If trust is configured between your global account and a custom identity provider, you need to use the --idp parameter to log in through this identity provider. As value, you provide its tenant ID. To retrieve the required value, you can use btp list security/trust and check the Tenant column. Or you can use the Global Account view of the cockpit under Security → Trust Configuration → Custom Platform Identity Providers and use the value from the BTP CLI column.
To work with users from a custom identity provider, you need to specify the
--of-idpparameter by providing the origin key of the custom identity provider. This is applicable to the following commands:btp list security/user,btp get security/user,btp delete security/user,btp assign security/role-collection,btp unassign security/role-collection, and you find this origin key in the cockpit under Security.
To learn how to configure trust to a custom identity provider, see Establish Trust and Federation of Custom Identity Providers for Platform Users [Feature Set B] or the command help of btp create security/trust.
Keep in mind that each user is allowed a maximum of 10 parallel sessions per identity provider. This number takes into account all tools, including the cockpit and CLIs.
For more information, see Restrictions When Using Custom Identity Providers for Platform Users [Feature Set B].
-
To make use of single sign-on, log in with:
btp login --sso --idp <TENANT> -
To provide user and password on the command line, log in with:
btp login --idp <TENANT>You will be promped for all required login information.
Related Information
Establish Trust and Federation of Custom Identity Providers for Platform Users [Feature Set B]