- SAP Managed Tags
Introduction:
We are happy to introduce the SAP S/4HANA Cloud Private Edition with Joule integration. This integration will help your day-to-day activities and enhance your productivity while interacting with the system. With the latest release, Joule supports the Conversational Search Filter capability, Transactional capabilities, Navigational capabilities to help users find their desired functionality. This helps in completing the goals by navigating you to the relevant SAP Fiori Apps and letting you work directly in the app’s web UI, where you can benefit from all its features.
With Joule for your SAP S/4HANA Cloud Private Edition, we are currently supporting the Navigation for the Core Apps such as Procurement, Finance, Sales, and Service Management and transactional capabilities like “show purchase orders”, “Upload a supplier invoice” or "show sales orders” etc. To perform such a task using Joule, we need the users to have the corresponding Business Roles to be assigned in the SAP Fiori Apps. I recommend taking a look at the supported list of roles by Joule – Capabilities for S/4HANA Cloud Private Edition to know more about each of these Roles you can look at SAP Fiori Apps Reference Library and also SAP Note 3523238 - Includes details on - Joule for SAP S4HANA Cloud Private Edition Navigational Capabilities, Business Roles For Navigational, and Business Roles and API for Transactional Capabilities).
How do I get access to Joule?
To get started we need SAP S/4HANA Cloud Private Edition with 2023 FPS01 or above.
Scenario 1: If you are signing New RISE contracts – (RISE with SAP S/4HANA Cloud, private edition, base; premium or premium plus) you will be allotted Joule entitlements to your SAP BTP Account by default.
Scenario 2: If you are an Existing RISE customer with S/4HANA PCE with 2023 FPS01 or above, please reach your Account Executive for Joule entitlements.
Note: In case you have multiple SAP BTP Global Accounts, we recommend picking the common Global Account for your Joule projects as Joule also communicates with other SAP solutions like SuccessFactors, DSC, ISBN, CX, etc... Please ensure to share the details with your Account Executive during the order process. In case you do not have a BTP Account, a new account will be created for you.
Please refer to this blog post for more information on Joule - Unified Setup: Bridging Simplicity and Performance.
How can I activate Joule?
For our RISE customers, we offer a dedicated AI Discovery Workshop Jump-Start program to help you get started. This program includes Evaluation, prerequisite checks, Activation of Joule Service, and *Embedded AI Scenarios (requires AI Units).
Image 1
We recommend you follow our dedicated workshop approach for Joule activation, however, we are outlining the steps required to set it up. You can reach your Account Executive or Customer Success Partners for nominations, eligibility, and for more information.
**************************************
We are also happy to introduce:
- Conversational Search Filter capability
- Transactional capabilities
- Navigational capabilities
For a Full list of supported scenarios, please refer to conversational patterns and the SAP Note: 3523238 - S/4 HANA Private Cloud Edition Joule Navigation Capabilities and Transactional Capabilitie... (Don’t miss the attachments on Navigational Capabilities and the roles Excel files).
**************************************
Pre-Requisites and Setup Process(requires administrator role):
- SAP Business Technology Platform, with the following entitlements
◦ SAP S/4HANA Cloud, Private Edition auto-discovered in System
◦ Joule Entitlements - Joule(das-application), please refer to license topic
◦ SAP Build Work Zone, standard edition (foundation plan or standard plan)
◦ SAP Cloud Identity Services, connectivity (Application) plan
◦ Cloud Foundry - SAP S/4HANA Cloud Private Edition 2023 FPS01 or later
o Create a Technical User for Joule Communication - SAP Cloud Identity Services (You have integrated your S/4HANA launchpad to use SAP Cloud Identity services for authentication. See reference architecture here)
- SAP Cloud Connector with Principal Propagation
o System Mapping to expose the required HTTPs protocol - Transactional Capabilities: Below mentioned OData services must be activated as a prerequisite for using respective transactional capabilities in Joule. Kindly refer to the documentation Activate and Maintain Services for activating the OData services.
