Feature Scope Description | PUBLIC

2022-07-27

Feature Scope Description for SAP Authorization

and Trust Management Service
© 2022 SAP SE or an SAP affiliate company. All rights reserved.

THE BEST RUN

Content

1 About This Document. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

2 SAP Authorization and Trust Management Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4

3 Service Availability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

4 Service Level Agreement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

5 Browser Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Feature Scope Description for SAP Authorization and Trust Management Service
2 PUBLIC Content
1 About This Document

Read this document for a high-level summary of the core platform features available for the SAP BTP, Cloud
Foundry, ABAP, and Kyma environments.

This document describes the features that are available in the SAP BTP, Cloud Foundry, ABAP, and Kyma
environments. The availability of some of them may depend on your license agreement with SAP.

To illustrate integration with other SAP offerings, the product documentation on SAP Help Portal might
include references to features that are not included with the SAP BTP, Cloud Foundry, ABAP, and Kyma
environments. Features that are not included in this feature scope description might require a separate license.

 Note

This document does not include any information about:

● Beta features. Beta features are described in the documentation on SAP Help Portal.
● Packages and pricing. For more information, see SAP Extension Suite - Pricing and SAP Integration
Suite - Pricing .

Feature Scope Description for SAP Authorization and Trust Management Service
About This Document PUBLIC 3
2 SAP Authorization and Trust
Management Service

The SAP Authorization and Trust Management service enables administrators to make sure that users only
have access to functions for which they are authorized. It also enables developers to request authentication
and implement authorization checks in their applications.

The SAP Authorization and Trust Management service lets you manage user authorizations and trust to
identity providers. Identity providers are the user base for applications. You can use SAP Cloud Identity
Services - Identity Authentication, a default or a custom corporate identity provider. User authorizations are
managed using technical roles at application level, which can be aggregated into business-level groups and role
collections for large-scale cloud scenarios.

Using this service, administrators can configure trust to identity providers for authentication, manage
authorization models and assign authorizations to users. Developers can request authentication and
implement authorization checks in their applications using security artifacts.

Key Features

Feature Use

Default identity provider Default identity provider with pre-configured trust

Use of external identity providers Identity providers provide business users for applications
running on SAP BTP and platform users who manage these
applications and the SAP BTP accounts. You can have differ-
ent identity providers for platform users and business users.
Account administrators manage the trust relationship with
external identity providers.

Enables developers to define application-specific roles Using the SAP Authorization and Trust Management service,
developers define standard application roles, which adminis­
trators use to assign business users.

Enables administrators to manage authorizations for users Administrators define customized application roles based on
standard roles provided by developers, aggregate them into
role collections/groups, and assign them to users.

Enables developers to manage authorizations for applica­ Using authorization models, developers enable applications
tions to communicate with other applications and services con­
sumed by these applications.

Feature Scope Description for SAP Authorization and Trust Management Service
4 PUBLIC SAP Authorization and Trust Management Service
3 Service Availability

This section describes the service availability aspects and the service restrictions.

Availability Aspect Description

Platform availability ● Latency: network latency depends on various factors, no precise information can be provided
on a general level
● Resilience: system can regain stable state after disruption
● Scalability: system responds to peaks in resource requirements
● Extensibility: system can integrate other technologies

For more information, see Service Level Agreement for SAP Cloud Services .

Regions See Pricing on Discovery Center Service Catalog ).

Infrastructures SAP BTP runs on several underlying Infrastructure-as-a-Service technologies and regions. Some
are owned by SAP and some are owned by our partner infrastructure providers, including Amazon
Web Services and Microsoft Azure.

Environments SAP BTP runs in the following environments:

● SAP BTP, Neo environment

● SAP BTP, Cloud Foundry environment

Languages The central web-based administration user interface of SAP BTP, including the SAP Authorization
and Trust Management service, is available in the following languages:

● Chinese
● English
● Japanese
● Korean

For language availability of other user interfaces refer to the respective detailed feature scope de­
scription.

The SAP BTP documentation on SAP Help Portal supports the following languages:

● Chinese
● English
● Japanese

Feature Scope Description for SAP Authorization and Trust Management Service
Service Availability PUBLIC 5
Availability Aspect Description

Accessibility SAP BTP provides accessibility support in its administration and development tools, and the cus­
tomer documentation. This includes:

● High-contrast black theme for the administration UI

● Texts and information
● UI elements via attributes and element IDs
● Orientation and navigation throughout the UI
● User interaction

Restrictions

● Some customer contracts include EU access, which means that we only use European subprocessors to
access personal data in cloud services, such as when we provide support. We currently cannot guarantee
EU access in the Cloud Foundry environment. If your contract includes EU access, we cannot move
services to the Cloud Foundry environment, without changing your contract.
● (Neo environment only) Upload limit: an application deployed on SAP BTP can be up to 1.5 GB. If the
application is packaged as a WAR file, the size of the unzipped content is taken into account.
● Service-specific restrictions are described in the respective capability section in this document or in the
linked feature scope descriptions for the separately licensed services.

 Note

Further restrictions may apply when using the product on an infrastructure hosted by a third-party
provider.

Related Information

https://www.sap.com/about/cloud-trust-center.html

Feature Scope Description for SAP Authorization and Trust Management Service
6 PUBLIC Service Availability
4 Service Level Agreement

The Service Level Agreement (SLA) is a contract between SAP and its customers that forms the basis of your
contractual relationship with SAP when referenced in specific order forms.

 Note

This Service Level Agreement covers SAP BTP service offerings that are operated by SAP. For more
information about the service level agreement for cloud service offerings operated by an SAP partner,
contact your operator.

