You choose between a local identity provider and a corporate identity provider to be the default identity provider for your application.
-
You are assigned the Manage Corporate Identity Providers role. For more information about how to assign administrator roles, see Edit Administrator Authorizations.
-
You have a configured corporate identity provider. For more information how to configure a corporate identity provider, see Related Information.
-
You haven't added any rules for authentication. For more information, see Configure Conditional Authentication for an Application.
In this scenario you choose which is the default identity provider. It can be either the local identity provider (Identity Authentication) or a corporate identity provider.
Initially Identity Authentication is set as the default local identity provider.
This choice gives you access to all application settings in the administration console for SAP Cloud Identity Services.
If the choice is a corporate identity provider, Identity Authentication acts as a proxy to delegate authentication to the external corporate identity provider. For more information, see Corporate Identity Providers
When you select a corporate identity provider, and you want to apply the custom application configurations for authentication and access policies, you should enable Apply Application Configurations for that corporate identity provider. For more information, see Configure Identity Federation.
To choose a default identity provider for an application, proceed as follows:
-
Sign in to the administration console for SAP Cloud Identity Services.
-
Under Applications and Resources, choose the Applications tile.
-
Choose the application that you want to edit.
Type the name of the application in the search field to filter the list items, or choose the application from the list on the left.
If you don’t have a created application in your list, you can create one. For more information, see Create a New Application.
-
Choose the Trust tab.
-
Under the Conditional Authentication section, choose the Conditional Authentication list item.
-
Select from the drop down the identity provider that the application will use as the default identity provider.
-
Save your changes.
Once the application has been updated, the system displays the message Conditional Authentication updated.
The application will use only the chosen identity provider for authentication.
If you select the local identity provider, you will able to access the custom configurations for the applications.
If you select a corporate identity provider, you will access only some of the custom configurations for the applications. The configurations under the Authentication and Access and Branding and Layout tabs will be partially visible. The user will be prompted to provide credentials in a single logon page.
-
Optional: (When a corporate identity provider is chosen as default identity provider) Enable the Allow Identity Authentication Users Log On option. For more information see, Use the Allow Identity Authentication Users Log On Option.
Related Information
Configure Logon via Identity Authentication when a Corporate IdP is Chosen as Default
Configure Conditional Authentication for an Application
Enable SSO with All Corporate Identity Providers
Configure Logon via Identity Authentication when a Corporate IdP is Chosen as Default