+|
+
saml
|
@@ -186,7 +208,7 @@ No
-[saml](configuration-parameters-1830bca.md#loio1830bca1b060484e9cfabc0e62472e8e__table_nrv_sjx_jzb)
+[saml](configuration-parameters-1830bca.md#loio1830bca1b060484e9cfabc0e62472e8e__table_nrv_sjx_jzb)
|
@@ -488,6 +510,228 @@ Enables ingestion over the OpenTelemetry Protocol. Defaults to `false`. For more
+
+
+## Configuration Parameters for `oidc`
+
+Configuration options for OIDC Integration. For more information refer to [OIDC Integration](integrate-sap-cloud-identity-services-oidc.md).
+
+
+
+
+|
+
+Name
+
+ |
+
+
+Required
+
+ |
+
+
+Type
+
+ |
+
+
+Description
+
+ |
+
+
+|
+
+enabled
+
+ |
+
+
+Yes
+
+ |
+
+
+Boolean
+
+ |
+
+
+Set to `true` to enable OpenID Connect authentication.
+
+ |
+
+
+|
+
+admin\_group
+
+ |
+
+
+Required
+
+ |
+
+
+String
+
+ |
+
+
+The OpenID group that you want to grant administrative access to. It will have permissions to modify the security module. Required if *enabled* is set to `true`.
+
+ |
+
+
+|
+
+roles\_key
+
+ |
+
+
+Required
+
+ |
+
+
+String
+
+ |
+
+
+The key in the JSON payload that stores the user's roles. The value of this key must be a comma-separated list of roles. For example: `groups` or `roles`. Required if *enabled* is set to `true`.
+
+[OpenSearch docs: Configure OpenID Connect integration](https://opensearch.org/docs/latest/security/authentication-backends/openid-connect/)
+
+ |
+
+
+|
+
+subject\_key
+
+ |
+
+
+Required
+
+ |
+
+
+String
+
+ |
+
+
+The key in the JSON payload that stores the user's name. For example: `email` or `last_name`. Required if *enabled* is set to `true`.
+
+[OpenSearch docs: Configure OpenID Connect integration](https://opensearch.org/docs/latest/security/authentication-backends/openid-connect/)
+
+ |
+
+
+|
+
+openid\_connect\_url
+
+ |
+
+
+Required
+
+ |
+
+
+URL
+
+ |
+
+
+The URL of your IdP where the security plugin can find the OpenID Connect metadata/configuration settings. Usually ends in `/.well-known/openid-configuration`. Required if *enabled* is set to `true`.
+
+[OpenSearch docs: OpenID Connect URL](https://opensearch.org/docs/latest/security/authentication-backends/openid-connect/)
+
+ |
+
+
+|
+
+openid\_client\_id
+
+ |
+
+
+Required
+
+ |
+
+
+String
+
+ |
+
+
+The ID of the OpenID Connect client configured in your IdP. Required if *enabled* is set to `true`.
+
+[OpenSearch docs: OpenID Connect Configuration](https://opensearch.org/docs/latest/security/authentication-backends/openid-connect/)
+
+ |
+
+
+|
+
+openid\_client\_secret
+
+ |
+
+
+Required
+
+ |
+
+
+String
+
+ |
+
+
+The client secret of the OpenID Connect client configured in your IdP. Required if *enabled* is set to `true`.
+
+[OpenSearch docs: OpenID Connect Configuration](https://opensearch.org/docs/latest/security/authentication-backends/openid-connect/)
+
+ |
+
+
+|
+
+openid\_scopes
+
+ |
+
+
+Required
+
+ |
+
+
+String
+
+ |
+
+
+The scope of the identity token issued by the IdP. Space-separated string list if more than one. For example: `"openid"`. Required if *enabled* is set to `true`.
+
+[OpenSearch docs: OpenID Connect Configuration](https://opensearch.org/docs/latest/security/authentication-backends/openid-connect/)
+
+ |
+
+
+
+
+
## Configuration Parameters for `saml`
diff --git a/docs/integrate-sap-cloud-identity-services-oidc.md b/docs/integrate-sap-cloud-identity-services-oidc.md
new file mode 100644
index 0000000..3b96bbf
--- /dev/null
+++ b/docs/integrate-sap-cloud-identity-services-oidc.md
@@ -0,0 +1,125 @@
+# Integrate SAP Cloud Identity Services - Identity Authentication OpenID Connect with SAP Cloud Logging
+
+> ## Caution:
+> Ensure that you consider [SAP BTP Security Recommendation BTP-CLS-0001](https://help.sap.com/docs/btp/sap-btp-security-recommendations-c8a9bb59fe624f0981efa0eff2497d7d/sap-btp-security-recommendations?seclist-index=BTP-CLS-0001&version=Cloud).
+
+This explains how to integrate with SAP Cloud Identity Services - Identity Authentication OpenID Connect. It results in changes in the Identity Authentication tenant and a corresponding OIDC configuration to be used for creating or updating SAP Cloud Logging instances. Access to the Identity Authentication administration console as an administrator is a prerequisite.
+
+> ## Note:
+> We recommend you integrate with Identity Authentication. You can also integrate with other OIDC providers, but there will be no support or documentation.
+
+> ## Note:
+> You can reuse the resulting OIDC configuration for multiple instances of SAP Cloud Logging.
+
+
+
+## Obtain OpenID Connect IdP Information
+
+Obtain OpenID Connect Identity Provider \(IdP\) Information based on the [Identity Authentication guide](https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/create-openid-connect-application). Use the console URL to access the tenant’s administration console for the Identity Authentication service. The URL has a `https://.accounts.ondemand.com/admin` pattern.
+
+- Note down the `openid_connect_url` information as `https://.accounts.ondemand.com/.well-known/openid-configuration`
+
+
+
+## Create an OpenID Connect application
+
+Create an OpenID Connect application in your Identity Authentication account based on the [Identity Authentication guide](https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/create-openid-connect-application). Create OpenID client secrets based on the [Configuration Guide](https://help.sap.com/docs/cloud-identity-services/cloud-identity-services/auth-configure-secrets-for-api-authentication)
+
+
+
+## Configure the OpenID Connect application
+
+Go to *Applications & Resources*, choose *Applications*, and select your application from the list. Then perform the following steps to configure the OpenID Connect application within Identity Authentication:
+
+1. [Configure a Self-Defined Attribute](https://help.sap.com/docs/identity-authentication/identity-authentication/user-attributes?version=Cloud) with *Name* "groups," *Source* "Identity Directory," and *Value* "All Groups."
+2. [Configure Default Name ID Format](https://help.sap.com/docs/identity-authentication/identity-authentication/configure-subject-name-identifier-sent-to-application?version=Cloud) to *Email*.
+3. Select *OpenID Connect Configuration* and *Configure Manually*.
+ - This step can only be done after an SAP Cloud Logging instance has been created and has to be repeated for each new service instance.
+ - Set `Redirect URI` to the OpenSearch Dashboards URL plus`/auth/openid/login`.
+ - Set `Single Logout Endpoint`: Set binding to HTTP\_REDIRECT and the URL must be the OpenSearch Dashboards URL without any path.
+ - To store the configuration, click *Save* .
+
+
+
+
+
+## Create a Group and Assign Users
+
+- [Create a group](https://help.sap.com/docs/identity-authentication/identity-authentication/create-new-user-group) that you intend to use for administrative access to SAP Cloud Logging instances and provide the name of this group as the input value for `admin_group` during the OIDC configuration. This group gets administrative access in OpenSearch. It has permission to modify the security module.
+
+ > ## Note:
+ > The login procedure forwards Identity Authentication group names to OpenSearch as backend roles. Backend roles can map to OpenSearch roles that grant permissions to the users assigned to the respective Identity Authentication groups. The configuration parameter `admin_group` is mapped automatically to the "all\_access" role
+
+- [Add users to the group](https://help.sap.com/docs/identity-authentication/identity-authentication/add-users-to-group) who should have admin access. Users can be added or removed at any time.
+
+
+
+## Compose OIDC Configuration Parameters
+
+Compose OIDC configuration parameters to be used for service instance creation or updates:
+
+
+
+
+|
+
+OIDC Configuration Template
+
+ |
+
+
+Parameterization
+
+ |
+
+
+|
+
+```
+"oidc": {
+ "enabled": true,
+ "roles_key": "groups",
+ "admin_group": "MY_ADMIN_ROLE",
+ "subject_key": "mail",
+ "openid_connect_url": "https://MY-OPENID-CONNECT-URL/.well-known/openid-configuration",
+ "openid_scopes": "openid",
+ "openid_client_id": "MY-CLIENT-ID",
+ "openid_client_secret": "MY-CLIENT-SECRET"
+ }
+
+```
+
+
+
+ |
+
+
+Set IdP information `openid_connect_url` \(for example: `https://myaccount.accounts.ondemand.com/.well-known/openid-configuration`\).
