SAP S/4HANA Cloud

User Authentication in Central Business Configuration

SAP Central Business Configuration is a new tool that will make it possible to configure business process spanning multiple SAP cloud solutions from one central place. SAP Central Business Configuration will first allow the configuration of SAP S/4 HANA Cloud but aims at seamless implementation of end-to-end business processes across SAP’s intelligent enterprise.

In this blogpost we will see how to manage business users in Central Business Configuration.

Initial Handover Emails

After contract is signed with SAP, the IT administrator at customer will receive four handover emails as shown below.

  • The first email is for accessing SAP Central Business Configuration System. This email will contain links for Central Business Configuration, Identity Authentication, and Identity Provisioning. You should use your S User credentials to login to Identity Provisioning
  • The second email is for accessing SAP S/4HANA Cloud Starter system URL and Initial User ID. This email contains the Initial Technical User.
  • The Third handover mail is for Initial Password set up in SAP S/4HANA Cloud Starter system.
  • Fourth and last handover email is for Identity Authentication. This email comes with the access information to the SAP Cloud Platform Identity Authentication. Again, the IT person specified in the contract will be the owner of this system. The IT Administrator should reset his/her password and access this tenant as the first step.

User Management

The below diagram outlines the end-to-end process steps involved in user management within SAP Central Business Configuration. The highlighted steps are manual check to ensure initial password resets have been carried out. Once you complete the activity of resetting the password in the admin console, you will be able to access the Identity Authentication system. Let’s start the further process, step by step.

Next, you have to set subject name identifier, according to your log in preference. Go into application and resources tab and click on applications and navigate to the administration console and go to subject name identifier there you have an option set basic attribution as per your requirement.

Next step is to go to home page and go into user management and create new user with the help of basic details of user and click on save. After that you will see that user is created in the system and user will receive an activation email as well.

Next step that you need to do is assign the users groups to the users, these user groups are nothing but our prerequisites.

Please note: if you are doing this activity for the first time you need to replicate the user groups from Central Business Configurations to Identity Authentication Services first because, all the user groups relevant with Central Business Configuration are pre delivered with Central Business Configuration

In the Central Business Configurations environment, you must bring these from Central Business Configurations into Identity Authentication Services, then you will be able to assign user groups to the users.

For this activity you need to go to the Identity Provisioning System with the help of link provided in the Initial Central Business Configurations handover mail.

In Identity Provision System you need to get in to the Source system, here you need to ensure that the source system is Central Business Configurations, and need to bring data from Central Business Configurations to Identity Authentication System , then you have to run the background Job.

The moment you can click on run now the batch program runs. All the user groups will appear in Identity Authentication Service system user group section.

For next activity you need to come to Identity Authentication System and choose user group section, click on assign user groups, there you will find all the standard user groups are visible.

Based on the access requirement you can assign the specific user group to the user, by clicking on User management tab and user as shown in below image.

Next step is replicating users and user groups from Identity Authentication System to Central Business Configurations. Here again you need to get back to the Identity Provisioning System to run the background job again with Identity Authentication Services as source system. Once this activity completes the newly created user with assigned user groups will be available in the Central Business Configuration System.

You can check and confirm via logging in to the Central Business Configuration System (Central Business Configuration URL is available in the handover mail from SAP).

Note: Identity Provisioning System acts like bridge or middleware between Central Business Configuration and Identity Authentication system, key point to remember here is whatever changes we do with the user/user groups and password, must replicate via Identity Provisioning System by running background jobs.

Leave a Reply

Your email address will not be published.