On SAP BTP, user management takes place at all levels from global account to environment. There are different types of users, such as depending on their roles in the company.
A user account corresponds to a particular user in an identity provider. The user is always stored in an external identity provider, such as a custom tenant of SAP Cloud Identity Services - Identity Authentication or the default identity provider.
User accounts enable users to log on to SAP BTP, access subaccounts, and to use applications according to the permissions granted to them.
A user name alone doesn't determine a concrete user account with associated authorizations, as you can have users with the same user name in different identity providers. Accessible data and allowed operations also depend on the identity provider. The concrete user is identified by the combination of user name and identity provider.
There are two users with the same user name, which is the email address here. The two users with different identity providers have different authorizations and can access different applications.
[email protected] from the custom identity provider has authorizations to access her favorite industrial applications. She needs the logon with the custom identity provider for her actual work.
[email protected] from the default identity provider has no authorizations.
Before diving into the different user and member management concepts, it's important to understand the difference between the two types of users we’re referring to: platform users and business users.
For more information, see Platform Users and Business Users.
Related Information