Default Identity Provider
SAP Business Technology Platform (BTP) is formerly known as Cloud Platform (CP).
In the majority of cases, the default platform identity provider and application identity provider of SAP Cloud Platform is SAP ID service, which is owned by SAP.
For BTP@Alibaba Cloud, the default identity provider is another tenant of SAP Identity Authentication Service (IAS) dedicated for BTP@Alibaba Cloud, which is owned by CDC.
In case readers got any confusion that why BTP@Alibaba Cloud needs a seperate IAS tenant, furthermore, why we should let it to be owned by a third-party company. The reason behind is complex. In a nutshell, the main purpose is to meet compliance in China. Any data center in China should be operated by a wholly china-owned company. In this case, SAP choosed CDC as its partner to join this program.
The specific difference in default identity provider is listed as below:
For more information on accounts at all IaaS Providers or Regions, please visit this page:
Activate TOTP Two-Factor Authentication on BTP@Alibaba Cloud
To log on to platform and applications that require time-based one-time password (TOTP) as two-factor authentication, first you have to activate a mobile device that will generate TOTP passcodes.
SAP Authenticator runs on both iOS and Android mobile operating systems.
Step 1: Download App
Download the SAP Authenticator App from Playstore/Appstore to your smartphone.
You can also use other third-party authenticators such as Google Authenticator or Microsoft Authenticator. For more information about how to install and configure authenticators other than SAP Authenticator see their documentation.
Step 2: Init App
Open the app and click on
Start Setup. You will be prompted to setup initial password. This password will be used while opening the app every time. Add Password and click on Tick button at top right corner.
Step 3: Add an Account
Add Account button or tap
Add icon from menu. In next screen, check on
Scan QR Code button.
Step 4: Get QR Code
Access the profile page of the IAS tenant, press the
Activate button under the
Two-Factor Authentication section.
The profile page of a IAS tenant is:
Step 5: Set the Account
- Use the scanner in your mobile device (Step 3) to scan the QR Code (Step 4).
Doneon your mobile device.
- Enter the passcode generated by the SAP Authenticator app into the
Passcodefield provided on the IAS profile page as below.
- Press Activate.
The setup of SAP Authenticator and adding accounts is a one-time activity, Once you have added the IDP to the authenticator, you can use the passcode generated for all authentications where a passcode for the respective IDP is required.
Activate TOTP Two-Factor Authentication on BTP@Alibaba Cloud without Mobile Device
Windows also provides a PC version for you to add TFA. It can be used by people without mobile devices or those who do not want to install “work stuff” on their personal phones.
In Windows laptop, you can download and install
SAP Authenticator windows version from Microsoft Store:
Now you can log on to applications that require passcode as an additional security for authentication.
Activate a Device for TOTP Two-Factor Authentication (Help Portal):