Learn to Catch Security Vulnerabilities on the SAP Business Technology Platform (BTP)
Before They Go Live!

Live Online Training
Fundamentals of Designing Access Controls & Authentication Flows in SAP BTP Cloud Foundry presented by nullFaktor  

This Live Online Training brings SAP Administrators together with Identity & Access Management experts. We teach you to teach them how to effectively design access controls and implement authentication features aligned with business demands and security objectives for SAP BTP Cloud Foundry Apps. In two half-day sessions your organization will gain the competencies needed to reduce access risk. Live, SAP security experts will show you how to manage access to your Cloud Foundry App and SAP back-end systems by working with SAP AppRouter configuration, using the SAP Identity Authentication Service (IAS), integrate external identity provider services and different authentication protocols. This training is hands-on and interactive. Packed with useful exercises, demonstrations, and question rounds to help you recall and apply what you’ve learned.

12 hours


Maximum 14 Learners

Language Options

English or German


 Certificate Upon Completion


€ 1,000
per learner

Who’s a Good Fit

 SAP Business Technology Platform Developer
 SAP Business Technology Platform Administrators
 Cloud Identity and Access Management Consultants
IT Security Auditors

A Taste of What You Will Learn:

  • You will learn the security traits of SAP BTP, its associated threats, as well as, which protective measures to put in place for your organization
  • Take a journey through the different authentication and authorization protocols such as SAML and OAuth available in SAP BTP and learn about their unique traits for your use cases
  • Learn how you can integrate and use different authentication and identity providers with SAP BTP and what options you can leverage for risk-based access scenarios
  • Gain practical experience on how to test and troubleshoot authentication and access control configurations, including client-side analysis and interpretation of traces to verify access by the principle of least privilege and to fix errors timely
  • Find out how you can forward app user identities to an SAP backend system using principal propagation with SAP Cloud Connector as a common integration scenario for processing transactions from SAP BTP to your SAP core applications
  • Reduce access risk of your SAP BTP and set up secure authentication in scenarios with federated identities and hybrid scenarios connecting to SAP ERP systems

Course Information

Who's a Good Fit
Practice Environment Tools

SAP Operations

  • SAP Business Technology Platform Developer
  • SAP Business Technology Platform Administrators


  • Cloud Identity and Access Management Consultants
  • IT Security Auditors

Who Else Might Be A Good Fit

If you have a traditional SAP ABAP© system user administration and authorization  background and you need to translate your experience to SAP Cloud Foundry and enhance your capability to manage identities and access in cloud and hybrid scenarios

NIST/NICE Cybersecurity Workforce Framework Work Roles

Work Role TitleWork Role ID
SAP Security Control AssessorSP-RSK-002
SAP Information System Security DeveloperSP-SYS-001


  • The general properties of the HTTP protocol.
  • The meaning of the fundamental terms of identity and access management including identity, subject, object and
  • The fundamental principles like need-to-know, least privilege, privilege bracketing and concepts of access management like Biba, Clark-Wilson, Bella-Padula, Chinese Wall.
  • The general approaches of information security classification by the CIA triad


  • The fundamental concepts of Cloud Foundry applications
  • The general usage scenarios and concepts of the SAP BTP
  • The general concepts and tools to design application access in SAP BTP
  • Basic knowledge on the SAP Business Technology Platform


  • Navigate the SAP BTP administration interface
  • Describe the concept of principal propagation
  • Use command line tools by applying POSIX syntax and read simple BASH or Windows command scripts

SAP Security Training Overview

Number of Modules: 10
Duration: 2 half-days, 12 hours total, (9:30 - 15:30 CET)
Class size: 7-14 participants per class
Investment: €1,000 per person (excluding taxes)
Software Version: Unrestricted
Modules Covered in Training:
  • Fundamental Threats to PaaS Cloud Applications
  • Overview of Protective Capabilities in Cloud Foundry on SAP Business Technology Platform
  • Overview of SAP BTP Authentication and Authorisation protocols
  • Introduction to Hybrid Environment Authentication Scenarios SAP BTP Introduction to SAP BTP Identity Authentication Service
  • Introduction to the SAP BTP Identity & Authentication Provider Integration Options
  • Fundamentals of managing federated identities
  • Overview of the SAP BTP Authorisation Concept
  • Introduction of managing SAP BTP Authorisations
  • Fundamentals of Testing SAP BTP Authorisations
 *NO MONKEY SAP Security training content is referenced to existing standards for application security such as OWASP, NIST , and SAP recommendations.


For BTP courses you will get access to an SAP BTP account administration consol provided by us. This requires an SAP support user ID to be related to your email address, click here to find out more, as well as a lab environment consisting of an:
  • Identity Provider
  • SAP Cloud Connector
  • S/4HANA© system

In addition you will need:

  • The Cloud Foundry CLI utilities
  • A HTML5 ready browser preferably Edge, Chrome, Firefox
  • (Optional) Zoom