User accounts enable users to log on to SAP BTP, access subaccounts, and to use applications according to the permissions granted to them. In this context, it's important to understand the difference between the two types of users that we refer to: business users and platform users.
Business users use the applications that are deployed to SAP BTP. For example, the end users of SaaS apps or services, such as SAP Build Work Zone, or end users of your custom applications are business users.
In the Cloud Foundry environment, application developers (platform users) create and deploy application-based security artifacts for business users. Administrators use these artifacts to assign roles, build role collections, and then assign those role collections to business users or user groups. The assignment of role collections enables administrators to control the permissions that the users have in the deployed applications.
For business users, there's a default identity provider. We expect that you have your own user base. We recommend that you configure the SAP Cloud Identity Services service as the identity provider and connect SAP Cloud Identity Services to your own corporate identity provider.
Related Information
Establish Trust and Federation with UAA Using Any SAML Identity Provider