If you want to use a custom identity provider, you must set up trust between the subaccount and the SAP Cloud Identity Services - Identity Authentication service.
If you have run the booster Prepare an Account for ABAP Development, you can skip this step.
If you have custom identity provider, you can use a function in SAP BTP cockpit to set up trust between your subaccount and the Identity Authentication service for SAP BTP automatically. The trust configuration is of type OpenID Connect.
For more information, see Establish Trust and Federation Between SAP Authorization and Trust Management Service and Identity Authentication.
-
In the SAP BTP cockpit, go to the subaccount for your ABAP system.
-
From the navigation area, choose Security > Trust Configuration.
-
Choose Establish Trust.
-
In the following popup, select a identity provider from the dropdown list.
Only identity providers that are associated with your customer ID are shown.
-
Choose Establish Trust.
Trust of type OpenID Connect between your subaccount and the identity provider is generated.
-
Log on to the Identity Authentication service.
-
From the navigation area, choose Applications & Resources > Applications.
-
Search for the application that has been created as part of the trust setup.
The name of the application has the format *SAP BTP subaccount *<Subaccount Name>**, but you can change it if needed.
Older application names have the format XSUAA_<Subaccount Name>.
-
Verify that the subject name identifier matches the login_attribute chosen during ABAP system provisioning.
ABAP login_attribute
SAP Cloud Identity Services Subject Name Identifier
email
email
user_name
login name