SAP Business One introduces the Identity and Authentication Management (IAM) service, allowing users to authenticate their Identity Provider (IDP) user when signing in to SAP Business One.

Connecting SAP Business One with an Identity Provider can help you manage user access securely without compromising on user experience during sign-in to SAP Business One.

What are the main benefits of using the IAM solution in SAP Business One?

  • Single sign-on (SSO) experience.
  • Reduce password fatigue – users do not need to remember an excessive number of passwords.
  • Enhance security during sign-in by utilising IDP’s Multi-Factor Authentication and reduce the potential attack surface.
  • A central user management solution, allowing landscape administrators to set up IDP users (under one or more IDPs), bind them to the SAP Business One company users, and manage users from across the company’s databases in one place.
Identity Providers Management

IAM can be activated by configuring IDPs and users under the newly added ‘Identity Providers’ and ‘Users’ tab in the SAP Business One System Landscape Directory (SLD) control center.

After upgrading to 10.0 FP 2208, the following Identity Providers appear by default under the ‘Identity Provider’ tab in SLD:

  • SAP Business One Authentication Server – Built-in Authentication Service
  • Active Directory Domain Services – Built-in Authentication Service

It is also possible to add OIDC (Open ID Connect) IDP by clicking on ‘Add.’

OIDC (Open ID Connect) Note: with 10.0 FP 2208, it is possible to register ‘AD FS‘ or ‘Azure Active Directory‘ as external identity providers in OIDC.

Identity and Authentication Management

By default, to preserve backward compatibility, IDPs are set to ‘inactive‘ after an upgrade. There is no change to the sign-in experience for SAP Business One users unless an IDP is activated.

Before an IDP is activated, there are a few important prerequisites that need to be fulfilled:

  • There must be at least one corresponding Landscape Admin user configured under the ‘Users’ tab in SLD.
  • IDP users should be created and bound to the SAP Business One company users across all companies.
  • The IDP property for add-ons needs to be adopted.
User Management

The newly added ‘Users’ Tab in SLD, acts as a one-stop shop for:

  • Adding and/or removing IDP users.
  • Binding IDP users to SAP Business One user across company databases.
  • Central user management solution: change passwords and activate and/or deactivate unified users (users created under the SAP Business One Authentication Server IDP), assign users with Landscape Admin role.

Note: The licenses assigned to SAP Business One company users remain unchanged after enabling the identity and authentication management.

Sign into SAP Business One with an IDP

Once an IDP is activated in SLD, the SAP Business One users will experience a new sign-in window. Depending on the landscape’s IDP configuration (IDP type, number of IDPs activated), users are redirected to their IDP within the SAP Business One sign-in window to authenticate.

Please get in touch if you would like to upgrade to version 10.0.

We hope that you find this tip helpful. For more information on Business One, please visit our webpage.

Source: SAP Business One Community Blogs