In its version 10.0 FP 2208, SAP Business One (SAP B1) has introduced its Identity and Authentication Management (IAM) service. The IAM service serves as a trusted identity provider that allows SAP users to use a single sign-on or SSO facility to access multiple accounts.
With this service, SAP B1 users can use their identity provider or IDP credentials when signing into any SAP B1 account. By integrating SAP Business One with identity provider management, organizations can easily manage each user account securely without compromising the user’s experience during the sign-on process.
Next, let’s discuss the main benefits of integrating SAP Business One with IDP using the IAM service.
Benefits of IAM with SAP Business One
Here are some of the main benefits of the IAM solution in SAP Business One:
- Facilitates SSO, thus, enhancing the usability of SAP B1
- Reduces password fatigue as SAP B1 users do not have to remember multiple passwords for different SAP accounts
- Improves website security by leveraging IDP’s multi-factor authentication (MFA), thus reducing the chances of a potential surface attack
- Provides a centralized location for administrators to configure multiple IDP users and bind them to SAP B1 users
Next, let’s discuss how to activate identity and authentication management in SAP B1 by configuring IDP.
How to Activate IAM in SAP B1?
To activate IAM, you can use the SAP B1 System Landscape Directory (SLD) control center to configure the IDP and user bindings. You can use any of these three approaches:
- Unified user authentication
- MS Windows domain account authentication
- OpenID Connect or OIDC
You can add an external IDP with OIDC that allows you to confirm the end user’s identity with proper authentication. With OIDC, you can use an existing IDP account. For example, you can use your Microsoft account to sign into SAP B1.
Here is how you can configure IAM using the SAP B1 SLD control center:
1. In the SLD control center, navigate to the “Identity Providers” tab. By default, the following IDPs will appear in the “Identity Providers” tab:
- SAP Business One Authentication Server
- Active Directory Domain Services
For instance, you can add an OIDC IDP. With the SAP B1 10.0 FP 2208, you can register an Active Directory Federation Service (ADFS) or an Azure Active Directory as an external IDP in OIDC. For backward compatibility, every added IDP is marked as “inactive” after the upgrade.
Also Read: SAP Business Network 2208 Release—What’s New?
Developed by Microsoft, the ADFS is an SSO functionality that provides safe and authenticated access to any web domain, application, or system existing within the organization’s active directory. To add an ADFS as an OIDC IDP, you need to create an application group in the ADFS management tool and then register the added ADFS in the SAP B1 SLD control center.
Similar to ADFS, the Azure Active Directory (Azure AD) is an enterprise-level identity service that provides SSO, MFA, and conditional access. To add the Azure AD as an OIDC IDP, you need to register an application in Azure AD and then register Azure AD in the SAP B1 SLD control center.
In the next section, let’s discuss how to add and manage IDP users in SAP Business One.
Adding and Managing Users in SAP B1
You can use the “Users” tab in SAP B1 SLD to add and manage IDP users. Besides adding and removing IDP users, you can use this tab to bind the users to the SAP B1 users.
Here’s how you can add an IDP user:
- From the Users tab in SAP B1 SLD, click Add.
- Add the user with the following information:
- Identity provider or IDP of the user
- Username and password
- Landscape administrator—only if you want admin privileges for this user
After adding the IDP user, you can bind the user to an SAP B1 user. From the same “Users” tab of SAP B1 SLD, click Bind for the selected user and then enter the following information:
- The network address of the server
- Company database on the server
- User code of the SAP B1 user
After user binding, the SAP B1 user is bound to the same user code across the entire company. It cannot be bound to another user code. Alternatively, you can choose to unbind the SAP B1 user from the “Company Users” section in the “Users” tab.
Next, let’s discuss how to sign into SAP Business One as an IDP user.
Signing into SAP B1 with an IDP
After activating the IDP using SLD, SAP Business One displays a new sign-in window. Depending on the IDP configuration details—type of IDP and the number of activated IDPs—SAP B1 users are redirected to their particular IDP. You can use the SAP Business One authentication window to log in as the IDP.
What is the future rollout plan for IAM services in SAP Business One? Let’s discuss that next.
The Future Rollout Plan for the SAP B1 IAM Service
SAP is planning to roll out the Identity and Authentication Management service of SAP B1 in a phased manner. For version 10.0 FP 2208, IAM service is supported on the following SAP B1 products:
- SAP Business One
- SAP Business One for SAP HANA
This IAM service is not supported on the existing SAP Business One Cloud 10.0 FP release. SAP plans to provide this support in future versions of SAP B1 Cloud.
With its 10.0 FP 2208 release, SAP Business One has introduced the effective Identify and Authentication Management (IAM) service. This service enables fast and convenient user authentication without any compromise on the security aspect. On its part, the IAM service has impacted behavioral changes in SAP Business One.
As an SAP consulting and implementation partner, Praxis Info Solutions has implemented customized solutions in SAP B1 for its global clientele. We offer our SAP B1 solutions across industry domains including manufacturing, food processing, and trading. Read our latest blog on how to perform financial consolidation using SAP Business One.
Are you looking for technical assistance to configure SAP Business One with an IDP? We can help you out. Contact us today.