How to configure Conditional Authentication to send users to IAS instead of Entra ID

This is the case where the IAS is implemented and you have already configured a corporate authenticator like EntraID (former Azure), Okta, etc. So, for a group of employees/users you want them to use the IAS user and password, instead of the corporate one (Entra ID). Usually, this feature is enabled for a group of external employees, consultants, etc.

The typical configuration is to set the Entra ID/Azure authenticator as default and provide the “Identity Authentication” log on link to the external employees/consultants.

How to set the “Conditional authentication” in SAP IAS

Follow this steps:

1.Choose a Corporate Identity Provider as Default

2. Provide the “Identity Authentication link” to external employees/consultants.

Second Option: Create a rule to identify the users and redirect to different Identity Providers.

1. The first step is to create a group of users for the users that will be identified by the Corporate IdP.

Navigate to Home -> Applications & Recourses ->  Applications -> [ the application using Corp. IdP ] -> Conditional Authentication (the “Default Authenticating Identity Provider” is set to a Corporate IdP) 

  1. Navigate to Home -> Applications & Recourses ->  Applications -> [ the application using Corp. IdP ] -> Conditional Authentication (the “Default Authenticating Identity Provider” is set to a Corporate IdP) 
  2. In case the “Default Authenticating Identity Provider” is not Identity Authentication, set to Identity Authentication (this allows to add a new rule)
  3. Click “+ Add Rule” 
  4. Set the “Identity provider” to the desired Corporate IdP 
  5. Set “User Group” to the group created in Step 1.
  6. Click “Ok
  7. Set the “Default Authenticating Identity Provider” back to Identity Authentication
  8. Click “Save”

The result: Users who are contained in the group created in step 1 will be authenticated with the chosen Corprorate IdP, the users not contained in the group created in step 1 will be authenticated though IAS.