4 weeks ago
Hello all,
Is it possible to sync passwords between IAS and Active Directory?
I have a scenario under which users can authenticate using the SPNEGO mechanism: however, in case the kerberos token is not available, they should be able to log-in via Username and Password, using the same password that they use to authenticate via AD.
I was not able to find anything in the documentation that reflects a similar scenario.
Any hint?
Best,
Roberto.
Hi Roberto,
IAS - rather IdDS, the Identity Directory Service - cannot export the user's password.
IdDS only keeps the psw hash but does not persist the user's psw.
Importing the user's password from another IdP or IDM system is possible via the SCIM API.
See https://api.sap.com/api/IdDS_SCIM/resource/Users for details.
If users shall be authenticated with their password in AD you might have a look at the Corporate User Store scenario: https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/corporate-user-store
With such a configuration AD can be leveraged as authenticating authority and thus psw synch will not be required.
Best, Marko - Product Management Identity Authentication Service
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
69 | |
8 | |
8 | |
6 | |
6 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.