Authentication with Belgium’s itsme digital identity
Log in SAP with Belgium’s itsme digital identity
Itsme allows belgian citizens and residents to use digital identity services. Not only can you use it to login, but also to share many identity details, sign documents, confirm payments, and more.
It was originally created at the initiative of 4 belgian banks and 3 service providers: Belfius, BNP Paribas Fortis, ING and KBC, as well as Orange Belgium, Proximus and Telenet. It is approved by the very demanding eIDAS and is used more than 5 million times a month!
As SAP is opening up its ERP with portal solutions like SAP Build WorkZone, it only makes sense to extend the authentication and signing options as well. In this blog, we explore the value of their combination and recommend a technical architecture to make the most out of it.
Why SAP and itsme
It is for “external” SAP use-cases, that itsme makes most sense: supplier portals, customer portals, retired employees portals, etc.
These portals are becoming much more frequent, more powerful, easy to develop, maintain. They are changing the way that millions of people interact with SAP on a daily basis, by providing a more intuitive and accessible user interface.
On these portals, you can access not only your organization’s Fiori apps, but also many KPIs, processes, apps, also from 3rd party!
The complementary service we recommend is the SAP Customer Data Cloud. This combination is immensely powerful:
– itsme is convenient, fast and trustworthy to authenticate.
– SAP Customer Data Cloud lets you manage the identity, login, consent and registration to your websites.
– SAP Build WorkZone allows you to make accessible information and apps from your various SAP and non SAP systems!
Great login and signing convenience & trust
+ A complete identity management suite
+ Powerful and relevant portals
This allows you to turn anonymous visitors into loyal customers or business partners.
For “internal” cases of employees accessing your ERP, we would recommend working with our SAP Cloud Identity Services. It allows you to handle authentication and provisionning in the cloud, with your own identity provider, like Azure AD. In this case, the SAP IAS only acts as a tranparent service for both platforms to understand each other.
Where to start: how to authenticate with itsme
You could in theory work with the SAP Cloud Identity Services only, as it supports the openId protocol. You could then technically use itsme as an authentication method to access your platform.
This has a few shortcomings: GDPR-features would be missing, you would be losing a lot of precious information on who is logging in from where, when, etc.
You can reach out to itsme to enquire about their pricing.
Using SAP Customer Data Cloud, OpenID is a supported standard. You can follow these steps to connect your own itsme environment to SAP CDC, to your SAP Build Workzone portal.
You can then visually customize your login page, for a look like this one:
Finally, SAP CDC federates the anonymised user logging information on a beautiful, interactive and complete analytics dashboard.
You can run many kinds of customer insight studies, and benefit from the future developments of itsme.
Itsme has the ambition to become much more than an authentication and signing service. They officially consider to also become a “data vault” for citizens. In this data vault, individuals could keep their diplomas, EPCs (Energy performance certificates), health information and more.
Itsme also recently announced extending their operations to 9 new countries, other than Belgium! France, Estonia, Ireland, Italy, Portugal, Romania, Slovakia, Spain, and the United Kingdom.
This integration, which already brings convenience and trust, could make possible even more usecases! For hiring, carbon accounting, banking services, insurance, etc.
I also hope that itsme will join the SAP Store.
What do you think of this integration and its potential?
If you want to explore this topic together, get in touch with the SAP Belux team!