13

SAP CPQ SCIM API’s – Sync Users from your Identity Management

 1 year ago
source link: https://blogs.sap.com/2023/01/11/sap-cpq-scim-apis-sync-users-from-your-identity-management/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
January 11, 2023 3 minute read

SAP CPQ SCIM API’s – Sync Users from your Identity Management

Dear All

Background

Automating user sync from active directory to application is an important and time–saving process. It is a process that allows users to easily access applications by securely logging in and providing authentication. Without automation, users would have to manually enter their credentials into each application they need access to.

Active Directory (AD) is the heart of user identity management. It is an important component of the Windows–based network infrastructure, allowing users to authenticate and access resources of the network. By using AD, organizations can store user information in one location, allowing for easy access and management.

The process of automating user sync from active directory to application involves two major steps. First, the application must be configured to use the AD user credentials for authentication. This is done by setting up the appropriate user access policies and permissions. Second, the AD user accounts must be synchronized with the application. This is done by configuring the application to regularly pull the user information from AD.

SAP CPQ SCIM API enables you to manage users and their group assignments. If the SAP CPQ users are centrally managed in an external system, such as SAP Identity Authentication Service, this API can be used to integrate with the external system for user provisioning.

The System for Cross-domain Identity Management (SCIM) specifications are designed to make identity management in cloud-based applications and services easier. This API is based on the SCIM protocol (RFC7644) which makes integration easier when SAP CPQ is integrated with other SCIM-compliant systems.

E1xuOH7WYAErf7V.jpg

According to the flow described below, when a new user is onboarded to the organisation, user details will be created in IDM first, and once the access policy is updated, the user will sync to the appropriate application right away. This eliminates the need to create each individual application manually.  Also if user is left the organisation, user details will sync right away, so user cannot access the application at all.. so this eliminates the manual process as well.

2023-01-10_19-08-09.gif

Step 1

Administrators can access SCIM APIs via basic authorization. However, if the Access Rights feature is enabled for the tenant (Enable Access Rights toggle switch is turned on in Setup – Users – Access Rights), the system performs additional authorization check:

2023-01-11_12-48-49.png
2023-01-10_15-10-59.png
Note :
If you don’t see this in your CPQ domain, Kindly raise a Support ticket to request to enable Access Rights option

Step 2 –  API Documentation

161-trending-flat-solid.gifSAP CPQ SCIM v2 API for Users & Groups

List of available SCIM API endpoints for CRUD ( Create , Read, Update and Delete) operations to perform

2023-01-10_18-42-00.png

Step 3 –  Play locally with all the endpoints to understand better

GET Users

2023-01-10_15-01-21.png

GET Groups

2023-01-10_15-04-18-1.png

Step 4 :  Through your Identity Directory Management solution, you may automatically schedule tasks to synchronize the users.

Watch out for the next blog – Automate User Sync from SAP IPS to SAP CPQ


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK