Learn To Catch Security Vulnerabilities On The SAP Business Technology Platform (BTP) - Before They Go Live!

Live Online Training
Fundamentals of Designing Access Controls and Authentication Flows in SAP BTP Cloud Foundry presented by nullFaktor  

This online classroom training brings SAP Administrators together with Identity & Access Management experts. We teach you to teach them how to effectively design access controls and implement authentication features aligned with business demands and security objectives for SAP BTP Cloud Foundry Apps.  In two halff-day sessions your organization will gain the competencies needed to reduce access risk. Live, SAP security experts will show you how to manage access to your Cloud Foundry App and SAP back-end systems by working with SAP AppRouter configuration, using the SAP Identity Authentication Service (IAS), integrate external identity provider services and different authentication protocols. This training is hands-on and interactive. Packed with useful exercises, demonstrations, and question rounds to help you recall and apply what you’ve learned.

12 hours

Live instructor


Maximum 14

Access and Infrastructure


 Certificate Upon Completion


1,000 € per learner

Who’s a Good Fit

 SAP Business Technology Platform Developer

 SAP Business Technology Platform Administrators

 Cloud Identity and Access Management Consultants

IT Security Auditors

A Taste of What You Will Learn:

  • You will learn the security traits of SAP BTP, its associated threats, as well as, which protective measures to put in place for your organization.
  • Take a journey through the different authentication and authorization protocols such as SAML and OAuth available in SAP BTP and learn about their unique traits for your use cases. 
  • Learn how you can integrate and use different authentication and identity providers with SAP BTP and what options you can leverage for risk-based access scenarios.
  • Gain practical experience on how to test and troubleshoot authentication and access control configurations, including client-side analysis and interpretation of traces to verify access by the principle of least privilege and to fix errors timely.
  • Find out how you can forward app user identities to an SAP backend system using principal propagation with SAP Cloud Connector as a common integration scenario for processing transactions from SAP BTP to your SAP core applications.
  • Reduce access risk of your SAP BTP and set up secure authentication in scenarios with federated identities and hybrid scenarios connecting to SAP ERP systems.

Course Information

Who's a Good Fit
Practice Environment Tools

SAP Security Training Overview

Number of Modules: 10
2 half-days, 12 hours total, (9:30 - 15:30 CET)
Class size: 7-14 participants per class
Investment: 1,000 EUR per person taxes excluded
Software Version: Unrestricted
Alexander Meier
 Raschin Tavakoli

Modules Covered in Training:
  • Fundamental Threats to PaaS Cloud Applications.
  • Overview of Protective Capabilities in Cloud Foundry on SAP Business Technology Platform.
  • Overview of SAP BTP Authentication and Authorisation protocols.
  • Introduction to Hybrid Environment Authentication Scenarios SAP BTP Introduction to SAP BTP Identity Authentication Service.
  • Introduction to the SAP BTP Identity & Authentication Provider Integration Options.
  • Fundamentals of managing federated identities.
  • Overview of the SAP BTP Authorisation Concept.
  • Introduction of managing SAP BTP Authorisations.
  • Fundamentals of Testing SAP BTP Authorisations.

 *NO MONKEY SAP Security training content is referenced to existing standards for application security such as OWASP, NIST , and SAP recommendations.

SAP Operations

  • SAP Business Technology Platform Developer

  • SAP Business Technology Platform Administrators


  • Cloud Identity and Access Management Consultants

  • IT Security Auditors

NIST/NICE Cybersecurity Workforce Framework Work Roles
Work Role Title Work Role ID
SAP Security Control Assessor SP-RSK-002
SAP Information System Security Developer SP-SYS-001

Who Else Might Be A Good Fit

  • If you have a traditional SAP ABAP© system user administration and authorization  background and you need to translate your experience to SAP Cloud Foundry and enhance your capability to manage identities and access in cloud and hybrid scenarios.


  • The general properties of the HTTP protocol.
  • The meaning of the fundamental terms of identity and access management including identity, subject, object and
  • The fundamental principles like need-to-know, least privilege, privilege bracketing and concepts of access management like Biba, Clark-Wilson, Bella-Padula, Chinese Wall.
  • The general approaches of information security classification by the CIA triad


  • The fundamental concepts of Cloud Foundry applications.
  • The general usage scenarios and concepts of the SAP BTP.
  • The general concepts and tools to design application access in SAP BTP.
  • Basic knowledge on the SAP Business Technology Platform.


  • Navigate the SAP BTP administration interface
  • Describe the concept of principal propagation
  • Use command line tools by applying POSIX syntax and read simple BASH or Windows command scripts

For BTP courses you will get access to an SAP BTP account admininstation consol provided by us. This require an SAP support user ID to be related to your email address (see https://account.sap.com/manage/accounts). and a lab environment consisting of and Identity Provider, SAP Cloud Connector and S/4HANA© system.

In addition you will need:

The Cloud Foundry CLI utilities https://docs.cloudfoundry.org/cf-cli/install-go-cli.html

A HTML5 ready browser preferably Edge, Chrome, Firefox

(Optional) Zoom