- API_BUSINESS_PARTNER
- MD_BUSINESSPARTNER_SRV
o Finance
- UI_GLACCOUNT_BALANCES
- FAC_GLV_GL_ACCOUNT_LINE_ITEMS_SRV
o Operational Purchaser
- MM_PUR_PO_MAINT_V2_SRV
- MM_PUR_POITEMS_MONI_SRV
- MM_PUR_PR_PROFNL_MAINTAIN_SRV
- MM_PUR_PRITEM_MNTR_SRV
o Sales and Distribution
- API_SALESDOCUMENTS_AI_SRV
- LE_SHP_OUTBOUND_DELIVERY_FS
- SD_F1814_SO_FS_SRV
- LE_SHP_OD_CREATE_SRV
- LE_SHP_OD_LIST_SRV
- LE_SHP_DELIVERY_PICK
Note:
- A Joule instance (in your BTP Subaccount) can be only connected to exactly one SAP S/4HANA system (public or private) until further update.
- Joule is available for SAP S/4HANA Cloud Private Edition only within Rise with SAP.
- Enablement of Joule for SAP S/4HANA Cloud Private Edition only in an SAP-managed data center setup. The customer data center option is not supported.
Let us take a look at the architecture:
Image 2
We can get started by Creating a Technical User in your SAP S/4HANA Cloud Private Edition system. You can navigate to SU01 and add the roles SAP_BC_JSF_COMMUNICATION_RO Profiles to the technical service user used for reading the content.
Image 3
Add the Profile, set the initial password, and Save the Technical User.
Image 4
Now, let us get started with the setup process and we will start with SAP BTP.
- SAP Business Technology Platform
First, we shall validate the System Registration. To do this, Log in to your SAP BTP System, click on System Landscape, and then click on System; here, look for the SAP S/4HANA Cloud, private edition system that you need for the Joule integration. If the system is listed, then we are good to proceed with the next steps.
In case it is not listed, please create an SAP Incident/Support Ticket using the component BC-JOULE-PRV to request that your SAP S/4HANA Cloud, private edition systems be added to your BTP Accounts.
Log in to your SAP Business Platform and let us take a look if the Joule Entitlement is assigned. Within your BTP Platform click on Entitlements -> Click on Service Assignments -> search for Joule as shown below. If you have the service assigned then we are good. You may also search for SAP Workzone and you should be able to find it.
Image 5
Note: Based on your RISE contract, you may be able to see the different Entitlement Source. In my case, I am using the Embedded license for demo purposes.
1.1 Creating a New BTP Subaccount
Once you validate the services entitled, you can navigate to Account Explorer in your BTP Global Account, click on Create a New Subaccount, and enter the following details.
Note: While selecting the for your subaccount please ensure you select the nearest location to your S/4HANA PCE. You can verify the Joule Supported Data Centres here and plan your setup activities. Also ensure to check the Joule - Unified setup blog post mentioned before you create the subaccount.
Enter the details required and click on Create.
Image 6
1.2 Adding the Entitlements to your Subaccount
Once the subaccount is created, navigate to the Entitlements section -> Click on Edit -> click on Add Services Plans -> search for Joule, and select the foundation (Application) plan as shown below.
Image 7
Now search for Work Zone and select the foundation of both the plans as shown below.
Note: We are using a foundation plan for our setup that is Always Free.
Image 8
In this subaccount search for Cloud Identity Service and select the service plan Connectivity (application).
Image 9
1.3 Enabling Cloud Foundry
We are going to use the Cloud Foundry for our Joule setup. You can navigate to your Overview page within your subaccount and click on Enable Cloud Foundry as shown below.
Image 10
Select the Standard plan and agree on the terms and conditions as shown below, you may want to check/edit the values for Instance and Org Name and then click on Create.
Image 11
Once the service is enabled, within the same page, click on Create a Space. Enter the Space Name as per your choice, select the required roles, and click on Create.
Image 12
1.4 Establish Trust with the Cloud Identity Services
In the Joule subaccount that you have created, you can click on Trust Configuration and click on Establish Trust, this will pop up a new window with all the available Cloud Identity Services for your company. Please select the Cloud Identity Service that you have enabled with your SAP S/4HANA Private Cloud and click on Next.
Image 13
In this screen please validate if the Cloud Identity Service URL is using the domain model, “*.accounts.cloud.sap” or do you see “*.accounts.ondemand.com”, select the appropriate domain and click on Next.
Note: You can open your Cloud Identity Service Admin page to verify the URL domain pattern.
