Streamlining Identity Management: Transitioning from SAP IDM to Azure Entra ID

SAP May 3, 2024

A couple of weeks ago, the message goes around that SAP will discontinoue the support for his own IDP (SAP IDM) and set it's end of live to 2027.

So what now? What are the alternatives? HELP?

The Soution Auzure Entra ID

Azure Entra ID and SAP IDM (Identity Management) are both solutions aimed at managing digital identities within organizations, but they differ in their approaches and features.

Entra ID offers a modern and streamlined approach to identity management, focusing on simplicity, security, and user experience. Its benefits include:

  1. Simplicity: Entra ID provides a user-friendly interface for both administrators and end-users, making identity management tasks intuitive and efficient.
  2. Security: The system employs advanced encryption techniques and robust security protocols to safeguard sensitive personal information, reducing the risk of identity theft and unauthorized access.
  3. Flexibility: Entra ID can adapt to the evolving needs of organizations, supporting various authentication methods and integration with existing IT infrastructure.
  4. Scalability: With its scalable architecture, Entra ID can accommodate organizations of all sizes, from small businesses to large enterprises, without compromising performance or security.
  5. Cost-effectiveness: Entra ID offers competitive pricing models and reduces administrative overhead, resulting in cost savings for organizations.

How to Integrate Entra ID

Here is a small step-by-step tutorial on how to integrate Entra ID:

Create a Corporate Identity Provider (Corp IdP): This represents your Microsoft Entra ID instance. Click on Identity Provider -> Corporate Identity Providers.

Now set the Display Name and choose the Identity Provider "Microsoft ADFS / Azure AD (SAML 2.0)

Next, you must download the SAML Metadata File (important for the Azure part) from the SAP Cloud Identity Services (SAP CIS) following this path:  

Applications and Resources -> Tenant Settings -> SAML 2.0 Configuration -> Download Metadata File 

In SAP CIS now Navigate to Identity Providers -> Corporate Identity Providers -> Microsoft Entra ID Identity Provider that you created -> SAML 2.0 Configuration -> Upload Metadata File 

WAIT WHAT? Which metadata file? This is the part where Entra ID comes into the game.

So leave it open and open up in a new tab the Azure Portal. Next, you must select your Entra ID

In Entra ID you must create an Enterprise Application

A Galery will open up, and it presents many predefined integrations, also for all SAP modules. Now search for "SAP Cloud Identity Services" and select this

We will use the SAML Metadata file to set up the trust between Microsoft Entra ID and SAP Identity Authentication Service (IAS). Click on Setup Single Sign-On.

Then choose SAML

And now you can upload the previously downloaded metadata file from the SAP portal

After the upload, the settings are automatically filled out. Now you can download the "Federation Metadata XML"

This file you must upload into the SAP Portal (in the opened previous tab)

Done!

Finally, you can test the Application to check if the login will work. So when you next will log in to your system. You will be redirected to the Entra ID, to sign on, and after a successful login, you will be redirected as an authenticated user into the SAP System.

Easy huh?

Conclusion

Integrating Microsoft Entra ID (Azure AD) with SAP Identity Authentication is a strategic move for organizations looking to streamline identity management processes, enhance security, and provide a seamless experience for users.

You can now build a robust and future-ready identity management ecosystem.

Tags