Skip to main content

Overview

  • It’s a technology component mainly focused on application security such as: user authentication & authorization with data level access.

  • It focuses on application authorization. API gateway, which is an essential part of application security, will validate all the incoming API calls either from the server or User with right privilege check before routing them to the respective microservices.

  • User authorization is key and important factor in any application security. In industry its termed as NGAC (Next Gen Access Control), which can be categorized into 3 main subgroups such as RAP (Role-based Access Provisioning) & DAP (Data-based Access Provisioning) & AAP (API based Access Provisioning).

  • Basically, IWA provide the abstract for Application solutioning team to identify the modules and features along with the data attributes that can be used to define the roles with feature level mapping and associate data level attributes.

  • While associating user to the defined role, we can also enable the data level access with mapping the data values of the identified parameters.

  • API gateway will validate all the user incoming API calls with IWA NGAC and pass on to respective applications for data level access.

  • Respective applications should then restrict the UI access based on the mapped features (RAP) and query from DB based on data values (DAP) associated to the user in that application and role context.

Key FeaturesDependent CAF ComponentSAP BTP MappingComplementing Features on SAP Services
- Authentication using Keycloak similar to IAS
- Authorization using BTP's role collection ( NGAC = RAP + DAP + AAP)
- User Management - Pulling users from IAS OR 3rd party IdPs, Excel Export / Import of Users
- User Provisioning & de-provisioning with AI
- User Features such as MFA, Lock user, User expiry, Role validity, Provisioning with Roles, Fire fighter roles etc		- IDM
- Email Notifications
- Scheduler
- Telemetry
- API Gateway
- ITM		Role collection - It can work with BTP's role collection & use IAS for User Management & group definition-