Image 14
We do not have to change anything here in the Configure Parameters window, as this is configuring the Cloud Identity Service that will be used for application users, you can click on Next and Save the settings.
Image 15
1.5 Disable the Default IDP and Trust the Domain
In this step, we are going to disable the Default Identity Provider to avoid authentication issues for the Joule users. To do this, with your SAP BTP subaccount, expand the Security options, click on Trust Configurations, edit the Default Identity Provider option, and remove the check option from Available for User Logon and Save it.
Image 16
Next, click on the Settings options and click on Add under Trusted Domain, and the Domain is going to be your SAP S/4HANA Cloud Private Edition Fiori Launchpad URL, and Add the details.
Image 17
A similar approach of adding the SAP S/4HANA Cloud Private Edition Fiori Launchpad URL should be in the Cloud Identity Service under trusted domains. To do this go to your SAP Cloud Identity Service, Click on Applications & Resources -> click on Tenant Settings -> click on Customization -> click on Trusted Domains -> Click on Add -> enter the SAP S/4HANA Cloud Private Edition Fiori Launchpad URL as shown below, and Save the details.
Image 18
2. Running the Booster for your S/4HANA Cloud Private Edition
Now that we have the required configurations set, we can start with the Booster to activate the Joule service for the subaccount. Navigate to your SAP BTP Global Account -> click on the Booster option -> search for Joule -> click on the Start option.
Image 19
The system automatically checks the prerequisites related to Authorizations, Entitlements, and the availability of the Cloud Identity Services. In case of any missing items, it will fail. If you have everything required, you should be able to continue further as shown below.
Image 20
In the next step, you will be required to select the subaccount that we created and add the required configurations, in my case I have selected the subaccount “S4PCE – Joule” and click on Next.
Image 21
Note: There we a few processes updated to the Booster, so you may see different screens shown below. In Select Integrations, you may select Testing or Production based on the SAP S/4HANA Cloud private edition system that you plan to integrate with, leave the Products option blank unless you want to integrate with other SAP Products that are listed in the dropdown.
This blog is dedicated to SAP S/4HANA Cloud private edition, click on Next once the selection is done.
Image 21a
In our case, we are focused on activating it for SAP S/4HANA Cloud Private Edition, so please Select Capability. You also notice a check box “Share conversation data submitted by users for improvement of Joule.” this is optional. However, if it is your pre-prod or test system I would recommend keeping this option active to improve the service, and then click on Next.
Image 22
In the next screen, a new formation will be created for the SAP S/4HANA Cloud private edition. Here, you also need to select the required SAP Cloud Identity Services, as shown below.
Image 22a
You should be able to see the validation screen; here, you can validate the details and click on Next. In the Review screen, you click on Finish, and it should run the Joule activation.
Image 23
Once the activation is completed, you will be able to see the message below.
Image 24
This completes the Booster activation process.
3. Activation of Workzone, Connectivity Service, and Create Service Key
As we complete the booster execution, we must continue connecting your subaccount to communicate with Joule and the SAP S/4HANA Cloud private edition system. We shall look into activating the Work Zone, setting up the connectivity, and determining the destinations.
3.1 Activate SAP Workzone, foundation edition
Please navigate to your Joule Subaccount -> click on Services -> click on Service Marketplace -> search for Work Zone -> Remember we have added two plans and both need to be activated. You may click on the Service Plan “…” as shown below -> click on Create.
Image 25
In this screen select the foundation plan, and the Space that we created should be populated automatically, if not please ensure to select it, enter the Instance Name of your choice, and click on Create as shown below.
Image 26
Once this is created, go back to the Service Marketplace page, select Work Zone, select the Application Plans -> click on “…” -> click on Create. In the new screen, select the check box for the terms and click on Create.
Image 27
3.2 Activating the Connectivity Service
Within the Service Marketplace -> look for Cloud Identity Services -> select the “connectivity” plan -> click on “…” -> click on Create.
Image 28
In the new screen, agree on the terms and click on Next.
Image 29
Here, please select Test (as in my case, it’s a non-prod instance). If you are working with a non-productive instance, click on Next and Finish the setup.
Image 30
Finally, if you navigate to Instances and Subscriptions, you should be able to see these services active in your BTP Subaccount.
