/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- After setting the SSO configuration between SAP BTP subaccount and Microsoft Azure Active Directory / Microsoft Entra ID using SAP Cloud Identity Service as proxy, it is found that some users are able to logon without problems and others are not able to logon.
- It is found that users with problems have missing groups in SAML Assertion. When creating a SAML trace, you will find something similar to:
<Attribute Name="http://schemas.microsoft.com/claims/groups.link">
<AttributeValue>https://graph.windows.net/<..>/users/<..>/getMemberObjects</AttributeValue>
</Attribute>
Read more...
Environment
- SAP Cloud Identity Services
- SAP Business Technology Platform
Product
SAP Business Technology Platform all versions ; SAP Cloud Identity Services all versions
Keywords
groups, limit , KBA , BC-IAM-IDS , Identity Authentication Service , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)