+
+ |
+
+
+|
+
+Set `openid_client_id` and `openid_client_secret` from the Create an OpenID Connect application step.
+
+ |
+
+
+|
+
+Set `admin_group` to the name of the group created in the Create a Group and Assign Users step.
+
+ |
+
+
+|
+
+Optionally, set `openid_scopes` as a space-separated string list if more than one scope is required \(e.g.: `"openid profile address"`\).
+
+ |
+
+
+
+See [Configuring Applications](https://help.sap.com/docs/identity-authentication/identity-authentication/configuring-applications) in Identity Authentication Service.
+
diff --git a/docs/integrate-sap-cloud-identity-services-saml.md b/docs/integrate-sap-cloud-identity-services-saml.md
new file mode 100644
index 0000000..d6a44a5
--- /dev/null
+++ b/docs/integrate-sap-cloud-identity-services-saml.md
@@ -0,0 +1,157 @@
+# Integrate SAP Cloud Identity Services - Identity Authentication SAML 2.0 with SAP Cloud Logging
+
+> ## Caution:
+> Ensure that you consider [SAP BTP Security Recommendation BTP-CLS-0001](https://help.sap.com/docs/btp/sap-btp-security-recommendations-c8a9bb59fe624f0981efa0eff2497d7d/sap-btp-security-recommendations?seclist-index=BTP-CLS-0001&version=Cloud).
+
+This explains how to integrate with SAP Cloud Identity Services - Identity Authentication SAML 2.0. It results in changes in the Identity Authentication tenant and a corresponding SAML configuration to be used for creating or updating SAP Cloud Logging instances. Access to the Identity Authentication administration console as an administrator is a prerequisite.
+
+> ## Note:
+> We recommend you integrate with Identity Authentication. You can also integrate with other SAML providers, but there will be no support or documentation.
+
+> ## Note:
+> You can reuse the resulting SAML configuration for multiple instances of SAP Cloud Logging.
+
+
+
+## Obtain SAML 2.0 IdP Information
+
+Obtain SAML 2.0 Identity Provider \(IdP\) Information based on the [Identity Authentication guide](https://help.sap.com/docs/identity-authentication/identity-authentication/tenant-saml-2-0-configuration). Use the console URL to access the tenant’s administration console for the Identity Authentication service. The URL has a `https://.accounts.ondemand.com/admin` pattern.
+
+- Note down the `idp.metadata_url` information as `https://.accounts.ondemand.com/saml2/metadata`
+- Note down the `idp.entity_id`. Open the metadata URL in your browser and copy the full value of the entityID field, which is located in the first line of the response.
+
+
+
+## Create a SAML 2.0 application
+
+Create a SAML 2.0 application in your Identity Authentication account based on the [Identity Authentication guide](https://help.sap.com/docs/identity-authentication/identity-authentication/create-saml-2-0-application). The `sp.entity_id` value refers to the "Entity ID" header field in the SAML 2.0 Configuration tab of the SAML 2.0 application.
+
+
+
+## Configure the SAML 2.0 application
+
+Go to *Applications & Resources*, choose *Applications*, and select your application from the list. Then perform the following steps to configure the SAML 2.0 application within Identity Authentication:
+
+1. [Configure a Self-Defined Attribute](https://help.sap.com/docs/identity-authentication/identity-authentication/user-attributes?version=Cloud) with *Name* "groups," *Source* "Identity Directory," and *Value* "All Groups."
+2. [Configure Default Name ID Format](https://help.sap.com/docs/identity-authentication/identity-authentication/configure-subject-name-identifier-sent-to-application?version=Cloud) to *Email*.
+3. Select *SAML 2.0 Configuration* and *Configure Manually*.
+ - Set the name with value of the `sp.entity_id` from the Create a SAML 2.0 application step.
+ - Continue with one of the following options. **OPTION 1** is recommended, as it removes the need to specify the IdP SAML application's assertion/logout URL.
+ - **OPTION 1:** Enable request signing.
+ - Create a new signing certificate and private key in PKCS8 format.