Image 31
3.3 Creating a Work Zone Service Key
We will now be creating a Service Key which will be used during the destination creations and also for IPS Role mapps to your Work Zone. To create a service key, within the Instances and Subscriptions page -> click on “>” which is listed under the Instances, my case it is s4pcetest -> look for the options Service Key and click on Create -> enter a meaningful name and click on Create as shown below.
Image 32
Once the service key is created, you need to download it as shown below.
Note: We have two views from the subaccount, Form and JSON view. In case it gets confusing to read the values for destination configurations, you can click on Form to understand the values.
Image 33
4. Configure the SAP Cloud Connector for Joule Communication
If you have your S/4HANA Private Cloud instance managed by SAP, you would need to contact your support team to make the changes. You should be sharing the details, to add context we are sharing the configuration process below.
Note: You should have Principal Propagation, which should be available to communicate with SAP BTP. If necessary, you may refer to Expose Intranet Systems for details.
First, in your BTP Subaccont, navigate to the Overview section and look for the Subaccount ID. Please make a note of it.
Image 34
4.1 Add Subaccount in your SAP Cloud Connector
Log in to your SAP Cloud Connector (if you have access) -> Click on Add Subaccount -> Enter the following details.
Image 35
Enter the details such as the Region of your BTP Subaccount, Subaccount ID, Display name of your choice, login Email Address (subaccount admin), and Password, and click on Save.
Image 36
You may check if the connection is reachable to ensure the settings are valid.
Image 37
Now navigate to your Subaccount -> click on Cloud To On-Prem and click on the “+” sign to Add System Mapping -> Select ABAP System and click on Next -> Select HTTPs and click on Next.
Image 38
Enter a meaningful name for the Internal Host and the Port Number as 44300 and click on Next.
Image 39
Now enter a meaningful name for the Virtual Host and Virtual Port, E.g. 801, and click on Next.
Image 40
Verify the details and click on Finish.
Image 41
Ensure the connection is reachable as shown below.
Image 42
4.2 Adding the Resource Path
Here, you may want to add the resource path required for communication. In my case, I have given access to the full path for demo purposes; however, if you would like to permit a specific communication path, I recommend you add the list below.
Image 43
Path to fetch... | Value |
Card manifests and i18n files | /sap/bc/lrep/ |
The UI5 App Index | /sap/bc/ui2/app_index/ |
CDM3 content | /sap/bc/ui2/cdm3/ /sap/bc/http/ui2/flp_content_exposure/entities (This is the recommended path for V2 CDM exposure, available from 2023 FPS1 and the same should be used in the Design time destination) |
Data from OData services | /sap/opu/odata/ |
Data from OData V4 services | /sap/opu/odata4/ |
4.3 Create Mapping Virtual to Internal System:
In this step, we will create an RFC mapping for integration with the Identity Provisioning Services. In the SAP Cloud Connector, under the Mapping Virtual to Internal System, click on “+” -> select ABAP System, and click on Next.
- Mapping Virtual To Internal System
Image 44
In the System Mapping, select RFC and click on Next.
Image 45
In System Mapping, I am using a stand-alone cloud connector, so I have opted for Without load balancing. Please select With load balancing if you have the mechanism and click on Next.
Image 46
In the System Mapping, Enter your Application Server details, and Instance Number and click on Next.
Image 47
Note: It can be the Host Name or IP Address.
In the Virtual Application Server, you need to enter the virtual host details that were created earlier. In case it is “dsc_s4hana” and the Virtual Instance Number, click on Next.
Image 48
Select the Principal Type: None click on Next -> select Host in Request Header: Use Virtual Host and enter a Description: Optional. Verify the details and click on Finish.
Image 49
4.4 Adding the Naming Policy for RFC Protocol
Select the RFC Protocol that we created now, and click on “+” icon. Enter the following details as shown below:
Image 50
Please use the following Naming Policy exactly as it is, you may copy the values from here:
- BAPI_USER_GETLIST
- BAPI_USER_GET_DETAIL
- PRGN_ACTIVITY_GROUPS_LOAD_RFC
- PRGN_ROLE_GETLIST
Once you add them, you should be able to see the details below.
