Note

I published a blog with the same title in May of 2023.  It was well received with more than 25,000 views. As the system provisioning is getting better, the setup process is getting simpler, and our developers further improved the process of creating and configuring CBC projects, I am writing a new blog here to be in-line with the changes. Considering some technical background is still valid, you can use the 2023 Edition as a reference.

Introduction

As a new customer to the SAP S/4HANA Cloud Public Edition solution, the very first system you are going to get, and use is called the Starter System.  This system has a set of master data and a set of 228 (if only activating Enterprise Management Bundle) SAP Best Practice scopes loaded to help you explore its capabilities and conduct the Fit-to-Standard Workshop.

In this blog, I am going to introduce all the concepts/terminologies and steps to set up your Starter System from A to Z. My explanation is divided into three sections:

• Technical Concepts of a Starter System
• CBC Tenant Technical Configurations (4 Steps)
• CBC Project Setup and Configurations (11 Steps)

You should be able to get the Starter System running in 2-3 days.

Note: My colleague Adnette wrote a good blog on System Provisioning Improvement in SAP Activate for SAP S/4HANA Cloud Public Edition on October 18, 2024. Her blog announced a new process went into effect of provisioning four systems in a bundle: SAP Cloud ALM, SAP Central Business Configuration, SAP S/4HANA Cloud Starter System and SAP Business Technology Platform. My blog only focuses on the Starter System.

Technical Concepts of a Starter System

As many of you are the first-time users of the SAP S/4HANA Cloud Public Edition, I am going to explain the system landscape and many relevant technical concepts of a Starter System to jump start your exploration.

System Landscape of a Starter System

The Starter System Landscape is composed of three major systems:

• Central Business Configuration (CBC) System (also called a tenant because many CBC tenants reside on the same CBC server) – a user-friendly interface to choose and activate business scopes based on SAP Best Practices, and create your organizational structures.
• S/4 ABAP System (the core of the Public Cloud system, which is built on an ABAP system under a big umbrella of the S/4HANA solution)
• Development Tenant 080 – a tenant to develop your customized solution as an extension to the SAP’s standard solution residing in Customizing Tenant. You can connect to an Eclipse based ABAP Development Tool (ADT) for the development work.  Your developed codes are transparent to the Customizing Tenant 100.
• Customizing Tenant 100 – a tenant to customize the business process as well as execute business transactions 24/7. All the business data are stored here.
• SAP Cloud Identity Service
• Identity Authentication Service (IAS) tenant – authenticating users
• Identity Provisioning Service (IPS) tenant – supporting CBC user and user group assignment
• Identity Directory – storing user information
• Identity Provider (IdP) – optional for customers to adopt a corporation IdP

System Landscape of a Starter System

Initial Admin User and Other Users

In the commercial contract of subscribing the SAP S/4HANA Cloud Public Edition, it includes the name and the email address of an IT Contact person.  When a system is provisioned, all system related emails are sent to this IT Contact, not these people who sign the contract or pay the bill!  If there is a change of this IT Contact, such as taking a new job role within the company, a new IT Contact is named, etc., you should contact SAP immediately to name a new IT Contact by creating a ticket in the component XX-S4C-OPR-SRV.

During the first phase of an implementation project, a CBC tenant is provisioned first. At that time, the IT Contact will receive an email like the below figure to activate the IAS by creating a password as an Initial Admin User, or System Admin. The IAS URL is also included as 2. Administration Console.

SAP Cloud Identity Service Admin User Activation Email

This Initial Admin User is the first user in many systems for the customer.  For example, the IT Contact can logon to Customizing Tenant 100 using his/her email address. In the Customizing Tenant 100, this IT Contact’s User ID is CB9980000000, representing the very first user in the system.  The Initial Admin User can use this user account to create more users in the system.  Their User ID’s are CB9980000001, CB9980000002, etc.

Initial Admin Users in Different Starter System Tenants

Above figure illustrates the Initial Admin Users in all relevant tenants. We can list them as the following:

• User P000000 (six zeros) in the IAS, IPS and CBC tenants
• User CB9980000000 (seven zeros) in Tenants 080 and 100
• SAP User S00xxxxxxxx (eight numbers) in SAP Support System, like SAP4Me or SAP Support Portal

SAP User, or Super User, is not new to the SAP S/4HANA Cloud Public Edition.  Super User can create other S users for his/her colleagues.  If a customer is not new to SAP, there might already be some S users in the company. Please check the authorizations of these S users to make sure they have the right access to the cloud systems.