+
+ ```
+ # generate a certificate and a private key in PKCS8 format with a reasonable validity
+ openssl req -x509 -newkey rsa:2048 -keyout private.key -out cert.pem -nodes -days
+ # add a password (encrypted)
+ openssl pkcs8 -topk8 -v1 PBE-SHA1-3DES -in private.key -out private_pkcs8.key
+ # encode key to base64 format
+ printf "%s" "$(< private_pkcs8.key)" | base64
+
+ ```
+
+ - Enable request signing in Identity Authentication by setting *Require signed authentication requests* to *ON*, going to the *Signing Certificate* section, clicking *Add*, and uploading the certificate.
+ - Make sure to provide a signing key to the `sp.signature_private_key` field and set the sp.signature\_private\_key\_password field if the signing key is encrypted. The signing certificate in your Identity Authentication SAML 2.0 application can expire, and Identity Authentication rejects login attempts with the error message, "The digital signature of the received SAML2 message is invalid."
+
+ - **OPTION 2:** ⚠️ This step can only be done after an SAP Cloud Logging instance has been created and has to be repeated for each new service instance.
+ - Set `Assertion Consumer Service Endpoint` to the OpenSearch Dashboards URL plus`/_opendistro/_security/saml/acs`.
+ - Set `Single Logout Endpoint`: Set binding to HTTP\_REDIRECT and the URL must be the OpenSearch Dashboards URL without any path.
+ - To store the configuration, click *Save* .
+
+
+
+
+
+## Create a Group and Assign Users
+
+- [Create a group](https://help.sap.com/docs/identity-authentication/identity-authentication/create-new-user-group) that you intend to use for administrative access to SAP Cloud Logging instances and provide the name of this group as the input value for `admin_group` during the SAML configuration. This group gets administrative access in OpenSearch. It has permission to modify the security module.
+
+ > ## Note:
+ > The login procedure forwards Identity Authentication group names to OpenSearch as backend roles. Backend roles can map to OpenSearch roles that grant permissions to the users assigned to the respective Identity Authentication groups. The configuration parameter `admin_group` is mapped automatically to the "all\_access" role
+
+- [Add users to the group](https://help.sap.com/docs/identity-authentication/identity-authentication/add-users-to-group) who should have admin access. Users can be added or removed at any time.
+
+
+
+## Compose SAML Configuration Parameters
+
+Compose SAML configuration parameters to be used for service instance creation or updates:
+
+
+
+
+|
+
+SAML Configuration Template
+
+ |
+
+
+Parameterization
+
+ |
+
+
+|
+
+```
+"saml": {
+ "enabled": true,
+ "initiated": true,
+ "idp": {
+ "metadata_url": "",
+ "entity_id": ""
+ },
+ "admin_group": "",
+ "roles_key": "groups",
+ "sp": {
+ "entity_id": "",
+ "signature_private_key": "",
+ "signature_private_key_password": ""
+ }
+ }
+
+```
+
+
+
+ |
+
+
+Set IdP information `idp.metadata_url` \(for example: `https://myaccount.accounts.ondemand.com/saml2/metadata`\) and `idp.entity_id` \(for example: `https://myaccount.accounts.ondemand.com`\) from Obtain SAML 2.0 IdP Information step.
+
+ |
+
+
+|
+
+Set `sp.entity_id` from Create the SAML 2.0 application step \(Do not confuse with `idp.entity_id`\)
+
+ |
+
+
+|
+
+Set `admin_group` from Create a Group and Assign Users step.
+
+ |
+
+
+|
+
+Set `sp.signature_private_key` and `sp.signature_private_key_password` if you selected OPTION 1 in the Configure SAML 2.0 application step.
+The sp.entity_id value refers to the "Entity ID" header field in the SAML 2.0 Configuration tab of the SAML 2.0 application
+
+ |
+
+
+|
+
+Set `sp.entity_id` value according to the "Entity ID" header field in the SAML 2.0 Configuration tab of the SAML 2.0 application
+
+ |
+
+
+
+See [Configuring Applications](https://help.sap.com/docs/identity-authentication/identity-authentication/configuring-applications) in Identity Authentication Service.
