You need to use multiple identity providers for different groups of business users. You want to guide business users to the right identity provider for logon.
Usually there's a single identity provider, which is needed for most users.
Additional identity providers are only needed in exceptional cases.
Basic Considerations Before You Provide a Logon Link for Business Users
|
Recommendation |
Description |
|---|---|
|
(Preferred) Try to avoid multiple trust configurations at all. |
Hide the default identity provider and connect a single SAP Cloud Identity Services tenant. Connect further identity providers as corporate identity providers in the SAP Cloud Identity Services tenant and use conditional authentication rules in SAP Cloud Identity Services. |
|
(Feasible) If multiple trusts are really needed in the subaccount, avoid that business users must pick a specific trust by giving them dedicated application URLs, which choose the right identity provider (only supported by some applications). |
Some applications can be accessed using a URL that includes a query parameter to define the trust configuration for user login, instead of asking the user to choose one.
Options
If your custom applications use application router, you can enable support for the parameter by following the application router documentation. See Dynamic Identity Provider Configuration or routes.
|
|
(Exceptional) If business users must really choose the identity provider. Make sure the respective link texts on the login page makes sense to them, so that they can easily choose the right one. |
Review the link texts of all trust configurations, where Available for User Logon is enabled, so that business users understand which one to choose. For more information, see Rename the Logon Link Text for Custom Identity Providers. |