Image 51
5. Create Destinations
We will now create the destination for communication from the SAP S/4HANA Cloud Private Edition to the SAP Build Work Zone. We will create design-time destinations, runtime destinations, and retrieving Nominations via the SAP Cloud Connector and Navigation Service.
5.1 Create Design-time Destination
To create the destination navigate to your BTP Subaccout -> click on Connectivity -> and click on Destinations.
Here, you can follow two approaches: either you can Create them manually, or you may download the templates that I have attached to this blog and make changes once you import the destination files.
If you are creating, it Manually -> Click on Create and enter the following details:
Field | Value |
Name | We recommend adding the suffix dt to the name. |
Type | HTTP |
Description | Enter a description |
URL | The URL of the Virtual Host of your Cloud Connector: https://<host>:<port>/sap/bc/ui2/cdm3/entities In the case of Version 2 /sap/bc/http/ui2/flp_content_exposure/entities same should also be exposed on Cloud connector for access |
Proxy Type | OnPremise |
Authentication Method | The following methods is supported: Basic Authentication. |
Additional Properties | |
sap-client | The client number of the ABAP system. For example: 120 |
In case you are using the important file, click on Import, select the file “SystemName_dt,” and modify the values as required; refer to the table above.
Image 52
Change the Name, URL Host, and IP, Enter the User and Password and the sap-client ID as required.
Once the details are saved, the design-time destination show be as shown below.
Image 53
Click on Check Connection before you move further and ensure it is 200 OK.
5.2 Create Runtime Destination
Let's create a Runtime destination that helps us obtain the resources needed to run the federated apps in runtime.
To Create it manually, click on Create Destination or use the Import Destination option and select the file “SystemName_rt”.
If you are creating it manually, add the following details:
Field | Value |
Name | SystemName_rt We recommend adding the suffix "_rt" to the name. |
Type | HTTP |
Description | Enter a description |
URL | The URL of the Virtual Host of the system that is set up in your Cloud Connector. |
Proxy Type | Internet |
Authentication Method | Please select NoAuthentication |
Additional Properties |
|
Property | Value |
HTML5.DynamicDestination | Add this property and set its value to true when you are creating a destination for a dynamic tile. |
sap-platform | ABAP |
sap-client | The client number of the ABAP system. For example: 120 |
sap-sysid | System ID of the SAP system (also referred to as SID). For example: QKY |
launchpad.wa.productId launchpad.wa.productVersion | To enable SAP Companion content (on-screen help) for the SAP S/4HANA apps running on this system (destination), you need to configure the product and version of the SAP Companion content that corresponds to the SAP S/4HANA apps. |
sap-provider-label | Add this property to provide a user-friendly display name for the system of a destination. This system label is used in various runtime features, such as: It can be displayed directly on each tile of an SAP S/4HANA app, if this setting was enabled in the Site Settings. It is shown in the drop-down list of the search results (only when using the Spaces and Page - New Experience view mode) and on the Search Results page. The Source System field is in the user Default Values option, located under the User Actions menu—Settings Default Values. In the App Finder. |
sap-service | A concatenated string that contains 4 characters: the first 2 characters are “32”; the last 2 characters are the instance number of the ABAP application server or the SAP system number. For example: 3200 |
sap-start | true |
If you have imported please review the values as per the table carefully and then click on Save. Here are the values that need to be edited.
Image 54
Once the details are saved, you should be able to see the following details.
Image 55
Check connection is not required and it may give you an error, please ignore it.
5.3 Retrieving Nominations via the SAP Cloud Connector:
Additional destination for private cloud for retrieving nominations via the SAP Cloud Connector using the following values.
If you are creating it manually, use the following values else import the file “privatecloud” and edit the changes.
For manual, use the following values:
Field | Value |
Name | privatecloud |
Type | HTTP |
URL | <Virtual host and port from SAP Cloud Connector> |
ProxyType | OnPremise |
Authentication | PrincipalPropagation |
Location ID | <ID of the SAP Cloud Connector, if configured> |
Additional Properties | |
Property | Value |
HTML5.DynamicDestination | TRUE |
nameIdFormat | tc:SAML:1.1:nameid-format:emailAddress |
sap-card-nominations-path | /sap/opu/odata4/ui2/insights_srv/srvd/ui2/insights_cards_read_srv/0001/CEP_Cards?$expand=DescriptorResources |
If you are importing the destination file, import the privatecloud and change the following as per the table above.
