Solved: SAP IAS - Password Synchronisation with Active Dir...

RP_25 · 4 weeks ago

Hello all,
Is it possible to sync passwords between IAS and Active Directory?
I have a scenario under which users can authenticate using the SPNEGO mechanism: however, in case the kerberos token is not available, they should be able to log-in via Username and Password, using the same password that they use to authenticate via AD.

I was not able to find anything in the documentation that reflects a similar scenario.

Any hint?
Best,
Roberto.

MSo

Hi Roberto,

IAS - rather IdDS, the Identity Directory Service - cannot export the user's password.
IdDS only keeps the psw hash but does not persist the user's psw.

Importing the user's password from another IdP or IDM system is possible via the SCIM API.
See https://api.sap.com/api/IdDS_SCIM/resource/Users for details.

If users shall be authenticated with their password in AD you might have a look at the Corporate User Store scenario: https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/corporate-user-store
With such a configuration AD can be leveraged as authenticating authority and thus psw synch will not be required.

Best, Marko - Product Management Identity Authentication Service

SAP IAS - Password Synchronisation with Active Directory

Accepted Solutions (1)

Accepted Solutions (1)

Answers (0)

Re: Read a JMS queue with a timer event

Re: Unable to list or upload data to SAP ObjectSto...

Re: Analytic Model ODATA

Re: How to Enable Multiple Selection Mode in a Dat...

I am getting the following error when trying to lo...