Hi,
   We are trying to determine if SAP S/4HANA can dynamically connect to ISDS to obtain user information and group membership.  Currently we load our users into both ISDS / LDAP groups and into SAP / SAP Roles.  We do this because we have a requirement to have the userids consistently set up for both SAP and non-SAP applications.  We would prefer to have ISDS be the single source for all user information (user characteristics and group membership) and then to have SAP pick up that information from ISDS.  However we are having a difficult time determining if  SAP can pull this info from ISDS dynamically. 
  Does anyone have any experience connecting SAP S/4HANA on prem to ISDS for user info and group membership?
Thank you,
Ralph Broden

------------------------------
Ralph Broden
------------------------------

Hi - I don't know nothing about SAP S/S4HANA but is there a reason (since you have ISAM) you are not considering a Federation setup (SAML2.0 or OIDC Connect) instead of maintaining both ISAM and SAP id/groups to be identical on both sides. ISAM could be your IdP and SAS your SP side.

Just a though, you probably have other valid constraints. Just asking ....

------------------------------
Sylvain Gilbert
------------------------------

Original Message:
Sent: Thu February 20, 2020 01:23 PM
From: Ralph Broden
Subject: Connecting SAP S/4HANA on prem to ISDS and LDAP

Hi,
   We are trying to determine if SAP S/4HANA can dynamically connect to ISDS to obtain user information and group membership.  Currently we load our users into both ISDS / LDAP groups and into SAP / SAP Roles.  We do this because we have a requirement to have the userids consistently set up for both SAP and non-SAP applications.  We would prefer to have ISDS be the single source for all user information (user characteristics and group membership) and then to have SAP pick up that information from ISDS.  However we are having a difficult time determining if  SAP can pull this info from ISDS dynamically. 
  Does anyone have any experience connecting SAP S/4HANA on prem to ISDS for user info and group membership?
Thank you,
Ralph Broden

------------------------------
Ralph Broden
------------------------------

Sylvain,  Thanks for the reply.  I'll look into that to see if SAP can support that.  Thanks, Ralph

------------------------------
Ralph Broden
------------------------------

Original Message:
Sent: Thu February 20, 2020 02:48 PM
From: Sylvain Gilbert
Subject: Connecting SAP S/4HANA on prem to ISDS and LDAP

Hi - I don't know nothing about SAP S/S4HANA but is there a reason (since you have ISAM) you are not considering a Federation setup (SAML2.0 or OIDC Connect) instead of maintaining both ISAM and SAP id/groups to be identical on both sides. ISAM could be your IdP and SAS your SP side.

Just a though, you probably have other valid constraints. Just asking ....

------------------------------
Sylvain Gilbert

Original Message:
Sent: Thu February 20, 2020 01:23 PM
From: Ralph Broden
Subject: Connecting SAP S/4HANA on prem to ISDS and LDAP

Hi,
   We are trying to determine if SAP S/4HANA can dynamically connect to ISDS to obtain user information and group membership.  Currently we load our users into both ISDS / LDAP groups and into SAP / SAP Roles.  We do this because we have a requirement to have the userids consistently set up for both SAP and non-SAP applications.  We would prefer to have ISDS be the single source for all user information (user characteristics and group membership) and then to have SAP pick up that information from ISDS.  However we are having a difficult time determining if  SAP can pull this info from ISDS dynamically. 
  Does anyone have any experience connecting SAP S/4HANA on prem to ISDS for user info and group membership?
Thank you,
Ralph Broden

------------------------------
Ralph Broden
------------------------------