Image 56
Once you make the changes, you should be able to see the details below.
Image 57
Remember to do the Check Connection before going to the next step.
5.4 Single Sign-On Destination
Additional destination for private cloud for retrieving nominations via the SAP Cloud Connector using the following values.
If you are creating it manually, use the following values. Otherwise, import the file “S4HANA_PCE_SSO” and edit the changes.
For manual, use the following values:
Field | Value |
Name | S4HANA_PCE_SSO |
Type | HTTP |
URL | The URL of the Virtual Host of your Cloud Connector : https://<host>:<port> |
ProxyType | OnPremise |
Authentication | PrincipalPropagation (BasicAuthentication can be used for initial testing of connectivity only, but it must not be used for validation or production). |
Location ID | <ID of the SAP Cloud Connector, if configured> |
Additional Properties | |
Property | Value |
sap-client | The client number of the ABAP system. |
If you are importing the destination file, import the S4HANA_PCE_SSO and change the following as per the table above:
Image 57a
Once you make the changes, you should be able to see the details below.
Image 57b
Remember to do the Check Connection before going to the next step.
5.5 Create Navigation Service
You need to configure a destination with the name NavigationService in the subaccount with Joule set up to use the navigation service and ensure that these targets are resolved at runtime.
Please use the following details if you are creating it manually, else, use the file “NavigationService” and edit the values.
Note: These values can be found in the ServiceKey file that we downloaded. In case you want to go back, in your BTP Subaccount -> click on Instance and Subscriptions -> in the Instances option click on “>” and then click on the “…” to view the ServiceKey file. In the Form section you will be able to get the values required for the table below.
Image 58
Field | Value |
Name | NavigationService |
Type | HTTP |
URL | portal-service URL from the service key created for the service instance of SAP Build Work Zone, standard edition. |
Proxy Type | Internet |
Authentication | OAuth2UserTokenExchange |
Client ID | Client ID from the service key created for the service instance of SAP Build Work Zone, standard edition. |
Client Secret | Client Secret from the service key created for the service instance of SAP Build Work Zone, standard edition. |
Token Service URL Type | Dedicated |
Token Service URL | https://<uaa url>/oauth/token |
Additional Properties | |
Use default JDK trust store | Enable this option |
If you have imported the file, change the following details:
Image 59
The final setup should be as shown below.
Image 60
5.6 RFC Destination for Identity Provisioning Integration
You can use the following table in case you are creating a new RFC destination, or you can import the file “system_rfc” and edit the values.
Field | Value |
Name | Name of the destination |
Type | RFC |
Description | Enter a description |
ProxyType | OnPremise |
User | <Username of your SAP S/4HANA Cloud Private Edition technical service user> |
Password | <Password of your SAP S/4HANA Cloud Private Edition technical service user> |
Authorization Type | CONFIGURED_USER |
Location ID | <ID of the SAP Cloud Connector, if configured, example DLM_MAIL> |
Additional Parameters (Without load balancing) | |
Field | Value |
jco.client.client | <Client of the SAP S/4HANA Cloud Private Edition system, example 950> |
jco.client.ashost | <Virtual host of the SAP Cloud Connector configuration for Identity Provisioning service integration, until the colon, example uctclnt950rfc> |
jco.client.sysnr | <SAP System instance number> |
Additional Parameters (With load balancing) | |
Field | Value |
jco.client.client | <Client of the SAP S/4HANA Cloud Private Edition system, example 950> |
jco.client.mshost | <Virtual host of the SAP Cloud Connector configuration for Identity Provisioning service integration, until the colon, example uctclnt950rfc> |
jco.client.r3name | <System ID of the SAP S/4HANA Cloud Private Edition system, example UCT> |
In case of an imported file, please modify the following values:
Important: Take a close look at Additional Parameters (With load balancing) and Additional Parameters (Without load balancing), based on your setup, modify the data in additional properties.
Image 61
In my case, I am using without a load balancer, so the setup should look like this:
Image 62
Check the Connection before you go to the next step.
6. Create a Content Provider
Now, we will create a Content Provider in the SAP Work Zone. First, we need to assign the roles to the user. You can assign it to yourself to complete the setup and add more Admins as required.
