Overview of the SAP Cloud Identity Service IAS SCIM Connector
The SAP Cloud Identity Service IAS SCIM Connector is designed to integrate SAP’s Identity Authentication Service (IAS), also known as Identity Directory, with EmpowerID. This connector uses the SCIM 2.0 protocol to facilitate the synchronization and management of user and group data between SAP IAS and EmpowerID, ensuring seamless identity and access management across both platforms.
Supported Functionality
The connector supports the following capabilities:
- User Inventory: Synchronizes user data from SAP IAS to EmpowerID.
- User Lifecycle Management: Manages user provisioning, updating, and deprovisioning.
- Group Inventory: Synchronizes group data from SAP IAS to EmpowerID.
- Group Membership: Manages user group memberships in EmpowerID based on data from SAP IAS.
Prerequisites
Before connecting EmpowerID to the SAP Cloud Identity Service IAS SCIM Connector, ensure the following prerequisites are met:
- System-Type Administrator Account: Create a system-type administrator account and secret in the SAP Cloud Identity Service with the following permissions:
- Manage Users
- Read Users
- Manage Groups
- Access Real-Time Provisioning API
- Required Information: Obtain the following details from SAP for onboarding the system in EmpowerID:
- Base URL of the Instance
- ClientID of the Admin User
- ClientSecret of the Admin User
Inventory Objects and their corresponding components in EmpowerID
Connects to the SAP IAS API and retrieves user data.
| Object in SuccessFactors | Component in EmpowerID |
|---|---|
| User | Account |
Attribute Mapping
The table below shows the attribute mappings of SAP IAS users to EmpowerID.
Personal Information
| SAP User Attribute | EmpowerID Person Attribute | SAP SCIM Interface Technical Attribute |
|---|---|---|
| UserID (readonly) | userId | |
| Global User ID (readonly) | id | |
| SCIM ID (readonly) | id | |
| Status | Status | active |
| User Type | EmployeeType | userType |
| Company Relationship | (Not currently mapped; can be if needed) | urn:ietf:params:scim:schemas:extension:sap:2.0:User.companyRelationship |
| Valid From | urn:ietf:params:scim:schemas:extension:sap:2.0:User.validFrom | |
| Valid To | urn:ietf:params:scim:schemas:extension:sap:2.0:User.validTo | |
| City | (Personal Address Information Not Managed) | addresses[?(@.type=='home')].Locality |
| ZIP/Postal Code | (Personal Address Information Not Managed) | addresses[?(@.type=='home')].postalCode |
| Country/Region | (Personal Address Information Not Managed) | addresses[?(@.type=='home')].country |
| State | (Personal Address Information Not Managed) | addresses[?(@.type=='home')].region |
| Street Address | (Personal Address Information Not Managed) | addresses[?(@.type=='home')].streetAddress |
| Street Address2 | (Personal Address Information Not Managed) | urn:ietf:params:scim:schemas:extension:sap:2.0:User.addresses[?(@.type=='home')].streetAddress2 |
| Salutation | name.honorificPrefix | |
| First Name | FirstName | name.givenName |
| Last Name | LastName | name.familyName |
| Login Name | Login | userNameLogin |
| Display Name | displayName | |
| Telephone | BusinessPhone | phoneNumbers[?(@.type=='work')].value |
| Mobile Phone | MobilePhone | phoneNumbers[?(@.type=='mobile')].valueMobilePhone |
| Fax | Fax | phoneNumbers[?(@.type=='fax')].value |
| emails[?(@.type=='work')].value | ||
| Language | locale | |
| Time Zone | timezone |
Employment Information
| SuccessFactors Attribute | EmpowerID Person Attribute | SAP SCIM Interface Technical Field |
|---|---|---|
| Employee Number | EmployeeID | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.employeeNumber |
| Cost Center | CostCenter | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.costCenter |
| Department | Department | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.department |
| Division | Division | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.division |
| Manager Id | Manager | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.manager.value |
| Manager Display Name (readonly) | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.manager.displayName |
Company Information
| SuccessFactors Attribute | EmpowerID Person Attribute | SAP SCIM Interface Technical Field |
|---|---|---|
| Industry | (Not currently mapped; can be if needed) | urn:ietf:params:scim:schemas:extension:sap:2.0:User.industry |
| Company | Company | urn:ietf:params:scim:schemas:extension:enterprise:2.0:User.organization |
| City | City | addresses[?(@.type=='work')].Locality |
| ZIP/Postal Code | PostalCode | addresses[?(@.type=='work')].postalCode |
| Country/Region | Country | addresses[?(@.type=='work')].country |
| State/Province | State | addresses[?(@.type=='work')].region |
| Street Address | StreetAddress | addresses[?(@.type=='work')].streetAddress |
| Street Address2 | StreetAddress2 | urn:ietf:params:scim:schemas:extension:sap:2.0:User.addresses[?(@.type=='work')].streetAddress2 |
Custom Attributes
| SuccessFactors Attribute | EmpowerID Person Attribute | SAP SCIM Interface Technical Field |
|---|---|---|
| Custom Attribute 1 | urn:sap:cloud:scim:schemas:extension:custom:2.0:User.attributes[?(@.name=='customAttribute1')].value | |
| Custom Attribute 2-9: same | ||
| Custom Attribute 10 | CustomAttribute10 | urn:sap:cloud:scim:schemas:extension:custom:2.0:User.attributes[?(@.name=='customAttribute10')].value |