Enterprise Resource Planning Blog Posts by SAP
Get insights and updates about cloud ERP and RISE with SAP, SAP S/4HANA and SAP S/4HANA Cloud, and more enterprise management capabilities with SAP blog posts.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

User Authentication in SAP Central Business Configuration

Dhanashree_23
Product and Topic Expert
Product and Topic Expert
‎2021 Jun 04 3:56 PM
17,039

SAP Central Business Configuration is a new tool that will make it possible to configure business process spanning multiple SAP cloud solutions from one central place. SAP Central Business Configuration will first allow the configuration of SAP S/4 HANA Cloud but aims at the seamless implementation of end-to-end business processes across SAP’s intelligent enterprise.

In this blog post, we will see how to manage business users in Central Business Configuration.

Initial Handover Emails

After contract is signed with SAP, the IT administrator at the customer will receive below handover emails as shown below.

Dhanashree_23_0-1732780276393.png

                                                     handover emails

 

    • The first email is for accessing SAP Central Business Configuration System. This email will contain links for Central Business Configuration, Identity Authentication, and Identity Provisioning, Business Technology Platform, Cloud ALM and Starter Customizing system.
    • The second handover email is for Identity Authentication. This email comes with the access information to the SAP Cloud Platform Identity Authentication. Again, the IT person specified in the contract will be the owner of this system. The IT Administrator should reset his/her.password and access this tenant as the first step. Contact IT person can access the SAP Identity provisioning with the same credentials of SAP Identity Authentication Services.

User Management


The below diagram outlines the end-to-end process steps involved in user management within SAP Central Business Configuration. The highlighted steps are manual checks to ensure initial password resets have been carried out. Once you complete the activity of resetting the password in the admin console, you will be able to access the Identity Authentication system. Let’s start the further process, step by step.

Note: User Group ‘SAP_CBC_CONSUMPTION_PROGRAM_LEAD’ is pre-assigned to the IT administrator as part of the CBC tenant provisioning process.

Dhanashree_23_1-1732780345664.png

 

Central Business User Management Process diagram 

 

Creating Business Users and Providing Access Rights :

First step is to go to home page and go into user management, click on ‘Add’ button create new user with the help of basic details of user and click on save. After that you will see that user is created in the system and user will receive an activation email as well.

Dhanashree_23_2-1732780435505.png

Assigning User Groups:


For the next activity you need to choose the user group section in Identity Authentication System, click on assign user groups, and there you will find all the standard user groups are visible.

Next step that you need to do is assign the users groups to the users, these user groups are nothing but our prerequisites.

Please note: All the below-mentioned user groups that are relevant to Central Business Configurations are pre delivered with Identity Authentication Services.

User Groups:

Dhanashree_23_3-1732780769799.png

User Groups with description 

For the next activity in the Identity Authentication System and choose user group section, click on assign user groups, there you will find all the standard user groups are visible. You can click on the user group and assign the user groups by clicking on the ‘Add’ button shown in the below image.

Dhanashree_23_4-1732780873033.png

Based on the access requirement you can assign the specific user group to the user, by clicking on the add button under the required role as shown in below image.

Please note: For every business user, verify that the status is Active, and the Login Name and Display Name fields are maintained to avoid access issues.

Dhanashree_23_5-1732780948069.png

 

 

Replication of User from IAS to CBC

The next step is to replicating users and user groups from the Identity Authentication System to Central Business Configurations. Here you need to go to the Identity Provisioning tab and click on the ‘Source Systems’ to run the background job with Identity Authentication as source system. Once this activity completes, the newly created user with assigned user groups will be available in the Central Business Configuration System.

Dhanashree_23_6-1732781008912.png

You can check and confirm via logging in to the Central Business Configuration System (Central Business Configuration URL is available in the handover mail from SAP).

Dhanashree_23_7-1732781041459.png


Please Note: Whenever there is a change in the login name for the user as a result of uploading the IDP file from the S/4 HANA Cloud system to the Identity Authentication Service system as per the help link make sure that background jobs in Identity Provision Services for Identity Authentication System as source system needs to be run.

System Landscape


Based on the emails received by the customer, the below diagram shows the different systems involved:


Note: User groups are used only in  SAP Central Business Configuration.

Identity Authentication System:  The Identity Authentication service provides you with controlled cloud-based access to business processes, applications, and data. It simplifies your user experience through authentication mechanisms, single sign-on, on-premise integration, and convenient self-service options.

Identity Authentication System shared across SAP Central Business Configuration, SAP S/4HANA, Starter, and Quality tenants.  Like before SAP S/4HANA Cloud Production system has a separate productive Identity Authentication tenant.

Identity Provisioning System: Identity Provisioning system acts like a bridge between SAP Central Business Configuration and Identity Authentication System,

Manage identity lifecycle processes for cloud and on-premise systems. The Identity Provisioning service automates identity lifecycle processes. It helps you provision identities and their authorizations to various cloud and on-premise business applications.

Note: IPS tenants which were provisioned in the second half of March 2022 or later, IAS administrators can access IPS directly (with IAS credentials), the S-user is no longer required. In IAS, the attribute “Manage Identity Provisioning” must be active for the administrator.

Central Business Configuration:   As I mentioned SAP Central Business Configuration is a new tool that will make it possible to configure business processes spanning multiple SAP cloud solutions from one central place. To start with, SAP Central Business Configuration supports SAP S/4HANA Cloud implementation experience. SAP Central Business Configuration is connected to S/4 HANA Starter, Quality, and Production systems.

User management in SAP S/4HANA Cloud remains the same as before.


For further details about  SAP Central Business Configuration please refer below blogposts:

 

 



Now you would be able to define the users in SAP S/4 HANA Central Business Configuration. Please let me know if you have any feedback or comments.

 

6 Comments