● The order form is the ordering document to subscribe to cloud services from SAP. It defines the
commercial terms and lays out the agreement structure. The order form also incorporates several other
documents that relate to the SLA.
See Sample Order Form .
● The Service Level Agreement for Cloud Services applies to any cloud service on the SAP price list,
defining uptime, credits, update windows, and others.
See Service Level Agreement for SAP Cloud Services .
● The SAP Integration Suite and SAP Extension Suite Product Supplement overrides the Service Level
Agreement for SAP Cloud Services in case of deviations and specifies the SLA for SAP Integration Suite
and SAP Extension Suite Product Supplement in general.
For more information, see SAP Integration Suite and SAP Extension Suite Product Supplement .

Additionally, the General Terms and Conditions for SAP Cloud Services warrants the SLA and provides the
available remedy if SAP fails to meet its SLA. For more information, see General Terms and Conditions for SAP
Cloud Services .

Maintenance Windows and Major Upgrade Windows

The maintenance and major upgrade windows are defined in the Service Level Agreement for Cloud Services.
SAP may update these windows from time to time in accordance with the Agreement.

The following windows apply for the SAP Authorization and Trust Management service:

Maintenance Windows Major Upgrade Windows

MENA APJ Europe Americas Frequency MENA APJ Europe Americas

Zero down- Zero down- Zero down- Zero down- Up to 4 FRI FRI SAT
time time time time times per
year 2 pm (UTC) 10 pm 4 am (UTC)
(UTC)
(4 hrs) (4 hrs)
(4 hrs)

For the latest information, see Maintenance Windows and Major Upgrade Windows for SAP Cloud Services
and search for your service.

Feature Scope Description for SAP Authorization and Trust Management Service
Service Level Agreement PUBLIC 7
5 Browser Support

For the UI of the service, included in the web-based administration interface of SAP BTP, the following browsers
are supported on Microsoft Windows PCs and, where mentioned below, on MacOS:

Browser Versions

Google Chrome Latest version

Mozilla Firefox Extended Support Release (ESR) and latest version

Microsoft Edge (chromium-based) Latest Current Branch for Business

Safari Latest two versions (for macOS only)

Feature Scope Description for SAP Authorization and Trust Management Service
8 PUBLIC Browser Support
Important Disclaimers and Legal Information

Hyperlinks
Some links are classified by an icon and/or a mouseover text. These links provide additional information.
About the icons:

● Links with the icon : You are entering a Web site that is not hosted by SAP. By using such links, you agree (unless expressly stated otherwise in your
agreements with SAP) to this:

● The content of the linked-to site is not SAP documentation. You may not infer any product claims against SAP based on this information.
● SAP does not agree or disagree with the content on the linked-to site, nor does SAP warrant the availability and correctness. SAP shall not be liable for any
damages caused by the use of such content unless damages have been caused by SAP's gross negligence or willful misconduct.

● Links with the icon : You are leaving the documentation for that particular SAP product or service and are entering a SAP-hosted Web site. By using such
links, you agree that (unless expressly stated otherwise in your agreements with SAP) you may not infer any product claims against SAP based on this
information.

Videos Hosted on External Platforms

Some videos may point to third-party video hosting platforms. SAP cannot guarantee the future availability of videos stored on these platforms. Furthermore, any
advertisements or other content hosted on these platforms (for example, suggested videos or by navigating to other videos hosted on the same site), are not within
the control or responsibility of SAP.

Beta and Other Experimental Features

Experimental features are not part of the officially delivered scope that SAP guarantees for future releases. This means that experimental features may be changed by
SAP at any time for any reason without notice. Experimental features are not for productive use. You may not demonstrate, test, examine, evaluate or otherwise use
the experimental features in a live operating environment or with data that has not been sufficiently backed up.
The purpose of experimental features is to get feedback early on, allowing customers and partners to influence the future product accordingly. By providing your
feedback (e.g. in the SAP Community), you accept that intellectual property rights of the contributions or derivative works shall remain the exclusive property of SAP.

Example Code
Any software coding and/or code snippets are examples. They are not for productive use. The example code is only intended to better explain and visualize the syntax
and phrasing rules. SAP does not warrant the correctness and completeness of the example code. SAP shall not be liable for errors or damages caused by the use of
example code unless damages have been caused by SAP's gross negligence or willful misconduct.

Bias-Free Language
SAP supports a culture of diversity and inclusion. Whenever possible, we use unbiased language in our documentation to refer to people of all cultures, ethnicities,
genders, and abilities.

Feature Scope Description for SAP Authorization and Trust Management Service
Important Disclaimers and Legal Information PUBLIC 9
www.sap.com/contactsap

© 2022 SAP SE or an SAP affiliate company. All rights reserved.

No part of this publication may be reproduced or transmitted in any form

or for any purpose without the express permission of SAP SE or an SAP
affiliate company. The information contained herein may be changed
without prior notice.

Some software products marketed by SAP SE and its distributors

contain proprietary software components of other software vendors.
National product specifications may vary.

These materials are provided by SAP SE or an SAP affiliate company for

informational purposes only, without representation or warranty of any
kind, and SAP or its affiliated companies shall not be liable for errors or
omissions with respect to the materials. The only warranties for SAP or
SAP affiliate company products and services are those that are set forth
in the express warranty statements accompanying such products and
services, if any. Nothing herein should be construed as constituting an
additional warranty.

SAP and other SAP products and services mentioned herein as well as
their respective logos are trademarks or registered trademarks of SAP
SE (or an SAP affiliate company) in Germany and other countries. All
other product and service names mentioned are the trademarks of their
respective companies.

Please see https://www.sap.com/about/legal/trademark.html for

additional trademark information and notices.

THE BEST RUN