User provisioning and authentication for SAP Jam so far
If you aren’t a SuccessFactors customer and bought SAP Jam Collaboration, for example as your modern intranet, or as a sales and service collaboration tool integrated with SAP Hybris Cloud for Customer, you probably got SAP Jam together with the SAP Cloud Platform Identity Authentication service (IAS).
IAS is used to provision (=create) users into SAP Jam, as well as for authenticating users.
IAS provides you with the ability to connect to any other identity provider, for example to establish Single-Sign-On with your on-premise IdP, such as SAP IdM or Microsoft Active Directory.
For user provisioning though IAS has some limitations, especially because SAP decided to focus its resources on a service specifically designed for user provisioning: The SAP Cloud Platform Identity Provisioning service (IPS).
SAP Cloud Platform Identity Provisioning
New provisioning service for SAP Jam
Therefore since September 2017 new customers of SAP Jam Collaboration get their SAP Jam tenant pre-integrated with an IAS and an IPS tenant at the same time, with IPS handling user provisioning and IAS handling user authentication for SAP Jam.
In case they already have an IAS or IPS tenant, for example via an earlier purchase, SAP Jam will automatically be integrated into that existing landscape, without any manual interaction from somebody of SAP or the customer.
With IPS SAP Jam customers can now benefit from a number of additional capabilities that will reduce administrative work and consolidate on a single user provisioning system for all of SAP’s cloud solutions as well as other third-party solutions.
- Customers can provision exactly the users to SAP Jam that should have access to it. These users can be selected or filtered based on any attribute available in the source system.
- By default IPS is configured to use IAS as a source system. Manager information maintained there is now automatically provisioned to SAP Jam, allowing users to browse the org chart within the SAP Jam UI and mobile app.
- Users can easily be pulled from third-party systems like Microsoft Active Directory and be provisioned to both SAP Jam for user creation as well as to IAS to allow for user authentication at the same time.
- In case IAS shall be used in a proxy scenario where the authentication is forwarded to another IdP, there’s no need anymore to store user information in IAS. IPS can just provision users directly from the IdP into SAP Jam.
- IPS already supports a number of source and target systems, such as Microsoft Active Directory, Microsoft Azure Active Directory, SAP Cloud Platform, SAP Hybris Cloud for Customer, SAP SuccessFactors, Google G Suite, and of course SAP Jam Collaboration. And support for additional systems will be added over time, making it the single user provisioning place for SAP. With that, customers have one place to manage or their cloud applications, without any manual user creation, file uploads etc.
SAP Jam configured in IPS as a source system, showing the transformation of users
What about existing SAP Jam customers?
For customers who already have a running setup with SAP Jam and IAS, they will continue to be supported for the time being. However we are planning on providing a super-simple migration path to move them to IPS for user provisioning, so that they can benefit from all its advantages as soon as possible as well.
Where can I find out more?
Check this page to find out more about the SAP Cloud Platform Identity Provisioning service: https://wiki.scn.sap.com/wiki/display/Security/SAP+Cloud+Platform+Identity+Provisioning+Service
Also have a look at the help pages for IPS and SAP Jam: