Protecting SAP CIAM B2C with Shape Security

If you are an SAP CIAM B2C customer then you are entitled to take advantage of Shape's leading automation and fraud prevention technology with a few simple steps:

Step 1 

Send an email to Someone from F5/Shape will provision the IP’s needed to complete the rest of the configuration.

Step 2

Note: SAP creates a customer specific domain / endpoint for login requests that are protected by Shape (E.G: If not already present this is a prerequisite for continuing this integration.

The SAP custom domain ( and the requests to the SAP CIAM platform are via this domain. The SAP console generates all the necessary certificates attached to this new custom domain removing any certificate dependencies. The custom domain points to a backend Gigya ORIGIN URL which has the following format ( [] )

The Shape RBA policy allows SAP customers to specify IPs and Hosts which are allowed to communicate with the SAP backend. Use the following format to configure the Shape RBA policy.

Shape RBA Policy:

 "type": "IP",
 "ranges": [
  “paste #1 from F5 response email”,
  “paste #2 from F5 response email“,
 "inclusive": true

 "type": "reject"

Once completed, SAP Customer Data cloud customers will have access to the full range of Shape Security products and service. For more information about Shape products, see

Published Sep 24, 2020
Version 1.0

Was this article helpful?

No CommentsBe the first to comment