2906040 - IPS job fails with HTTP code 403 when provisioning from/to an Identity Authentication tenant. BasicAuthentication is set

• Provisioning users with Identity Provisioning (IPS) from/to Identity Authentication fails.
• In the job log, the following error message is displayed:

Cannot execute provisioning job in tenant context: xxx
Caused by: com.sap.cloud.ips.connector.exception.ProvisioningRuntimeException: Error during execution on behalf of tenant with ID: xxx
Caused by: com.sap.security.iag.provisioning.ProvisioningException: Can not read entities from source system: 'xxx'
Caused by: com.sap.cloud.ips.connectors.api.ConnectorException: HTTP operation failed invoking <url> with statusCode: 403

or 

error=org.apache.camel.http.common.HttpOperationFailedException: HTTP operation failed invoking https://<tenant ID> .accounts.ondemand.com/service/scim/Users/<Administrator User ID>with statusCode: 403, Response: ,

• In the Identity Authentication source or target system, the property "Authentication" is set with value "BasicAuthentication".
  If the property "Authentication" is set with value "ClientCertificateAuthentication", then see KBA 3358820 - IPS job fails with HTTP code 403 when provisioning from/to an Identity Authentication tenant due to wrong certificate mapping.

• Identity Provisioning
• Identity Authentication

ips, iam, ids, ias, job log, provision, sync, cannot read, 403, failed to invoke, error code, Target System returned Forbidden status, Unable to update scim user email because caller is not privileged admin , KBA , BC-IAM-IPS , Identity Provisioning Service (IPS) , BC-IAM-IDS , Identity Authentication Service , Problem