Welcome to Fundamentals of Designing Access Controls and Authentication Flows in SAP BTP Cloud Foundry Presented by nullFaktor

This online classroom training brings SAP Administrators together with Identity & Access Management experts. We teach you to teach them how to effectively design access controls and implement authentication features aligned with business demands and security objectives for SAP BTP Cloud Foundry Apps. In two half-day sessions your organization will gain the competencies needed to reduce access risk. Live, SAP security experts will show you how to manage access to your Cloud Foundry App and SAP back-end systems by working with SAP AppRouter configuration, using the SAP Identity Authentication Service (IAS), integrate external identity provider services and different authentication protocols. This training is hands-on and interactive. Packed with useful exercises, demonstrations, and question rounds to help you recall and apply what you’ve learned.

A Taste of What You Will Learn:

  • You will learn the security traits of SAP BTP, its associated threats, as well as, which protective measures to put in place for your organization.
  • Take a journey through the different authentication and authorization protocols such as SAML and OAuth available in SAP BTP and learn about their unique traits for your use cases.
  • Learn how you can integrate and use different authentication and identity providers with SAP BTP and what options you can leverage for risk-based access scenarios.
  • Gain practical experience on how to test and troubleshoot authentication and access control configurations, including client-side analysis and interpretation of traces to verify access by the principle of least privilege and to fix errors timely.
  • Find out how you can forward app user identities to an SAP backend system using principal propagation with SAP Cloud Connector as a common integration scenario for processing transactions from SAP BTP to your SAP core applications.
  • Reduce access risk of your SAP BTP and set up secure authentication in scenarios with federated identities and hybrid scenarios connecting to SAP ERP systems.

Course Information

  • Number of Modules: 10
  • Duration: 2 half-days, 12 hours total (9:30 - 15:30 CET, 1 hour lunch break included)
  • Class Size: 7-14 participants per class
  • Investment: 1,000 EUR per person taxes excluded
  • Software Version: Unrestricted
  • Instructor: Raschin Tavakoli, Alexander Meier
  • Security Skill Matrix: IYPT-PA learn more here

Modules Covered in Online Class

  1. Fundamental Threats to PaaS Cloud Applications
  2. Overview of Protective Capabilities in Cloud Foundry on SAP Business Technology Platform
  3. Overview of SAP BTP Authentication and Authorisation protocols
  4. Introduction to Hybrid Environment Authentication Scenarios SAP BTP
  5. Introduction to SAP BTP Identity Authentication Service
  6. Introduction to the SAP BTP Identity & Authentication Provider Integration Options
  7. Fundamentals of managing federated identities
  8. Overview of the SAP BTP Authorisation Concept
  9. Introduction of managing SAP BTP Authorisations
  10. Fundamentals of Testing SAP BTP Authorisations

*NO MONKEY SAP Security training content is referenced to existing standards for application security such as OWASP, NIST, and SAP recommendations.

Who’s a Good Fit

SAP Operations

  • SAP Business Technology Platform Developer
  • SAP Business Technology Platform Administrators


Cloud Identity and Access Management Consultants
IT Security Auditors

NIST/NICE Cybersecurity Workforce Framework Work Roles

  • SAP Security Control Assessor (SP-RSK-002)
  • SAP Information System Security Developer (SP-SYS-001)

Who Else Might Be A Good Fit

If you have a traditional SAP ABAP© system user administration and authorization background and you need to translate your experience to SAP Cloud Foundry and enhance your capability to manage identities and access in cloud and hybrid scenarios.



  • The general properties of the HTTP protocol
  • The meaning of the fundamental terms of identity and access management including identity, subject, object and
  • The fundamental principles like need-to-know, least privilege, privilege bracketing and concepts of access management like Biba, Clark-Wilson, Bella-Padula, Chinese Wall
  • The general approaches of information security classification by the CIA triad


  • The fundamental concepts of Cloud Foundry applications
  • The general usage scenarios and concepts of the SAP BTP
  • The general concepts and tools to design application access in SAP BTP
  • Basic knowledge on the SAP Business Technology Platform


  • Navigate the SAP BTP administration interface
  • Describe the concept of principal propagation
  • Use command line tools by applying POSIX syntax and read simple BASH or Windows command scripts

Practice Environment Tools

For BTP courses you will get access to an SAP BTP account administration console provided by us. This require an SAP support user ID to be related to your email address (see here). and a lab environment consisting of and Identity Provider, SAP Cloud Connector and S/4HANA© system.

In addition you will need:

Reach out to us to book a training for you or your team!

Send us a message

Read Our Customer Success Story

"Let me first say that I had some previous contact with other SAP-related trainings, but this one was by far the best. One can clearly see that you are a knowledgeable trainer with a wide array of expertise, willing to sidetrack interesting topics as they arrive."

Alexander MeierTeam Lead SAP Security Services at SEC Consult

Read the Customer Success Story

Security is Culture!