+
diff --git a/docs/prerequisites-41d8559.md b/docs/prerequisites-41d8559.md
index 29d93f8..f5b7768 100644
--- a/docs/prerequisites-41d8559.md
+++ b/docs/prerequisites-41d8559.md
@@ -2,7 +2,7 @@
# Prerequisites
-To create instances of SAP Cloud Logging, you must configure entitlements for SAP Cloud Logging, and integrate SAP Cloud Identity Services - Identity Authentication SAML 2.0 with SAP Cloud Logging.
+To create instances of SAP Cloud Logging, you must configure entitlements for SAP Cloud Logging, and set up an Identity Provider (IdP) for Single Sign-On (SSO) using either SAP Cloud Identity Services - Identity Authentication SAML 2.0 or OpenID Connect.
@@ -22,160 +22,11 @@ Once you have these three prerequisites, the service is available in the Service
-## Integrate SAP Cloud Identity Services - Identity Authentication SAML 2.0 with SAP Cloud Logging
+## Set Up an Identity Provider for Single Sign-On
-> ### Caution:
-> Ensure that you consider the [SAP BTP Security Recommendation BTP-CLS-0001](https://help.sap.com/docs/btp/sap-btp-security-recommendations-c8a9bb59fe624f0981efa0eff2497d7d/sap-btp-security-recommendations?seclist-index=BTP-CLS-0001&version=Cloud).
+To enable users to access SAP Cloud Logging securely, you must configure an Identity Provider (IdP) for Single Sign-On (SSO). This allows centralized user authentication and authorization through your enterprise identity management system.
-This explains how to integrate with SAP Cloud Identity Services - Identity Authentication SAML 2.0. It results in changes in the Identity Authentication tenant and a corresponding SAML configuration to be used for creating or updating SAP Cloud Logging instances. Access to the Identity Authentication administration console as an administrator is a prerequisite.
-
-> ### Note:
-> We recommend you integrate with Identity Authentication. You can also integrate with other SAML providers, but there will be no support or documentation.
-
-> ### Note:
-> You can reuse the resulting SAML configuration for multiple instances of SAP Cloud Logging.
-
-
-
-### Obtain SAML 2.0 IdP Information
-
-Obtain SAML 2.0 Identity Provider \(IdP\) Information based on the [Identity Authorization guide](https://help.sap.com/docs/identity-authentication/identity-authentication/tenant-saml-2-0-configuration). Use the console URL to access the tenant’s administration console for the Identity Authentication service. The URL has a `https://.accounts.ondemand.com/admin` pattern.
-
-- Note down the `idp.metadata_url` information as `https://.accounts.ondemand.com/saml2/metadata`
-- Note down the `idp.entity_id`. Open the metadata URL in your browser and copy the full value of the entityID field, which is located in the first line of the response.
-
-
-
-### Create a SAML 2.0 application
-
-Create a SAML 2.0 application in your Identity Authentication account based on the [Identity Authorization guide](https://help.sap.com/docs/identity-authentication/identity-authentication/create-saml-2-0-application). The `sp.entity_id` value refers to the "Entity ID" header field in the SAML 2.0 Configuration tab of the SAML 2.0 application.
-
-
-
-### Configure the SAML 2.0 application
-
-Go to *Applications & Resources*, choose *Applications*, and select your application from the list. Then perform the following steps to configure the SAML 2.0 application within Identity Authentication:
-
-1. [Configure a Self-Defined Attribute](https://help.sap.com/docs/identity-authentication/identity-authentication/user-attributes?version=Cloud) with *Name* "groups," *Source* "Identity Directory," and *Value* "All Groups."
-2. [Configure Default Name ID Format](https://help.sap.com/docs/identity-authentication/identity-authentication/configure-subject-name-identifier-sent-to-application?version=Cloud) to *E-mail*.
-3. Select *SAML 2.0 Configuration* and *Configure Manually*.
- - Set the name with value of the `sp.entity_id` from the Create a SAML 2.0 application step.
- - Continue with one of the following options. **OPTION 1** is recommended, as it removes the need to specify the IdP SAML application's assertion/logout URL.
- - **OPTION 1:** Enable request signing.
- - Create a new signing certificate and private key in PKCS8 format.