Within your BTP Subaccount, -> click on Security -> click on Users -> Click on Create -> enter your email address -> select the Cloud Identity Service that you have established Trust in the previous step, and click on Create.
Image 63
Once the User is created, click on it to Assign the Roles – “Launchpad_Admin” and save the settings. This will allow you open the Work Zone using your Cloud Identity Services login details.
Now click on Services -> click on Instances and Subscriptions -> open the Work Zone Standard edition in a private window to avoid login issues -> enter your Cloud Identity Services Login details.
In the Work Zone, Site Manager page Click on Channel Manager -> click on New and enter the following details:
Field | Value |
Title | SAP S/4HANA Cloud Private Edition or any other meaningful name |
ID | <A unique ID> |
Design-Time Destination | Select the design time destination |
Runtime Destination | Select the runtime destination |
Runtime Destination for Dynamic Data | The runtime destination for retrieving dynamic data to display on dynamic tiles. By default, the default runtime destination is used. |
Automatically add all content items to subaccount | TRUE |
Use the Identity Provisioning service to provision user authorizations | TRUE |
Include group and catalog assignments to roles | Use this toggle switch depending on how the provider is modeled |
Once you enter the details, you should be able to see the values below
Image 64
Once this is created, you can click on the report to view the roles and groups assigned. You may want to refresh after configuring the source and target in the cloud identity services.
7. Add your SAP S/4HANA Cloud Private Edition domain to trusted domain names
In your Joule subaccount go to Security -> click on Settings -> and add the fully qualified domain name of your S/4HANA launchpad as a Trusted Domain.
Image 64a
8. Configure SAP Cloud Identity Services
In this process, we need to add Source and Target systems to the Cloud Identity Services to process the User Roles and Groups in the SAP Work Zone.
Log in to your SAP Cloud Identity Services (official help page) -> click on Identity Provisioning -> click on Source System -> You may import the file “source_file.json”, or if you are creating it manually, use the help page.
8.1 Source System
Once you import the file, please edit the details “System Name” and select the “Destination Name”, which will be your RFC Destination which was created in the previous steps.
Image 65
In case you are doing the manual approach of creation, click on Transformation -> click on the JSON View and click on Edit. You can delete the JSON code and copy the new code from here – Step 6 Transformation Code and save the settings.
Note: In the case of imported files, this is already updated with the latest code, no changes are required.
Image 66
8.2 Target System:
Now, we will be creating the Target System. In your SAP Cloud Identity Services -> Click on Identity Provisioning -> Click on Target System -> Click on “+ Add” and you can import the file – “target_file.json” or if you creating this manually, you can follow the details from the help portal – step 8 – Create Target System.
If you have imported the file, change the System Name as required, select your Source System, which you have created in your system, and enter a Description to identify your Target Joule service and click on Save.
Image 67
If you have imported the file, the transformation code is already updated. If you are creating it manually, copy the code from Step 8.d.
Image 68
Now navigate to the Properties tab and add/modify the details. If you have imported, you should be able to change the values that are listed in the table:
Field | Value |
Authentication | BasicAuthentication |
cflp.group.unique.attribute | externalId,['urn:ietf:params:scim:schemas:extension:2.0:mapping']['providerId'] |
cflp.patch.group.members.above.threshold | 5000 |
cflp.providerId | <ID of the content provider you created in your SAP Build Work Zone, standard edition tenant, e.g. S4_PC_UCT950> |
cflp.user.unique.attribute | emails[0].value,['urn:ietf:params:scim:schemas:extension:2.0:mapping']['providerId'],externalId |
ips.trace.failed.entity.content | FALSE |
OAuth2TokenServiceURL | <Value of the url property of the SAP Build Work Zone, standard edition service key you created + /oauth/token> |
Password | <Value of the clientsecret property of the SAP Build Work Zone, standard edition service key> |
ProxyType | Internet |
Once you save the values, you should be able to see the details below.
Image 69
Save the settings.
8.3 Running the Jobs
Once the Source and Target are configured, we are good to run the Jobs, which will create the users and the corresponding roles and groups in the Work Zone to support Joule functionality.
Click on Identity Provisioning – Click on Source -> Select your Joule Source setup -> Click on Jobs and then click on Run Now.
