SAP Cloud Identity Service - SAP HANA Cloud

Administration Guide PUBLIC2017-03-28
SAP Cloud Platform Identity Authentication Service

Content
1 SAP Cloud Platform Identity Authentication Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41.1 Release Notes for Identity Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Release Notes 2016. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Release Notes 2015. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Release Notes 2014. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
1.2 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Product Details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Web-Based Logon Interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Landscape Host. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Supported Browser Versions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Supported Languages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1.3 Get Started. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191.4 Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Business-to-Consumer Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Business-to-Business Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Business-to-Employee Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
1.5 Operation Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Configure Applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Configure Tenant Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75Password Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102Configure Privacy Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109Configure Terms of Use. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113User Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117User Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125User Provisioning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133Manage Administrators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141Corporate Identity Providers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148Social Identity Providers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169Export Change Logs with a History of Administration Operations. . . . . . . . . . . . . . . . . . . . . . . . . . 173Export Existing Users of a Tenant of SAP Cloud Platform Identity Authentication Service. . . . . . . . .177View Usage Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179SAML 2.0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179Troubleshooting for Administrators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
1.6 User Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182Two-Factor Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184Social Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187
2 P U B L I CSAP Cloud Platform Identity Authentication Service
Content

Use the Remember Me Option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189Access Applications with Single Sign-On on Mobile Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190Change Password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192Troubleshooting for Users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
1.7 Developer Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194API Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194API Documentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197Add Logon Overlays in Customer Applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248Configure Clickjacking Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250Troubleshooting for Developers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
1.8 Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2531.9 Integration Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255
Integration with SAP Cloud Platform. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255Integration with SAP Web IDE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262Integration with SAP Document Center. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .267Integration with SAP Identity Management 8.0. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272Integration with Microsoft Azure AD. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
1.10 Get Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2751.11 Updates and Notifications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
SAP Cloud Platform Identity Authentication ServiceContent P U B L I C 3

1 SAP Cloud Platform Identity Authentication Service
Table 1:
Get Started What's New
Overview [page 12]
Product Details [page 13]
Get Started [page 19]
Release Notes for Identity Authentication [page 5]
Scenarios Resources
Business-to-Consumer Scenario [page 20]
Business-to-Business Scenario [page 22]
Business-to-Employee Scenario [page 24]
Operation Guide [page 25]
User Guide [page 182]
Developer Guide [page 194]
Security [page 253]
Integration Scenarios [page 255]
Get Support [page 275]
Download This Documentation as PDF
Terms of Use
Copyright and Trademarks
Privacy
Legal Disclosure
Disclaimer
4 P U B L I CSAP Cloud Platform Identity Authentication Service
SAP Cloud Platform Identity Authentication Service
https://help.hana.ondemand.com/cloud_identity/SAP_Cloud_Identity_Service.pdfhttps://help.hana.ondemand.com/terms_of_use.htmlhttp://help.sap.com/disclaimer?site=http://www.sap.com/corporate-en/about/legal/copyright/index.htmlhttps://help.hana.ondemand.com/privacy.htmhttp://help.sap.com/disclaimer?site=http://www.sap.com/corporate-en/about/legal/impressum.htmlhttp://help.sap.com/disclaimer-full

1.1 Release Notes for Identity Authentication
28 March 2017 - Identity Authentication
Table 2:
Announcement
To improve the failover mechanism for Identity Authentication, we will add a new IP address (155.56.128.137) for the landscape host in Europe. If you have whitelisted the current IP, you also need to whitelist the new IP for the corresponding scenarios to work. For more information about Identity Authentication landscape hosts, see Landscape Host [page 15].
07 March 2017 - Identity Authentication
Table 3:
Enhancement
SAP Cloud Identity service is renamed to SAP Cloud Platform Identity Authentication service (in short, Identity Authentication). The renaming includes changes in the following:
UI texts, labels, and titles messages e-mail templates tenant logo
Table 4:
Enhancement
Updated the documentati

SAP Cloud Identity Service - SAP HANA Cloud

Text of SAP Cloud Identity Service - SAP HANA Cloud

SAP HANA Cloud Portal Product Management January 2016 HANA Cloud Portal Product Management January 2016 ... SAP Web IDE for rapid UI development with oData ... SAP Jam SAP HANA Cloud

Road Map: SAP HANA Cloud Platform

SAP HANA Cloud Platform

SAP HANA Cloud Portal - Deep Dive

SAP HANA Cloud Platform - An Update

SAP HANA Cloud Security

Cloud Integration Services on SAP HANA Cloud Platform

SAP HANA Cloud Portal - Overview Presentation

JOURNEY TO SAP HANA ENTERPRISE CLOUD

SAP HANA Cloud Platform - SuccessFactors Extensions

Success is Simply Human - Duke SAP HANA Cloud Integration SAP HANA Cloud Integration Engineered for

SAP TechEd 2015 | DEV109 | Extending Cloud Solutions from SAP using SAP HANA Cloud Platform

Using&JavaEE&ProtoCom&for& SAP&HANA&Cloud Using&JavaEE&ProtoCom&for&SAP&HANA&Cloud 2 Performance& Engineer

SAP HANA Enterprise Cloud - Data Center SAP HANA ENTERPRISE CLOUD ... SAP ILM for Archiving SAP NLS for Archiving SAP NetWeaver Portal 3rd Party Applications SAP

SAP S/4HANA, cloud editions 1511 Product Scope SAP FIORI HANA CLOUD C4C PLATFORM SAP HANA CLOUD PLATFORM

Student Engagement with SAP for (Higher) Education ... SAP HANA Database/SAP HANA Enterprise Cloud/SAP

SAP Inside Track Munich 2016 - SAP HANA Cloud Platform

SAP HANA Cloud Platform - Overview

SAP HANA Cloud Platform CodeJam 2015

SAP HANA Cloud Integration (SAP PRESS) | Reading Sample

SAP HANA MADE SIMPLE WITH VALIDATED SOLUTIONS & CONVERGED ... The NEW SAP SAP HANA Cloud Platform SAP

The cloud without compromise: SAP HANA Cloud ... SUCCESSFACTORS / WHITE PAPER SAP HANA Cloud Platform,

SAP HANA Cloud SAP HANA Cloud Platform Target State â€“ Platform to enable the Digital Transformation

SAP HANA Cloud Platform CodeJam

SAP HANA Cloud Platform Essentials-RecordOfAchievement

ITM212 Lifecycle Management for SAP HANA Cloud .ITM212 – Lifecycle Management for SAP HANA

SAP HANA Cloud Platform SAP HANA Cloud Platform is an open platform-as-a-service providing unique

SAP HANA Enterprise Cloud

SAP HANA was Sie von der neuen SAP Plattform .04.11.2016 · + Fiori UX SAP HANA Cloud Operations

A Managed Approach to Deploying SAP S/4 HANA – SAP HANA Enterprise Cloud