Looply Academy
  • Getting Started
    • What is Looply?
    • Deployment Models
  • System Requirements
  • SAP Integration: ABAP Add-on & Access
  • Security & Identity - What IT Teams Need to Know
  • Authenticating Teams User Actions to Enterprise Systems
  • Signing Up & Onboarding Your Team
  • Looply Implementation Plan
  • Looply Integration Demos
  • Integrations
    • Microsoft Integration
    • SAP Integration
      • Installing the ABAP Looply Add-On
        • Gateway Service Setup - Single System
        • Gateway Service Setup - Hub scenario
      • Triggering or Resuming a Looply Workflow from SAP
      • Triggering SAP code from Looply
      • SAP Workflow Integration
      • Varo/Stelo Integration
      • SSL & IP address
      • SSO Authentication
  • App Management
    • Building Apps
    • Deploying apps to Teams App catalog
      • Looply Dashboard
      • Manual Installation
    • Installing Looply Apps
    • Uninstall/Update Looply Apps
    • Teams Admin center
  • Adaptive Cards
    • Building Adaptive Cards
      • Container Elements
      • Content Elements
      • Input Elements
      • Actions
    • Data Binding
    • Conditional Rendering
    • AI Assistant
    • Inline Functions
  • Workflows
    • Building Workflows
    • Triggering Workflows
    • Environment Variables & Profiles
    • Versioning Workflows
    • Using HTTP Requests
    • Using Functions
    • Using Conditionals
    • Using Branch Conditionals
    • Using Advanced Conditionals
    • Using Integrations
      • Adaptive Card Actions
      • SAP Requests
    • Using Redirects
    • Using Override Payload
    • Terminating Workflows
  • Data Vault
    • Variable Datastores
  • Monitoring & Logs
    • Monitoring Workflows
    • Error Notifications
  • API REFERENCE
    • Developer API Overview
    • Workflow API
    • Adaptive Card API
  • Team Management
    • Managing Organisations
    • Team Roles and Permissions
  • Resources
    • JavaScript Libraries
  • Tutorials
    • Creating MS Teams Apps
    • Designing Workflows
    • Building Adaptive Cards
    • Adaptive Cards with AI
    • Examining Workflow Executions
  • Support
    • Changelog
    • Contacting Support
Powered by GitBook
On this page
  • Azure Tenant Connection
  • SAP Workflow Authentication Model
  • Security Architecture Highlights
  • Architecture Diagrams & Compliance Packages
  • Next Step

Security & Identity - What IT Teams Need to Know

Looply is designed with enterprise-grade security, privacy, and identity management as foundational principles. This page explains how Looply handles authentication, authorization, data access, and secure integrations — specifically for IT and security professionals.

Azure Tenant Connection

Looply uses Microsoft Graph APIs to perform the following actions with organizational consent:

  • Deploy the Looply Teams app across your tenant

  • Perform directory lookups to resolve users and identities

  • Monitor and manage app installations

Required Graph API Permissions

The following permissions are requested during Azure tenant connection:

Permission Name
Purpose

openid, offline_access

Authentication and session token management

User.Read, User.ReadBasic.All

Retrieve Teams user profiles

Team.ReadBasic.All, TeamMember.Read.All

Access Teams structure and membership

AppCatalog.ReadWrite.All, AppCatalog.Submit

Deploy Looply app to your Teams environment

Presence.Read.All

Used for future real-time card logic (optional)

TeamsAppInstallation.ReadWriteForUser

Manage Teams app installations for end users

Directory.Read.All

Look up directory data to map users between Microsoft and SAP

These permissions must be approved by a Global Administrator or Privileged Role Administrator.

🔐 Looply does not store or access data outside these permissions. All access is authorized and logged.

SAP Workflow Authentication Model

When a Microsoft Teams user interacts with an approval-bound notification generated by Looply (for example, approving a Purchase Order), Looply authenticates the user's action back into SAP on their behalf.

Looply currently supports the following authentication methods for SAP workflows:

Authentication Type
Description

Basic Authentication

SAP Dialog user credentials are securely passed at runtime. Typically used in simpler or legacy SAP landscapes.

OAuth 2.0 Authorization Code Grant

Azure AD authenticated user flow exchanging OAuth tokens for SAP Gateway access.

SAML 2.0 Bearer Assertion (OBO Flow)

Microsoft Teams user identity is propagated to SAP using a SAML Assertion issued by Azure AD, exchanged for an SAP OAuth token. Supports full delegated access without credential storage.

📌 Important: This authentication approach is designed specifically for SAP ECC and S/4HANA workflows. Other systems may require different identity propagation models depending on their capabilities.


Security Architecture Highlights

  • Data Access: Looply does not store or cache SAP or Microsoft user data beyond workflow runtime. All data is processed in memory or temporarily held for workflow context.

  • Encryption: All communication between Looply, Microsoft Graph, and SAP is encrypted over HTTPS using TLS 1.2+

  • Data Isolation: Each customer tenant is logically and cryptographically isolated. Dedicated and private cloud models offer additional VPC-level isolation.

  • Role-Based Access Control (RBAC): Looply supports two roles: Admin and Developer. Admins manage Teams integration and users. Developers design workflows.

  • Audit Logging: All admin actions and workflow runs are logged for traceability.


Architecture Diagrams & Compliance Packages

Looply provides architecture reference diagrams, information security policy, security standards upon request. These are suitable for:

  • Internal IT security reviews

  • Governance or compliance assessments

  • Risk analysis documentation


Next Step

PreviousSAP Integration: ABAP Add-on & AccessNextAuthenticating Teams User Actions to Enterprise Systems

Last updated 1 month ago

To request, please contact:

Ready to set up your Looply account and invite your team? Head over to .

support@looply.ai
Signing Up & Onboarding Your Team