Enjoyable video, and I love the Visual diagrams here, this is far better than using pre made visio diagram. I have one question that I’ve never quite understood, and it’s why anyone would use IAS as a proxy? What scenarios would present themselves where by a customer would need or want to use IAS as proxy? If a customer uses AAD as their main IDP, surely it’s easier and cleaner to establish a trust directly to the application for the assertion exchange?
You just need to connect the 3rd party IdP once to SAP IAS and can then use it for different subaccounts. Integration between Subaccount and IAS is established with one click. And using it as a proxy, you can also use IAS as Platform IdP for both Subaccounts and Global Account.
@@clouddnagmbhthank you for your answer. I am aware of how simple the integration is, but what’s the technical reason for this? Why introduce another point of failure if you’re not actually benefitting for it? Take for example SF, it’s mandatory for all customer to use IAS as a proxy, IAS has to be involved even if you are not using it and you want to use azure, or Okta, etc! I cannot understand why SAP force this on customers if the IDP is not actually providing on technical benefit….or maybe global / sub accounts can only authenticate with IAS?
@@DIFFIEH You might have a case where you have multiple identity providers in which case you may want to have a IAS act as a proxy to these disparate IdPs. Some IdPs may be an SAP IdP or other corporate IdPs, as each may want to manage their own identities for their areas. Each of those multiple IdPs only have to establish trust between them and the single IAS proxy, and therefore between multiple applications and the IAS proxy as a central point. Each of those applications may have a separate Idp for authorization, such that a user can, through SSO, have access to different applications without the need to go through the authentication/authorization flow each time. It would simply the setup when new applications and IdPs may be added to the system.
Well explained
Excelente Please + data
really super ...stright to the point explanation ..very nice
Enjoyable video, and I love the Visual diagrams here, this is far better than using pre made visio diagram.
I have one question that I’ve never quite understood, and it’s why anyone would use IAS as a proxy? What scenarios would present themselves where by a customer would need or want to use IAS as proxy? If a customer uses AAD as their main IDP, surely it’s easier and cleaner to establish a trust directly to the application for the assertion exchange?
You just need to connect the 3rd party IdP once to SAP IAS and can then use it for different subaccounts. Integration between Subaccount and IAS is established with one click.
And using it as a proxy, you can also use IAS as Platform IdP for both Subaccounts and Global Account.
@@clouddnagmbhthank you for your answer. I am aware of how simple the integration is, but what’s the technical reason for this? Why introduce another point of failure if you’re not actually benefitting for it? Take for example SF, it’s mandatory for all customer to use IAS as a proxy, IAS has to be involved even if you are not using it and you want to use azure, or Okta, etc! I cannot understand why SAP force this on customers if the IDP is not actually providing on technical benefit….or maybe global / sub accounts can only authenticate with IAS?
@@DIFFIEH You might have a case where you have multiple identity providers in which case you may want to have a IAS act as a proxy to these disparate IdPs. Some IdPs may be an SAP IdP or other corporate IdPs, as each may want to manage their own identities for their areas. Each of those multiple IdPs only have to establish trust between them and the single IAS proxy, and therefore between multiple applications and the IAS proxy as a central point. Each of those applications may have a separate Idp for authorization, such that a user can, through SSO, have access to different applications without the need to go through the authentication/authorization flow each time. It would simply the setup when new applications and IdPs may be added to the system.