Roles Played by SAP Cloud Identity Services

SAP Cloud Identity Services has three key components: Identity Authentication Service (IAS), Identity Provision Service (IPS) and Identity Directory. The Identity Directory is coupled with the IAS. Therefore, from a system administration point of view, you only work with IAS and IPS directly.

Note: In the past, the IAS and IDS have two different URL’s. Now there is only one URL for them, and IPS becomes one tab within IAS Console.

Roles IAS and IPS play in the User Management

The IAS plays the following roles:

• Authenticate users to access the CBC, Customization and Development tenants
• Assign CBC roles (also called groups) to CBC users
• Act as a proxy system when a corporate IdP is used

The IPS plays the following roles:

• Replicate seven CBC user roles from the CBC to the IAS. Do this replication when you set up the Starter System, or after a major upgrade in case there are changes in the CBC roles.
• Read CBC users from the IAS tenant and provision them to the CBC tenant. This needs to be done each time when new CBC users are added/created, or a different role is assigned to user(s).

Let me explain what “Assign CBC user roles to CBC users” means: Different from Tenants 080 and 100, CBC tenant does not have capabilities to assign user roles by itself.  This functionality is delegated to the IAS. After users in Tenant 100 tenant are created, if these users need to access to CBC, the IAS assigns one or more CBC roles to these users, so that they can access and work in the CBC tenant.

Seven CBC User Roles/Groups

Among seven CBC roles, two are new: SAP_CBC_CONSUMPTION_PROGRAM_LEAD and SAP_CBC_CONSUMPTION_PROJECT_LEAD.  They were created in 2302 Release to replace the role SAP_CBC_CONSUMPTION_ACTIVITY_ALL which becomes obsolete. I will explain the usage of these roles soon.

Login Name vs. User ID

From the IAS, clicking on the Users & Authorizations ->User Management (see below), there is a Login Name besides user’s First Name, Last Name, and E-Mail. It is george.yu in this case.  In addition, there is a User ID (P000000). 

User Management Screen in IAS

When a business user is created in the Starter System’s Customization and Development tenants, the following information is mandatory:

• Username: george.yu or D123456 for a corporate ID
• Email address: george.yu@sap.com
• User ID: CB9980000050 (system generated)
• Business roles: BR_BPC_EXPERT and SAP_BR_ADMINISTRATOR

Note: Both IAS and Development/Customizing Tenants use the word “User ID”, they are not identical and only play the identification role within its own tenant locally.  Both User ID and Business Roles only stay within the Development/Customizing Tenant; they are never exported to the IAS tenant.  For example, the same business user John Doe might have below different User ID’s:

• P000008 in IAS/IPS
• CB99800000010 in Customizing Tenant 100
• CB99800000012 in Development Tenant 080

The key is the Username, not User ID.  If the user is unique, that user has one and only one Username.  This Username is exported to become the Login Name within the IAS.  In other words, Username in the Development/Customizing Tenants is the same as the Login Name in the IAS. 

Luckily, the CBC uses the Login Name exported from the IAS.  This relieves you from another mind twist 😀.

The Login Name is critical to the CBC. It is called Subject Name Identifier, an attribute pushed over from the IAS to identify a user who logons to the CBC Tenants.  If the Login Name is blank, you will get an error on the logon screen.

The CBC tenant has a user’s following information:

• Login Name: george.yu
• User ID: P00000
• CBC User Role: SAP_CBC_CONSUMPTION_PROGRAM_LEAD

Under the user icon of the CBC tenant, the Login Name: GEORGE.YU is used to identify the user.

User Login Name is Used as the Identifier in CBC Tenant

In contrast, when logon to the Customizing Tenant 100, the user’s full name is used as shown below.

User Full Name is Used as the Identifier in Dev-100 Tenant

Logon to a System using an Email Address

Most times, we use an email address to logon to a system. That is a setting in the IAS.  We can also change that to use Login Name to logon to a system.

After the explanation of above technical concepts, we can start powering up our Starter System.

CBC Tenant Technical Configurations

After a Starter System is provisioned by SAP, you still need to follow the below steps to get the CBC Tenant ready for the first-time use.

Step 1 – Access the Starter System based on the Bundled System Access Email

In the Initial Admin User discussion, I introduced an email from SAP Cloud Identity Services which provides an administrator account (your email address) to you.  You need to activate this account and create a password for it. With this account, you can act as an administrator in the IAS and the IPS tenants.  Since Tenants 080, 100 and CBC use the same IAS for authentication, this account is used to access all of them.

