Episode #184
Introduction
In episode 184 of our SAP on Azure video podcast we talk again about Single Sign-On. For a VERY long time when I was working at SAP, I was working alongside a very special colleague and friend, Vinayak Adkoli. He was my partner in crime for a lot of projects. In the last projects we worked together on SAP API Management and simplifying the way how customers could manage SAP APIs. Then I moved to Microsoft, Vinayak moved from India to the US and today I have the pleasure of welcoming him in our podcast. Last week we already had an amazing episode with Martin Raepple from Microsoft and Christian Cohrs from SAP about Single Sign-On and Multifactor authentications in the context of SAP GUI and today we want to focus on API based authentications. Similar like with the SAP GUI this is one of the most talked about scenarios and I am glad that Vinayak can provide us with more insights on how this is working.
Find all the links mentioned here: https://www.saponazurepodcast.de/episode184
Reach out to us for any feedback / questions:
- Robert Boban: https://www.linkedin.com/in/rboban/
- Goran Condric: https://www.linkedin.com/in/gorancondric/
- Holger Bruchelt: https://www.linkedin.com/in/holger-bruchelt/
#Microsoft #SAP #Azure #SAPonAzure #APIManagement #SSO
Summary created by AI
- SAP API management and Azure AD integration: Vinayak Adkoli from SAP explained how to use different authentication flows to expose and consume SAP APIs with Azure AD as the identity provider.
- Single sign-on and multi-factor authentication: Holger Bruchelt from Microsoft highlighted the benefits of using the identity authentication service on BTP to federate with Azure AD and enable SSO and MFA for SAP GUI and other BTP services.
- API key and custom attributes: Holger and Vinayak discussed how to use API key and custom attributes in SAP API management to correlate the client credentials of BTP services and Azure AD applications.
- SAML assertion and token exchange: Vinayak demonstrated two approaches to generate and exchange SAML assertions for accessing on-premise SAP systems via cloud connector and BTP connectivity service: one using API management as a SAML issuer and one using Azure AD as a SAML issuer.
- Single Sign On to SAP Integration Suite / SAP API Business Hub Enterprise via Open ID Connect (OIDC) and SAP Cloud Identity Service (SAP IAS)
- Principal propagation in a multi-cloud solution between Microsoft Azure and SAP, Part VI: Calling the Microsoft Graph on behalf of the SAP-authenticated user
- Integrating Identity Authentication service & Azure Active Directory in SAP Cloud Platform – Proxy & Conditional Authentication scenarios - Part 1
- Enable SSO Between Azure AD and SAP Cloud Platform Using Identity Authentication Service
- Setup an Identity Authentication service (IAS) as an Identity Provider for the Integration Suite
- Principal propagation in a multi-cloud solution between Microsoft Azure and SAP, Part I: Building the foundation
- 0:00 Intro
- 1:45 Introducing Vinayak
- 3:30 What is SAP API Management?
- 7:55 User Authentication and Authorization within Integration Suite
- 15:00 Demo - First SSO flow
- 19:10 API Management verifies token issued by Entra ID to an external Client App
- 23:40 API Management verifies tokens issued by Entra ID to an external Client App and performs SSO to backend
- 26:10 API Management verifies tokens issued by Entra ID to an external Client App and performs SSO to backend (alternate)
- 27:55 Demo - flow via Postman Collection
- 31:50 Policies in SAP API Management
- 35:30 APIM facilities OBO SAML generation flow
- 38:00 Policy Templates
- 39:05 API Management performs token exchange within BTP to propagate Entra ID identity
- 41:00 Demo - with SAP Fiori app