Image 70
You can navigate to the Job logs -> Identity Provisioning -> click on Provisioning Logs -> you should be able to see the successful job execution with the four-line items Group and Users for your Source System and the corresponding Target systems.
Image 71
In case your Job is taking more time, you can continue with the final setup process.
9. Configure and Activate Joule Plug-In in a Target Mapping (SAP Fiori Launchpad):
9.1 Create Catalog in Fiori Launchpad
In the launchpad app manager (see e.g. Creating and Maintaining Launchpad App Descriptor Items), create a target mapping with the intent Shell-plugin and the following configuration:
Go to the T-code: /n/UI2/FLP in the SAP S/4HANA Cloud Private Edition system and Open the Fiori Launchpad Tab. Click on the Launchpad App Manager (Cross Client).
Image 72
Create a new Techincal Catalog by clicking on the New Standard Catalog.
Image 73
Fill out all the details accordingly and use a pre-created Workbench Transport Request, click on Save.
Image 74
Click on ADD APP -> SAPUI5 Fiori App.
Image 75
To create the Target Mapping, we need the Joule Application URL to find that you can navigate to your BTP Subaccount -> Click on Instances and Subscriptions -> Click on Joule -> Click on Go To Application.
Image 76
You should be able to see the Joule page as below, copy the URL.
Image 77
Going back to our Catalogs page, use the following parameters to
Field | Value |
Application Type | SAP UI5 Fiori App |
Semantic Object | Shell |
Action | plugin |
SAPUI5 Component ID | sap.das.webclientplugin.s4 |
ICF Path | URL with Joule application’s hostname, and with /resources/public/webclient/s4 appended |
Suppress Tile | Checked |
Application Component ID | CA-FLP-ABA |
Target Application Title | Joule |
Information | Optional: Enter a description of your plug-in. |
Device Types | Select the device or devices that are supported by your plug-in, e.g. desktop or phone. The plug-in will only be shown on these selected devices. |
Parameters | Define parameters that you want to pass to the plug-in component by entering a name and a default value for each parameter. |
Once you have filled in the details, you should be able to see the setup as shown below. Ensure the URL is appended with /resources/public/webclient/s4 as per the table.
Image 78
Go back to the Fiori Launchpad Tab and open the Launchpad Content Manager (Client Specific).
Image 79
Create a new Business Catalog by clicking on the Create.
Image 80
Fill out all the details accordingly and use a pre-created Customizing Transport Request, click on Save.
Image 81
Select the newly created catalog and click on the Add Tile/Target Mapping.
Image 82
Search and Select the Technical Catalog created under Launchpad Application Manager.
Click on Add TM Reference.
Image 83
9.2 Create a New Role in Role Maintenance
Navigate to Role Maintenance to create a new Role in /npfcg and assign the catalog created in the previous step to it.
Go to the T-Code /npfcg -> Create a new Single Role as z_xxxxx_joule as per the naming conventions.
Image 84
Now navigate to the Menu option, and click on Transaction -> select the SAP Fiori Launchpad -> and click on Launchpad Catalog.
Image 85
In the Catalog Provider -> select Fiori Launchpad Catalogs -> select Local Front-End Server, Assign the Catalog ID that we created in the previous step, and click on OK.
Image 86
Checking the application log is not required; click on No.
Image 87
Navigate to the User tab and ensure you have “JOULE_ADMIN,” which was created as a pre-requisite.
Image 88
Now, let us navigate your Fiori Launchpad, look for the Joule icon, as shown below, and test it.
Image 89
The Joule window should be launched as shown below.
Image 90
This completes your Joule activation for your SAP S/4HANA Cloud Private Edition!!! Congratulations!!!
You can continue to explore the scenarios as required.
Do share the feedback, questions, or any comments that may be required to improve the blog.
Happy Learning!!!
Regards,
Nagesh Caparthy
Credits:
To the SAP S/4HANA Cloud Private Edition team and especially to Rohit Kumar, Sushil Kumar, @Jocelyn_Dart, @Diganta_Mandal1, and @Samir_Rai for their full support in creating this document.
| User | Count |
|---|---|
| 16 | |
| 5 | |
| 5 | |
| 5 | |
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 |
