Kommentare deaktiviert für Identity Provider (IdP)
An Identity Provider (IdP) is a service that creates, manages, and securely stores digital user identities, and verifies in the authentication process whether a user is indeed who they claim to be when accessing an application. The IdP acts as a central trusted authority: instead of providing each application with its own login credentials, the application redirects the user to the IdP, which verifies the identity and returns the result as a token.
Main features
- Central authentication and Single Sign-On (SSO) users log in with a single set of credentials and gain access to multiple applications, often combined with Multi-Factor Authentication (MFA).
- Identity Management: The IdP manages user profiles, attributes, and Authorisations central and thereby controls access to downstream resources.
Secure login via token: Login credentials are not transmitted to the application; the IdP confirms identity exclusively via a signed token.
- Increased security: Centralised policies such as MFA, password policies, and auditing are applied uniformly because passwords are not distributed across multiple systems.
In the SAP Business One context
SAP Business One uses an Identity Provider as part of its Identity and Authentication Management (IAM). Administrators bind IdP users to one or more tenants and thereby control login to SAP B1. This way, SAP B1 logins can also be embedded into the company's central authentication strategy.
Demarcation
An IdP is not an authorisation system in the strict sense: it determines who a user is (authentication), not what that user is allowed to do in the target application (authorisation). Fine-grained rights assignment – such as super-user rights or module permissions in SAP Business One – remains the responsibility of the application itself.
