SAP Cloud Identity Service IAS SCIM Connector

Owned by Phillip Hanegan
Last updated: Jul 31, 2024
2 min read

The SAP Cloud Identity Service IAS SCIM Connector is designed to integrate SAP’s Identity Authentication Service (IAS), also known as Identity Directory, with EmpowerID. This connector uses the SCIM 2.0 protocol to facilitate the synchronization and management of user and group data between SAP IAS and EmpowerID, ensuring seamless identity and access management across both platforms.

Supported Functionality

The connector supports the following capabilities:

  • User Inventory: Synchronizes user data from SAP IAS to EmpowerID.

  • User Lifecycle Management: Manages user provisioning, updating, and deprovisioning.

  • Group Inventory: Synchronizes group data from SAP IAS to EmpowerID.

  • Group Membership: Manages user group memberships in EmpowerID based on data from SAP IAS.

Prerequisites

Before connecting EmpowerID to the SAP Cloud Identity Service IAS SCIM Connector, ensure the following prerequisites are met:

  1. System-Type Administrator Account: Create a system-type administrator account and secret in the SAP Cloud Identity Service with the following permissions:

    • Manage Users

    • Read Users

    • Manage Groups

    • Access Real-Time Provisioning API

  2. Required Information: Obtain the following details from SAP for onboarding the system in EmpowerID:

    • Base URL of the Instance

    • ClientID of the Admin User

    • ClientSecret of the Admin User

Inventory Objects and their corresponding components in EmpowerID

Connects to the SAP IAS API and retrieves user data.

Object in SuccessFactors

Component in EmpowerID

Object in SuccessFactors

Component in EmpowerID

User

Account

Attribute Mapping

The table below shows the attribute mappings of SAP IAS users to EmpowerID.

Personal Information

SAP User Attribute

EmpowerID Person Attribute

SAP SCIM Interface Technical Attribute

SAP User Attribute

EmpowerID Person Attribute

SAP SCIM Interface Technical Attribute

UserID (readonly)

 

userId

Global User ID (readonly)

 

id

SCIM ID (readonly)

 

id

Status

Status

active

User Type

EmployeeType

userType

Company Relationship

 (Not currently mapped; can be if needed)

urn:ietf:params:scim:schemas:extension:sap:2.0:User.companyRelationship

Valid From

 

urn:ietf:params:scim:schemas:extension:sap:2.0:User.validFrom

Valid To

 

urn:ietf:params:scim:schemas:extension:sap:2.0:User.validTo

City

 (Personal Address Information Not Managed)

addresses[?(@.type=='home')].Locality

ZIP/Postal Code

 (Personal Address Information Not Managed)

addresses[?(@.type=='home')].postalCode

Country/Region

 (Personal Address Information Not Managed)

addresses[?(@.type=='home')].country

State

 (Personal Address Information Not Managed)

addresses[?(@.type=='home')].region

Street Address

 (Personal Address Information Not Managed)

addresses[?(@.type=='home')].streetAddress

Street Address2

 (Personal Address Information Not Managed)

urn:ietf:params:scim:schemas:extension:sap:2.0:User.addresses[?(@.type=='home')].streetAddress2

Salutation

 

name.honorificPrefix

First Name

FirstName

name.givenName

Last Name

LastName

name.familyName

Login Name

Login

userNameLogin

Display Name

 

displayName

Telephone

BusinessPhone

phoneNumbers[?(@.type=='work')].value

Mobile Phone

MobilePhone

phoneNumbers[?(@.type=='mobile')].valueMobilePhone

Fax

Fax

phoneNumbers[?(@.type=='fax')].value

Email

Email

emails[?(@.type=='work')].value

Language

 

locale

Time Zone

 

timezone

Employment Information

SuccessFactors Attribute

EmpowerID Person Attribute

SAP SCIM Interface Technical Field

SuccessFactors Attribute

EmpowerID Person Attribute

SAP SCIM Interface Technical Field

Employee Number

EmployeeID

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.employeeNumber

Cost Center

 CostCenter

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.costCenter

Department

 Department

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.department

Division

 Division

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.division

Manager Id

 Manager

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.manager.value

Manager Display Name (readonly)

 

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.manager.displayName

Company Information

SuccessFactors Attribute

EmpowerID Person Attribute

SAP SCIM Interface Technical Field

SuccessFactors Attribute

EmpowerID Person Attribute

SAP SCIM Interface Technical Field

Industry

 (Not currently mapped; can be if needed)

urn:ietf:params:scim:schemas:extension:sap:2.0:User.industry

Company

 Company

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.organization

City

City

addresses[?(@.type=='work')].Locality

ZIP/Postal Code

PostalCode

addresses[?(@.type=='work')].postalCode

Country/Region

Country

addresses[?(@.type=='work')].country

State/Province

State

addresses[?(@.type=='work')].region

Street Address

StreetAddress

addresses[?(@.type=='work')].streetAddress

Street Address2

 StreetAddress2

urn:ietf:params:scim:schemas:extension:sap:2.0:User.addresses[?(@.type=='work')].streetAddress2

Custom Attributes

SuccessFactors Attribute

EmpowerID Person Attribute

SAP SCIM Interface Technical Field

SuccessFactors Attribute

EmpowerID Person Attribute

SAP SCIM Interface Technical Field

Custom Attribute 1

 

urn:sap:cloud:scim:schemas:extension:custom:2.0:User.attributes[?(@.name=='customAttribute1')].value

Custom Attribute 2-9: same

Custom Attribute 10

 CustomAttribute10

urn:sap:cloud:scim:schemas:extension:custom:2.0:User.attributes[?(@.name=='customAttribute10')].value

Next Steps

Connect to SAP Cloud Identity Service IAS