Authentication and Identity

Challenge

The client required a medication track and trace system at which SAP ATTP was core. The system architecture contained multiple SAP and non-SAP elements. Due to SAP licensing constraints in the region where the project was being delivered SAP CIS could not be used as an IdP. Client needed an Active Directory type solution within which users would be onboarded, identities managed, and authentication carried out. ​

Problem metrics

• 30k users (mix of business to government and, individual medical professional to government)​
• 500k+ individual user.

Solution

Xendl designed an architecture for the application where identity and user provisioning were delivered by azure active directory, utilising azure AD B2C and azure logic apps.

When data residency with the azure components became a problem, Xendl redesigned the entire authentication and identity solution to utilise an on-premise ad / ad fs solution, a custom user registration and id propagation solution (including secure LDAP) and authentication via a mixture of ad fs token exchange with sap principal propagation.

Customers comments

Getting the solution “live” was (as stated by mark in an earlier mail) a measure and feat of software engineering in the most difficult of environments that really shows how strong this project team was.

Results

Xendl delivered

• AD / AD FS as an IdP​
• SAP Principal Propagation​
• User creation / propagation through SAP and non-SAP systems​
• Authentication through SAP and non-SAP systems​
• User access model managed using AD groups harmonised with SAP roles​