Enhanced Identity Federation in AS ABAP (New and Changed)
These are the release notes for the new features in the enhanced identity federation in AS ABAP. The new functionality includes mapping configurations between the assertion attributes from the identity provider and the user on the service provider, as well as different federation types for the name ID formats.
Identity federation provides the means to share identity information between partners. To share information about a user, partners must be able to identify the user, even though they may use different identifiers for the same user. The improved identity federation features allow the user to define mapping between the attributes passed in the assertion from the identity provider and the user in the AS ABAP system. To do this, the system uses a user ID source and a user ID mapping mode. For more information, see Identity Federation in AS ABAP.
The purpose of the Persistent Users type is to establish permanent user IDs in the AS ABAP. Use this kind of federation to support most scenarios where you need to map user identities across domains. The Persistent name ID format supports advanced options such as Interactive Account Linking and Automatic Account Creation. For more information, see Configuring Federation Type Persistent Users.
The new federation type Service Users is only applicable for the Transient name ID format. If you configure this federation type, multiple users can log on with one service user account because the service provider does not care about the identity of the logged-on user. This many-to-one user mapping is done with rules that use the information provided in the assertion attributes. For more information, see Configuring Federation Type Service Users.