level:
Social login allows users to link their SAP Cloud Identity service accounts with social network accounts. Social login setup is performed on tenant level and then could be enabled or disabled for a particular application. With the latest release of the SAP Cloud Identity, we offer social login using the following social providers: Twitter, LinkedIn, Facebook and Google. Social provider buttons are available on the logon page of the cloud application, when the social login option is switched on for this application, see the Figure 3 below.
When a user tries to authenticate via a social identity provider for the first time, he is prompted to allow his SAP Cloud Identity account to be linked with his social network account. After this initial setup, the user can log on to the application using only the social provider authentication.
For more details, see Enable or Disable Social Sign-On for an Application.
Figure 3. Display of an SCI Log On form with custom branding and enabled social login for the application:
Responsive user interface (UI) technology is an approach to UI design for providing optimal viewing experience for wide range of devices and specially mobile phones and tablets. User interfaces, designed using this technology, offer easy reading and navigation with a minimum of re-sizing, scrolling and panning of the pages.
SAP Cloud Identity forms adapt their layout to the viewing environment by using fluid, proportion-based grids, flexible images and other responsive UI technics in order to bring a better user experience for the end users. You can see the effect by comparing the screenshot on Figure 3 with the re-sized view of the SCI Log On form, displayed on a mobile device, on Figure 4.
For more details about the supported browsers, see Supported Browser Versions for User Applications.
Figure 4. Display of an SCI Log On form on a mobile device:
Registration form setup – you can configure which user attributes SAP Cloud Identity service sends to the service provider to be displayed on application’s registration and upgrade forms.
After the user has filled in the form, the information from these attributes is recorded in the user’s profile. In the registration form setup you specify which personal, company, and contact information the application will prompt the user to provide when registering or upgrading and you also can select if the attribute is required or optional, see Figure 5 below. Two of the attributes “Last Name” and “E-mail” are always required and their settings could not be changed. All attributes set as required are marked with an asterisk on the respective form, see and Figure 6 below.
For more details about the registration and upgrade form setup, see Configure Registration and Upgrade Forms.
Figure 5. SAP Cloud Identity Administration Console: Registration form setup on application level:
Figure 6. Registration form display:
SAML Trust Configuration improvements include several new capabilities:
- Manual trust configuration of the service provider with respective Endpoit URLs and signing certificate – an alternative way to configure trusted service provider (With the first release we offered configuration of a trusted service provider by importing the service provider metadata *.xml file). For more details, see Configure Trusted Service Provider.
- SAML Assertion Attributes configuration – you can change the default names of the assertion attributes that the application uses to recognize the user attributes. You can use multiple assertion attributes for the same user attribute. For more details, see Configure the User Attributes Sent to the Application.
- Constant Attributes configuration – you can set the names and the fixed values of the constant attributes included in the assertion. For more details, see Configure the Constant Attributes Sent to the Application.
- Automatic trust configuration between a customer SAP HANA Cloud Platform account and an SAP Cloud Identity tenant of the customer. This automatic trust configuration is initiated from the SAP HANA Cloud Platform account and creates a new application on the respective SAP Cloud Identity tenant and sets the trust configuration on both sides – on the Service Provider side (SAP HANA Cloud Platform account) and on the Identity Provider sider (SAP Cloud Identity tenant). For more details, see ID Federation with a SAP Cloud Identity Tenant.
See also the news from Q2/2015: