Case Study – Authentication and Identity
The client required a medication track and trace system at which SAP ATTP was core. The system architecture contained multiple SAP and non-SAP elements. Due to SAP licensing constraints in the region where the project is being delivered SAP CIS could not be used as an IdP. Client needed an Active Directory type solution within which users would be onboarded, identities manged and authentication carried out.
30k users (mix of business to government and, individual medical professional to government)
500k+ individual users
Government Ministry department (Health / Pharma)
Business size & complexity
6k + employees
Project included a SAP ATTP system, Azure, Portal accessed via Web and Mobile, Active Directory and Analytics platform, SAP BTP, SAP API Management and SAP CPI
Xendl designed an architecture for the application where identity and user provisioning were delivered by Azure Active Directory, utilising Azure AD B2C and Azure Logic apps.
When data residency with the Azure components became a problem, Xendl redesigned the entire Authentication and identity solution to utilise an On-premise AD / AD FS solution, a custom user registration and ID propagation solution (including Secure LDAP) and authentication via a mixture of AD FS token exchange with SAP Principal Propagation.
What was delivered
AD / AD FS as an IdP
SAP Principal Propagation
User creation / propagation through SAP and non-SAP systems
Authentication through SAP and non-SAP systems
User access model managed using AD groups harmonised with SAP roles
Xendl apps/ accelerators
– Yes (expect some delays)
We are subject matter experts in the access provisioning space using technologies such as Azure Logic Apps or SAP GRC.