Table of Contents

Open all
Close all
Preface
13
The Structure of This Book
14
1 Introduction to SAP Business Technology Platform
17
1.1 Positioning
18
1.1.1 SAP Extension Suite: Developing and Extending Cloud Solutions
22
1.1.2 SAP Integration Suite: Cloud Solutions and On-Premise Systems
25
1.2 Environments
27
1.2.1 SAP BTP, Neo Environment
29
1.2.2 SAP BTP, Cloud Foundry Environment
31
1.2.3 Environment Selection
34
1.3 Architecture
35
1.3.1 Global Accounts
36
1.3.2 Subaccounts
42
1.3.3 Organizations
47
1.3.4 Spaces
49
1.4 Summary
51
2 SAP Business Technology Platform Security at a Glance
53
2.1 Secure Communication
53
2.1.1 Basics of Secure Communication
54
2.1.2 SAP Destination Service
55
2.1.3 Certificate Handling in Destinations
59
2.2 Authentication
62
2.2.1 Identity Providers for SAP BTP
63
2.2.2 Lightweight Directory Access Protocol
72
2.3 Authorizations
75
2.4 SAP Cloud Identity Services
77
2.4.1 Identity Authentication
77
2.4.2 Identity Provisioning
108
2.5 SAP Cloud Identity Access Governance
115
2.6 Checklist for General Security
116
2.7 Summary
117
3 Configuring Security and Authorizations in the Neo Environment
119
3.1 Setting Up the Command Line for SAP BTP, Neo Environment
120
3.2 User Management
123
3.3 Trust Configuration
129
3.3.1 Setting Up the Local Service Provider
130
3.3.2 Setting Up the Platform Identity Provider
131
3.3.3 Setting Up the Application Identity Provider
134
3.4 Authorization Management
139
3.4.1 Creating and Managing Roles
139
3.4.2 Creating and Managing User Groups
152
3.5 Checklist for Security and Permissions in SAP BTP, Neo Environment
155
3.6 Real-World Examples of User and Authorization Management
155
3.6.1 Two-Factor Authentication of Subaccount Admins Using the Platform Identity Provider
156
3.6.2 Authenticating SAP Web IDE Users via Microsoft Azure AD
162
3.7 Summary
175
4 Configuring Security and Authorizations in the Cloud Foundry Environment
177
4.1 Setting Up the Command Line for SAP BTP, Cloud Foundry Environment
178
4.2 User Management
181
4.3 Trust Configuration
183
4.3.1 Setting Up the SAP ID Service
184
4.3.2 Setting Up a Platform Identity Provider
184
4.3.3 Setting Up Third-Party Identity Providers
185
4.4 Authorization Management
187
4.4.1 Creating and Managing Roles
187
4.4.2 Maintaining Composite Roles
191
4.4.3 Composite Role Mapping
196
4.4.4 Reporting in the Authorization Environment
198
4.5 Checklist for Security and Permissions in SAP BTP, Cloud Foundry Environment
199
4.6 Real-World Examples of User and Permission Management
201
4.6.1 Activation and Secure Configuration of the SAP Launchpad Service
201
4.6.2 Two-Factor Authentication of Users via Microsoft Azure AD
208
4.7 Summary
218
5 Secure Cloud Connector Configuration
219
5.1 Architecture
220
5.2 Installing and Configuring the Cloud Connector
223
5.2.1 Download and Installation
223
5.2.2 Initial Configuration
225
5.2.3 Connection to SAP BTP
228
5.2.4 Further Recommendations for Secure Configuration
231
5.2.5 Monitoring
232
5.3 Authentication Methods
234
5.4 Cloud-to-On-Premise Connections
236
5.4.1 Security Precautions
236
5.4.2 Setting Up the Connection
239
5.4.3 Configuring Access Control
244
5.4.4 Enabling the SAP Connectivity Service
249
5.5 Setting Up the SAP Destination Service
251
5.5.1 Creating Destinations in SAP BTP, Neo Environment
252
5.5.2 Creating Destinations in SAP BTP, Cloud Foundry Environment
254
5.6 Checklist for Cloud Connector Configuration
255
5.7 Real-World Examples of Secure Cloud Connector Configuration
256
5.7.1 Connecting an On-Premise Git Server to SAP BTP, Neo Environment
256
5.7.2 Connecting SAP BTP, Cloud Foundry Environment to an SAP S/4HANA System
262
5.7.3 LDAP Authentication Configuration
267
5.8 Summary
269
6 Administration Tools
271
6.1 Administering SAP BTP, Neo Environment via the Command Line
271
6.2 Managing Global Accounts via the Command Line
274
6.3 Administration via APIs
276
6.3.1 SAP API Business Hub
277
6.3.2 Audit Log Retrieval via APIs
279
6.3.3 User Management via APIs
286
6.3.4 Permission Management via APIs
290
6.3.5 SAP Cloud Management Service APIs
292
6.4 Checklist for Working with the Command Line and APIs
298
6.5 Real-World Examples of Using the Command Line Securely
299
6.5.1 Using the Command Line to Configure a Custom Domain in SAP BTP, Neo Environment
299
6.5.2 Using the Command Line to Manage SAP BTP
301
6.6 Summary
304
7 Securing Key Cloud Services
305
7.1 SAP Web IDE and SAP Business Application Studio
306
7.1.1 SAP Web IDE
307
7.1.2 SAP Business Application Studio
310
7.2 Cloud Integration
313
7.2.1 Cloud Integration in SAP BTP, Neo Environment
314
7.2.2 Cloud Integration in SAP BTP, Cloud Foundry Environment
318
7.2.3 Roles and Authorizations
323
7.2.4 Security Recommendations
325
7.3 SAP Integration Suite in SAP BTP, Cloud Foundry Environment
326
7.3.1 SAP API Management
326
7.3.2 Roles and Authorizations
328
7.3.3 Securing the Provided APIs and Endpoints
329
7.4 SAP Cloud Portal Service and SAP Launchpad Service
330
7.4.1 SAP Cloud Portal Service in SAP BTP, Neo Environment
330
7.4.2 SAP Launchpad Service in SAP BTP, Cloud Foundry Environment
334
7.5 SAP BTP, ABAP Environment
335
7.5.1 User Administration
337
7.5.2 Access to External Systems
338
7.6 Corporate User Stores
338
7.7 Checklist for Securing Cloud Services
342
7.8 Summary
343
The Authors
345
Index
347