Additionally, paste this code immediately after the opening tag:

Case Study – Authentication and Identity

Problem Statement


The client required a medication track and trace system at which SAP ATTP was core. The system architecture contained multiple SAP and non-SAP elements. Due to SAP licensing constraints in the region where the project is being delivered SAP CIS could not be used as an IdP. Client needed an Active Directory type solution within which users would be onboarded, identities manged and authentication carried out. ​

Problem metrics​

30k users (mix of business to government and, individual medical professional to government)​
500k+ individual users

Client Information

Business vertical/type​

Government Ministry department (Health / Pharma)​

Business size & complexity​

6k + employees​
Project included a SAP ATTP system, Azure, Portal accessed via Web and Mobile, Active Directory and Analytics platform, SAP BTP, SAP API Management and SAP CPI


Xendl’s approach​

Xendl designed an architecture for the application where identity and user provisioning were delivered by Azure Active Directory, utilising Azure AD B2C and Azure Logic apps.​

When data residency with the Azure components became a problem, Xendl redesigned the entire Authentication and identity solution to utilise an On-premise AD / AD FS solution, a custom user registration and ID propagation solution (including Secure LDAP) and authentication via a mixture of AD FS token exchange with SAP Principal Propagation.​

What was delivered​

AD / AD FS as an IdP​
SAP Principal Propagation​
User creation / propagation through SAP and non-SAP systems​
Authentication through SAP and non-SAP systems​
User access model managed using AD groups harmonised with SAP roles​

Xendl apps/ accelerators​


Reference available​

– Yes (expect some delays)​

We are subject matter experts in the access provisioning space using technologies such as Azure Logic Apps or SAP GRC.