Note: If for any reason, your administrator account activation period is over (for example, your project is delayed for six months), when you try to activate the account with the original notification email, a new activation email will be sent to you right away, so that you can activate the account promptly.

The following email provides the URLs of three important tenants: IAS, CBC, Customizing Tenant, and Business Technology Platform.

Bundled System Access Information Email

Within this email, you can find a lot of information:

• First section provides hyperlinks to documentation on how to access four systems, namely SAP Cloud ALM, SAP Central Business Configuration System, SAP S/4HANA Cloud Starter System, and SAP Business Technology Platform.
• A table list access information of four systems and the Data Center locations
  • SAP Cloud ALM (in my internal provisioning process. The reason is I already have access to a Cloud ALM system and no new one is provisioned.)
  • SAP Central Business Configuration System
  • SAP S/4HANA Cloud Starter System
  • SAP Business Technology Platform

Note: There is a Note above the table saying my Development Tenant is provisioned separately. Usually, the Customizing Tenant 100 and Development Tenant 080 should be provisioned together. If you don’t get it, open a ticket asking for the Development Tenant 080.

Logon to these four systems to make sure you have full access.

Step 2 – Check and Push CBC User Roles from CBC into IAS as Groups

Although the CBC Tenant does not do user management by itself, it does control user access by groups. During the initial setup, we need to push these CBC related roles from CBC into IAS as groups, so that when users are created in the IAS tenant, proper CBC role(s) can be assigned to the users.

Before executing this step, double check if the user roles are already available in the IAS tenant. Click on Users & Authorizations --> Groups, if all CBC related groups are available, you can find them (see below figure).  In this case, there is no need to push roles from the CBC groups into the IAS.

One CBC User Is Assigned One of Seven CBC User Groups

I have an in-depth discussion on these user groups in my blog Deep Dive into the CBC User Authentication and Authorization Concept.

If the CBC User Group shows empty in the IAS, then there is a need to push roles from the CBC into the IAS.  Click on Identity Provisioning → Source Systems.  Select the CBC Tenant as a source, click on Jobs tab, click on Run Now button in the Read Job row.

Run a Job to Push CBC User Groups into the IAS Tenant

Step 3 – Create Business Users in Customizing Tenant

When the Starter System is delivered to you, there is only one user in the system, the IT Contact or Initial Admin User. You need to use this user to create other business users.

When creating business users in the Starter System, try to make it simple.  Due to its short live and for exploration purpose nature (the Starter System and its users will be deleted three months after the Production System is provisioned), you can create some users manually. Here is my approach:

3.1 Create Business User Roles

Note: From 2408 Release, the SAP S/4HANA Cloud Public Edition uses Spaces and Pages to navigate the Fiori Launchpad. Read my blog How to Use Spaces and Pages in SAP S/4HANA Cloud, Public Edition if you are new to this concept.

Click the tab Administration (called Space), pull down to see more sub menus, click on Identity and Access Management (called Page), find the Users and Roles section, click on the Maintain Business Roles app.

Access Maintain Business Roles app

Use the function Create from Template to create two additional business roles ZBR_ADMINISTRATOR_HRINFO and ZBR_BPC_EXPERT, assign yourself to these roles, on top of already created role SAP_BR_ADMINISTRATOR.  As a best practice, you should use the prefix Z or Y to the new business roles especially when you make changes to these standard roles.

Create Business Roles from a Template

Notes:

1. If you create business roles in Customizing Tenant 100 before activating scopes and confirm the milestone in CBC as described in next section, your business role template might contain less business catalogs than needed. This could cause authorization errors when doing business process configuration. For that reason, you can either delay the business role creation and assignment to users (Step 3.1), or compare and update business role ZBR_BPC_EXPERT after CBC milestone is confirmed completely. See detailed explanation in my blog Your Sherlock Holmes – Why Product-Specification Configuration Errors Out in the Public Cloud?.

2. While you are creating a new business role ZBR_BPC_EXPERT, double check the Access Category section under General Role Details tab. The value in the category of "Write, Read, Value Help" should be set as "Unrestricted". The default value is "Restricted".  Otherwise, you cannot make changes to the configuration settings in the Configuration Tenant 100.

