25

How to reuse user groups from IdP as External member lists

 2 years ago
source link: https://blogs.sap.com/2021/11/21/how-to-reuse-user-groups-from-idp-as-external-member-lists/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client
November 21, 2021 1 minute read

How to reuse user groups from IdP as External member lists

As mentioned in SAP Help member lists could be used to invite users to workspaces. In this blog I’m covering how to reuse Groups from you Source system (eg. IAS, Azure AD) as External Member list.

There are three types of member lists:

  • Member List. Users added manually or by uploading a csv file.
  • Dynamic Member List. User added by rules. Fro example Cost center, Department or a Custom attribute.
  • External Member list. Users are uploaded from another system by IPS.

In order provision External Member lists you can use SCIM groups (as a second artifact / entity next to users) via the SCIM API, using the Work Zone target system in IPS:  

"group":
    {
        "mappings": [
        {
            "sourceVariable": "entityIdTargetSystem",
            "targetPath": "$.id"
        },
        {
            "sourcePath": "$['urn:sap:cloud:scim:schemas:extension:custom:2.0:Group']['name']",
            "targetPath": "$.displayName"
        },
        {
            "targetPath": "$.schemas",
            "type": "remove"
        },
        {
            "constant": "urn:scim:schemas:core:1.0",
            "targetPath": "$.schemas[0]"
        },
        {
            "targetPath": "$.members",
            "type": "remove"
        },
        {
            "sourcePath": "$.members[*].value",
            "preserveArrayWithSingleElement": true,
            "optional": true,
            "targetPath": "$.members[?(@.value)]",
            "functions": [
            {
                "type": "resolveEntityIds"
            }]
        }]
    }

*Code sample works for IAS as source system and may require changes for other source systems

Apter the successful IPS job completion the groups from the source system will appear in SAP Work Zone as External Member list and could be used as invitation to a workspace.

For Example:

A group “Account” in IAS contains three users:

Group%20in%20IAS

Group in IAS

After IPS job completion the group “Account” has been created/updated in SAP Work Zone External member lists:

SAP%20Work%20Zone%20External%20member%20lists

SAP Work Zone External member lists

And the External Member list “Account” contains the same three users as IAS group:

External%20Member%20list%20users

External Member list users

Summary

Now you know how easy it is to reuse Groups from Source system connected to SAP Work Zone system (eg. IAS, Azure AD and etc). Further External Member lists are used to control membership for Workspaces. Let me know in case a separate blog is required to cover that topic as well.

For questions on SAP Work Zone, please raise them in the forums and use the tag “SAP Work Zone”.


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK