SAP PLM Technology Bytes: Security and Identity & Access Management
Welcome to the first edition of our new blog series “Technology Bytes” which aims at uncovering foundational topics and underlying technology behind SAP Enterprise Product (EPD).
SAP has defined several Intelligent Enterprise Suite Qualities that contribute to a simplified experience and deliver immediate value to our customers. The suite qualities are implemented across end-to-end business processes delivered by the SAP Business Technology Platform (BTP) to unify user experience, security, workflow inboxes, data semantics, analytics, lifecycle management, and process architectures.
Cloud Identity Services: what is in it for SAP ?
SAP Cloud Identity Services include Identity Authentication, Identity Provisioning, Identity Directory and Authorization Management services. These services enable you to manage identities and single sign-on across all our solutions. SAP Cloud Identity reduces manual administration efforts for user management and identity provisioning and enables a seamless login process with SSO. When you adopt SAP cloud products like SAP EPD and integrate them into your system landscape, you choose an approach for identity access management (IAM). The approach you choose depends on the integration you want from the perspective of single sign-on, whether you have a unified, simple IAM landscape or a complex landscape in place.
Concepts for Identity Authentication and Single Sign-On (SSO), Identity Provisioning and Lifecycle Management, Business User Role Management are all provided by BTP so that all SAP applications can provide the same features all customers in the same way. Here you can also find an overview of how SAP makes the Intelligent Enterprise secure.
How authentication works in SAP EPD?
Identity providers provide the business users. The default platform identity provider SAP BTP is SAP ID service. If you use external identity providers, you must configure the trust relationship using the SAP BTP cockpit. The respective subaccount must have a trust relationship with the identity provider. Using the SAP BTP cockpit, you, as an administrator of the Cloud Foundry environment, establish this trust relationship. SAP EPD relies completely on BTP for user management. Most authentication issues can be traced back to the usage of passwords. To be on safe side, X.509 client certificate-based authentication coupled with (Multi Factor Authentication) should be preferred to eliminate the need for password management and limit the blast radius of compromised credentials. You can find the details on User Administration, Authentication, and Authorizations | SAP Help Portal.
How authorizations have been managed in SAP EPD?
In the Cloud Foundry environment, application developers create and deploy application-based authorization artifacts for business users. Administrators use this information to assign roles, build role collections, and assign these collections to business users or user groups. By doing so, they control the users’ permissions. SAP EPD does not have an own authorization concept but relies on BTP services (XSUAA). It is mostly use cases in some capabilities such as Collaboration or Specification Management.
What is the maintenance and update strategy of SAP EPD to safeguard customers when they benefit from open-source components?
In SAP EPD, we leveraged sorts of open-source components. Open-source components are regularly scanned for vulnerabilities and security patches are deployed as needed. This happens with centrally driven SLAs, based on issue priority.
In upcoming blogs and with new technology advancements over the releases, we plan to uncover the rest of questions on the foundational side of the house of SAP EPD iteratively. Your feedbacks matter! Please do ask whatever you’d like to get an answer for, and we’ll pick it up in the next blog.
Till then, please also:
- Follow the SAP Enterprise Product Development tag,
- Check the SAP Enterprise Product Development topic page,
- post and answer questions about SAP Enterprise Product Development,
- and read other posts on SAP Enterprise Product Development.
For More Information:
- SAP Enterprise Product Development Product Page
Get acquainted with the software and familiarize yourself with its capabilities, pricing, and use cases.
- SAP Enterprise Product Development Continuous Influence
Suggest improvements on SAP Cloud solutions and most recent technologies directly to the development teams.
Other useful links:
- SAP Integration Strategy eBook
- SAP Integration Strategy Whitepaper
- SAP Integration Strategy Topic Page
- Knowledge Transfer for SAP User Groups about the SAP Integration Strategy
About Author: Emre Acarer is part of the PLM Cloud Acceleration team focusing on portfolio management for PLM solutions at SAP.