3.2 Create Business Users

To create business users, you can either create manually from the Maintain Business Users app or import them especially you have many users to create. Let me show you the latter option.

After you assign yourself to the newly created business roles, click on SAP icon to return to the homepage. Then you click on the refresh button on your web browser. You will see more spaces (tabs) become available as additional tabs. This indicates you have new authorizations to access applications listed under these spaces: Administration – HR Info and Business Process Configuration.

Click on the Manage Workforce app under Space Administration – HR Info.

Access Manage Workforce app

In the Manage Workforce screen, click on the Import button, select Import Worker Data to import workers. This process not only create workers in the system, but also makes them to be the business users.  You can download a template to populate your users as below.  The template I used is Templ_WorkerBasic_Comma.csv.

Workers File to be Imported

After workers are successfully imported, go to Maintain Business Roles app to add these users to the appropriate Business Roles.

3.3 Export Business Users to the IAS

Until now you have created business users in the S/4HANA System.  Next, you need to export business users to the IAS.  Open the Maintain Business Users app, clicking on the Download -> Download for IDP button. A file called data.csv is created.

Downloaded User’s File data.csv

If you recall our previous discussion on Login Name and its importance in authenticating CBC users, you will notice the Login Name is blank for George Yu. This should be immediately corrected, or you will experience login error to the CBC tenant.

To upload the user list to the IAS, click on Import Users app in the IAS.

Import Users into the IAS

When importing users, make sure you select SAP S/4HANA Cloud- Starter Customizing Tenant, because that is the source of your user data file.  Browse and select the data file, then hit the Import button.

Import Users from the data.csv File to the IAS

After users are created, the Admin User sends an email to activate user accounts.

Password Details Screen of User Management

Step 4 - Provision the Users to the CBC Tenant

Most likely, the Initial Admin User (P000000) has already been pushed to the CBC Tenant by the SAP.  To newly created users, you need to run a job to push them to the CBC with proper groups assigned.

4.1 Assign CBC Groups to Users

Under tab Users & Authorizations, select Groups. Among available seven User Groups, you need to include newly created business users to one or more User Groups. For example, if you want a user to be in Group SAP_CBC_CONSUMPTION_PROJECT_LEAD which has the fully capability to work in a CBC project, clicking the +Add button to add the user to the group.  As soon as you click the +Add button in the dialog box, the user is added and saved (there is no Save button).

Add User(s) to the CBC_CONSUMPTION Group

4.2 Push User(s) to the CBC Tenant

Next step is to push the user(s) to the CBC Tenant by clicking on tab Identity Provisioning → Source Systems. Here you need to choose IAS for -cbc …. – source, select Jobs tab, select Read Job, then Run Now button.

Run a Job to Push Users from the IAS Tenant into the CBC Tenant

After running the job, from the tab Identity Provisioning → Provisioning Logs, we can check if a user is created or updated.    

The below job log tells us the following:

• From the IAS Tenant, 7 user groups are read; 4 user is read. No user or group is created, updated, or deleted.
• Within the CBC Tenant, 1 user group is updated (that is SAP_CBC_CONSUMPTION_PROJECT_LEAD, a new user is added); 1 user is created (that is the John Doe user).

Job Log of Provisioning Users from the IAS Tenant to the CBC Tenant

Until now, you as an Initial Admin User has prepared all necessary business users to logon to both the CBC system and the S/4HANA system. From this time on, you can invite business users to work with you on the next section, CBC Project Setup and Configurations.

CBC Project Setup and Configurations

As I discussed in the Starter System Landscape section, we have two Starter System tenants: customizing tenant 100 and development tenant 080.  For each tenant, we need to create a corresponding project in the CBC tenant.  SAP Help Portal has good information on Phases, Project Activities, and Milestones in an Evaluation Project.

Note: For a Starter System project, it belongs to the Evaluation Project, not the Implementation Project which is for your real implementation project.

When you login to the CBC tenant for the first time, you will get a pop-up window asking you to create a CBC project.  I am going to list 11 steps on what you need to do.   

A Pop-Up Window when Accessing a New CBC Tenant

Step 1 – Create a Starter System Customizing Project

When we click on the Create New button shown in above figure, a New Project window pops up.  Enter info for a new project, choosing Evaluation as the Project Type.

Create a New Customizing Evaluation Project in the CBC Tenant

Step 2 – Define Scope

After a project is created, the first activity is Define Scope. Click on the Open button.

A New Project Created Successfully

When you first work with the Evaluation Project, we recommend choosing only one country/region first. The reason is that the more countries you choose, the more scopes you will activate.  This will make the activation process running much longer.  You can add more countries/regions later via Initiate Change.

In my case, I select one country, USA; and the Private Sector.  Some scopes are different for the Private Sector from the Public Sector especially in US.

Select Country and Sector for Define Scope Activity

After hitting the Save button, you can choose which bundle(s) to add.  The Enterprise Management bundle is a good starting point.

Choose the Enterprise Management Bundle

Besides 218 scopes bundled together with the Enterprise Management, you can add more scopes from 101 scenarios. 

Add Scopes to the Customizing Evaluation Project

The evaluation project only offers a limited scope selection. It already contains the Enterprise Management bundle. Two scenarios are available for parallel ledger accounting. You can choose either the group ledger scenario Accounting and Financial Close - Group Ledger US GAAP (2VA) or Accounting and Financial Close - Group Ledger IFRS (1GA). Depending on your country/region selection, additional scenarios may also be available.

When you add Scope 1GS Accounting and Financial Close – Group Ledger IFRS, there is a warning message saying “This scenario can only be added or removed during initial scoping and activation. If you don’t select the scenario now but need it later, your system has to be reprovisioned and your project reimplemented.”  This highlights the importance of selecting a right accounting principle at the system setup phase and you cannot change it later.

After reviewing all selected scopes, click on the Complete Activity button (located upper right corner with three dots) to complete the Define Scope Activity.

Complete the Define Scope Activity

Step 3 – Assign Deployment Target

The outcome from a CBC project must be transferred to a S/4HANA tenant for the later to function.  This S/4HANA tenant is called deployment target.  This activity is called the Assign Deployment Target.

Assign Deployment Target Activity

After clicking the Assign button of the Assign Deployment Target Activity, choose the Starter Customizing tenant, and hit the Assign button.  The another tenant is for the Development Project to be assigned later.

Assign Customizing Tenant as the Target System

After the target tenant is assigned, you will see the final two green pop-up messages announcing the successful assignment.  

Confirmation of the Assign Customizing Tenant Activity

Step 4 – Confirm Scoping is Completed

Now we confirm scoping is completed by clicking on the Confirm button. In the pop-up window, click on the button Confirm Milestone.

Confirm Milestone in Confirm Scoping is Completed Activity

The warning message is to re-confirm what you are doing.

During the confirmation, a progress bar displays the percentage of the work.  This step usually completes in 10-15 minutes.

Scoping Confirmation Progress Status Bar

In the meantime, you will see another three activities are added to the list:

• Specify Primary Finance Settings
• Setup Organizational Structure
• Confirm Scope and Organizational Structure Phase is Completed.

Step 5 – Specify Primary Finance Settings

The preconfigured evaluation project only allows you to confirm K4 - Cal. Year, 4 Special Periods as fiscal year variant and USD (US Dollar) as group currency. All additional fiscal year variants or group currencies are presented for your information (view only).

Specify Primary Finance Settings

Clicking the Complete Activity button to complete this activity. 

Step 6 – Set Up Organizational Structure

The evaluation project contains an existing organizational structure.  When this activity starts, it runs a script in the background to create a model organization structure and confirm it automatically. This process takes 3-5 minutes, so that before its completion you will see below figure.  There are 20 Units to confirm.  The Complete Activity button is grayed out.

Organizational Units to be Confirmed

After the demo organizational units are confirmed (both the Units to Create and Units to Confirm display turn to green), you can also choose to enhance the preconfigured organizational structure by creating your own organizational units. If you want to deploy the organizational units you created to the target system, you need to confirm them.

The predefined organization structure can be displayed graphically, or in a grid format by clicking the button on the right-hand side.

Predefined Organization Structure List

If no new organization structure needs to be added, hit the Complete Activity button.  You will get a confirmation pop-up message.

Confirmation Pop-up Message after the Set Up Organizational Structure activity is complete

At this point, if you want to change the scope, for example, adding another country, you can still go back to Define Scope.  The below figure illustrates how a new DE Company Code is added when I add Germany as a second country, and 13 more units to confirm.

 Add Germany to be the Second Country and Its Impact to the Organizational Structure

One important thing to keep in mind is that you can make changes, including delete your project, to whatever you have done so far before next activity Confirm Scope and Organizational Structure Phase is Completed.  Because your scoping is not finalized, and there no transports are created. After that, you need to reopen the scoping, and a corresponding transport is created to record your change(s).

