SAP Cloud Identity Services

SAP Cloud Identity Services are a group of services on SAP BTP that manage identity and access across cloud and on-premise systems. They provide single sign-on, user provisioning, and policy-based authorization.

The services comprise:

• Identity Authentication (IAS) — cloud-based authentication, SSO (OIDC/SAML 2.0), corporate IdP federation, conditional authentication, and user store management. Acts as the identity provider for SAP BTP applications.
• Identity Provisioning (IPS) — identity lifecycle management as a service. Synchronizes users and groups between source and target systems (SAP and non-SAP) with full and delta read modes, real-time provisioning, and transformation support.
• Identity Directory — the central user store. Provides SCIM 2.0 REST API, custom schemas, and generates the Global User ID distributed by IPS to SAP cloud applications.
• Authorization Management (AMS) — policy-based authorization for BTP applications. Developers define policies in Data Control Language (DCL); administrators refine and assign them via the administration console.

Related Skills

• sap-btp-connectivity — destination service and connection authentication mechanics (OAuth client credentials, principal propagation through Cloud Connector)
• sap-cap-capire — CAP application-level auth usage (role templates, @requires annotations, cds deploy with xs-security.json)
• sap-btp-best-practices — high-level security governance and production deployment patterns
• sap-btp-cloud-platform — BTP account setup, subaccount configuration, service instance creation

When to Use This Skill