Why It’s the Bee’s Knees

Imagine you’re trying to link a SCIM target system, be it SAP or non-SAP, and you find yourself in a pickle. You realize it might be a cinch, or even downright essential, to bypass the SAP Cloud Identity Services Identity Provisioning Service (IPS) and instead go for the gold with a direct connection.

Now, this could sneak up on you for a myriad of reasons. Maybe, there isn’t a connector in IPS for your dream target application. Or perhaps your target system demands certain fancy headers that IPS just won’t let you set.

Regrettably, the standard-issue SCIM package of SAP Identity Management (IdM) is tailor-made for the IPS. It’s a bit like trying to fit a square peg in a round hole when you want to connect any other SCIM target system.

How It’s a Game Changer

But wait, there’s hope! The wizards at SAP Professional Services have concocted a Java SCIM connector. This is no ordinary connector – it’s more like a Swiss Army Knife! It not only lets you link SCIM target systems directly to IdM, but it also supports the extensions of SAP Identity Management Business Extensions Service (formerly known as RDS, more details here).

Moreover, you can dictate additional headers and cherry-pick the information you wish to glean from the return body of the SCIM API call. It’s also compatible with native basic and oAuth authentication flows, including the support for X-CSRF tokens.

Deploying this connector is like having a backstage pass to connect any native SCIM application directly to SAP IdM.

For instance, I’ve harnessed this connector package to link a Service Now instance to an SAP IdM system – easy as pie!

The Inside Scoop

If your curiosity is piqued and you’re itching to know more about this service and how to roll it out, don’t be shy! Reach out to me directly or shoot an email to security.consulting@sap.com. We’re all ears!