Skip to content

Latest commit

 

History

History
75 lines (47 loc) · 4.05 KB

File metadata and controls

75 lines (47 loc) · 4.05 KB

Reassign Identity Provider

Table of Contents

Description

SAP BTP supports the use of customer's own corporate identity provider for platform users. In this example, we'll use the SAP Automation Pilot to automate the migration from one identity provider (e.g. sap.ids) to another on a BTP subaccount level.

This example provides two commands which utilize the SAP Authorization and Trust Management Service (xsuaa-sapcp) provided catalog.

ReassignIdentityProvider performs the following actions on the target user:

  • Gets all role collections which are assigned to the user
  • Assigns the user to the new identity provider by keeping their original set of role collections
  • Removes the user from the old identity provider

Reassign Single

MassReassignIdentityProvider performs the following actions in the target BTP subaccount:

  • Lists all users in the subaccount
  • Performs the ReassignIdentityProvider command on each user

Reassign All

ℹ️ Make sure to check the other examples in the BTP Provisioning section.

Requirements

To use this example you'll need the following:

Check out the following resources for more information:

How to use

Import the content of examples catalog in your Automation Pilot tenant. Navigate to the MassReassignIdentityProvider command and trigger it.

You'll need to provide values for the following input keys:

  • currentIdentityProvider - Origin key of the identity provider that is currently assigned to the users. For example: sap.ids
  • newIdentityProvider - Origin key of the identity provider that must be assigned to the users. For example: a1rwcluzy-platform
  • serviceKey - The original JSON, presented by SAP Authorization and Trust Management Service (plan apiaccess)

After the successful execution of the command, you can check which users were reassigned to another identity provider:

Finished Execution

Execution Output

To reassign the identity provider of a single user, navigate to the ReassignIdentityProvider command and trigger it.

You'll need to provide values for the following input keys:

  • targetUser - Email address of the target user which identity provider must be reassigned.
  • currentIdentityProvider - Origin key of the identity provider that is currently assigned to the user. For example: sap.ids
  • newIdentityProvider - Origin key of the identity provider that must be assigned to the user. For example: a1rwcluzy-platform
  • serviceKey - The original JSON, presented by SAP Authorization and Trust Management Service (plan apiaccess)

ℹ️ You can verify the result of your executions by navigating to your BTP subaccount and choosing Security -> Users.