Step 7 – Confirm Scope and Organizational Structure Phase is Completed

When clicking the Confirm button in the Confirm Scope and Organizational Structure Phase is Completed activity, a popup window shows up.  It is a good practice to write down what has been included in this confirmation.  For example, I included two bundles (baseline and Enterprise Management), two countries (US and DE) and one additional scope 1GA.  This description will show up in the transport to help you identify them.

Write a Description on What is Included in this Milestone

The confirmation progress is displayed with a progress bar.  After about one hour, it reaches 60%.  From that time on, it takes a long time to complete.  In my own experience, the entire confirmation process takes five hours 26 minutes (see my blog Your Sherlock Holmes – Why Product-Specification Configuration Errors Out in the Public Cloud?). I usually start it before leaving work and come back the next morning to see the result.

Milestone Confirmation Progress Status Bar

Sometimes, the confirmation won’t be complete before an error message pops-up after about four hours (still at 60%). You could open a ticket to CBC support per instruction, but I would advise you wait a little bit longer.  In my recent two milestone confirmation processes, they all reached 100% without any intervention after a little bit over five hours.  The cause of this error message might be a temporary connection lost in the backend.

An Error Message Pops up During Milestone Confirmation Process

After the Milestone Confirmation is completed, the Status becomes Completed and the Confirm button grays out.

After the Scope and Organizational Structure Milestone is Completed

Step 8 – Product-Specific Configuration

After the milestone is completed, go to the Product-Specific Configuration phase to carry out business process configuration activities.

 Product-Specific Configuration

If you run into authorization problems at this step, refer to my blog Your Sherlock Holmes – Why Product-Specification Configuration Errors Out in the Public Cloud?.

Step 9 – Add Users to the Project

From 2302 Release, you need to assign users to the CBC project. You click on Settings button, then Add User button to the right.  On a new Starter System, only the IT Contact person is assigned and listed as the Program Manager (super user) who can create a project. This user cannot be removed.

Add Users to the Starter System Customizing Project

After the Add User screen pops up, you can add users one by one by clicking on the Add button.  If you recall our discussion on pushing users to CBC using IPS, the list of users was created by that step.  In my example, I assigned Project Manager role to the user John Doe.  I have a blog discussing this topic: Deep Dive into the CBC User Authentication and Authorization Concept.

Add Individual Users to the Starter System Customizing Project One-by-One

Step 10 – Check the Master Data in the Customizing Tenant-100

Different from regular customer system, the Starter System provides the master data for a user to quickly get a demo scenario running.  These master data are created when we set the milestone in the CBC project.  To check it out, we run the Product List app. One prerequisite is to create a user role by copying from SAP delivered user role SAP_BR_PRODMASTER_SPECIALIST template and assign yourself to this user role.

The below figure shows 447 products in the Customizing tenant 100 for both US and DE countries.  This indicates the master data are all loaded into the Customizing Tenant 100.

 SAP Delivered Product List in the Starter System Customizing Tenant – 100

Step 11 – Create Starter System Development Project

If you plan to test out the capabilities of the Development Extensibility Tenant, you need to create a new project in the CBC Tenant; otherwise, your Starter System setup work is done; The business users can take over the system now.

To create a development project, you click on Settings button, then Switch Project button. Since there is only one project now, the Create New button shows up in the Project Switch window.

Create the Starter System Development Project

From this step and on, you basically repeat all the steps we did for the Starter System Customizing project.

Conclusion

In this blog, with the explanation of the system landscape for the SAP S/4HANA Starter System as the foundation, I explained all the steps, from A to Z, to setup the Starter System after its provisioning, and create two projects for the Customizing and the Development tenants, respectively. From this point on, you can use the system to explore its standard functionalities and conduct the fit-to-standard workshop with your business users.

References

• Blog: Deep Dive into the CBC User Authentication and Authorization Concept
• Blog: System Provisioning Improvement in SAP Activate for SAP S/4HANA Cloud Public Edition
• Blog: From A to Z: Setup a Starter System of the SAP S/4HANA Cloud, public edition [2023 Edition]
• Blog: User Management in a Nutshell for the SAP S/4HANA Cloud, public edition
• Blog: Your Sherlock Holmes – Why Product-Specification Configuration Errors Out in the Public Cloud?
• SAP Learning: Provisioning Systems and Initial Setup