-
- ```
- # generate a certificate and a private key in PKCS8 format with a reasonable validity
- openssl req -x509 -newkey rsa:2048 -keyout private.key -out cert.pem -nodes -days
- # add a password (encrypted)
- openssl pkcs8 -topk8 -v1 PBE-SHA1-3DES -in private.key -out private_pkcs8.key
- # encode key to base64 format
- printf "%s" "$(< private_pkcs8.key)" | base64
-
- ```
-
- - Enable request signing in Identity Authentication by setting *Require signed authentication requests* to *ON*, going to the *Signing Certificate* section, clicking *Add*, and uploading the certificate.
- - Make sure to provide a signing key to the `sp.signature_private_key` field and set the sp.signature\_private\_key\_password field if the signing key is encrypted. The signing certificate in your Identity Authentication SAML 2.0 application can expire, and Identity Authentication rejects login attempts with the error message, "The digital signature of the received SAML2 message is invalid."
-
- - **OPTION 2:** ⚠️ This step can only be done after an SAP Cloud Logging instance has been created and has to be repeated for each new service instance.
- - Set `Assertion Consumer Service Endpoint` to the OpenSearch Dashboards URL plus`/_opendistro/_security/saml/acs`.
- - Set `Single Logout Endpoint`: Set binding to HTTP\_REDIRECT and the URL must be the OpenSearch Dashboards URL without any path.
- - To store the configuration, click *Save* .
-
-
-
-
-
-### Create a Group and Assign Users
-
-- [Create a group](https://help.sap.com/docs/identity-authentication/identity-authentication/create-new-user-group) that you intend to use for administrative access to SAP Cloud Logging instances and provide the name of this group as the input value for `admin_group` during the SAML configuration. This group gets administrative access in OpenSearch. It has permission to modify the security module.
-
- > ### Note:
- > The login procedure forwards Identity Authentication group names to OpenSearch as backend roles. Backend roles can map to OpenSearch roles that grant permissions to the users assigned to the respective Identity Authentication groups. The configuration parameter `admin_group` is mapped automatically to the "all\_access" role
-
-- [Add users to the group](https://help.sap.com/docs/identity-authentication/identity-authentication/add-users-to-group) who should have admin access. Users can be added or removed at any time.
-
-
-
-### Compose SAML Configuration Parameters
-
-Compose SAML configuration parameters to be used for service instance creation or updates:
-
-
-
-
-|
-
-SAML Configuration Template
-
- |
-
-
-Parameterization
-
- |
-
-
-|
-
-```
-"saml": {
- "enabled": true,
- "initiated": true,
- "idp": {
- "metadata_url": "",
- "entity_id": ""
- },
- "admin_group": "",
- "roles_key": "groups",
- "sp": {
- "entity_id": "",
- "signature_private_key": "",
- "signature_private_key_password": ""
- }
- }
-
-```
-
-
-
- |
-
-
-Set IdP information `idp.metadata_url` \(e.g.: `https://myaccount.accounts.ondemand.com/saml2/metadata`\) and `idp.entity_id` \(e.g. `https://myaccount.accounts.ondemand.com`\) from Obtain SAML 2.0 IdP Information step.
-
- |
-
-
-|
-
-Set `sp.entity_id` from Create a SAML 2.0 application step \(Do not confuse with `idp.entity_id`\)
-
- |
-
-
-|
-
-Set `admin_group` from Configure a SAML 2.0 application step.
-
- |
-
-
-|
-
-Set `sp.signature_private_key` and `sp.signature_private_key_password` if you selected OPTION 1 in the Configure SAML 2.0 application step.
-The sp.entity_id value refers to the "Entity ID" header field in the SAML 2.0 Configuration tab of the SAML 2.0 application
-
- |
-
-
-|
-
-Set `sp.entity_id` value according to the "Entity ID" header field in the SAML 2.0 Configuration tab of the SAML 2.0 application
-
- |
-
-
-
-See [Configuring Applications](https://help.sap.com/docs/identity-authentication/identity-authentication/configuring-applications) in Identity Authentication Service.
+We recommend using SAP Cloud Identity Services - Identity Authentication as your IdP. Choose one of the following authentication protocols to integrate with your SAP Cloud Logging instances:
+- [SAML 2.0](integrate-sap-cloud-identity-services-saml.md) — Configure SAML 2.0 authentication to establish a corresponding SAML configuration for your SAP Cloud Logging instances.
+- [OpenID Connect](integrate-sap-cloud-identity-services-oidc.md) — Configure OpenID Connect authentication to establish a corresponding OIDC configuration for your SAP Cloud Logging instances.
\ No newline at end of file
|