Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

User Import SAP Enable Now with SSO

PascalWissler
Explorer

on ‎2021 May 31 6:01 AM

0 Likes
1,231

I have a question regarding the user import in SAP Enable Now Cloud Version. When SSO is alreday enabled in SAP Enable Now what exactly needs to be done afterwards? In the System requirements document for Manager (CLOUD) it says that the Users are created created within the Organizational Unit "Imported Users" and the role is assigned to learner. As a next step I would assume to assign the needed roles (authors, learners, etc..) to the imported users... or do I miss a certain step? Thanks in Advance for your Information.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (1)

Answers (1)

MichaelSzmrtits
Product and Topic Expert
Product and Topic Expert
‎2021 May 31 9:01 AM

Hi Pascal,

in the Manger you can define which role is automatically assigned for created users. By default this is the role Learners. If you need then other roles for certain users, you have to adapt this in the Manager as you said. Same for the Organizational Unit (OU). If you want to have the user in another OU you can move them also in the Manger.

In the Info-Center are also helpful informations around the SSO process: https://enable-now.sap.com/ic/wa/ext/%7Etag/published/index.html?show=book!BO_1CD9526D708C8F82#SL_79...

Its also possible to work with additional attributes in your identity provider to auto assign users to a certain role and OU.

Additional attributes:

distinguishedname – Allows it to create the organization structure in the SAP Enable Now Manager. corporategroups – Will be converted in the SAP Enable Now Manager to the user's role.

Please also think about to notify your users about their new user accounts and share the link to the Manager. There is no "Auto Notification" after a user is created via SSO.

Hope that helps, Best regards, Michael

Show replies
Show replies
PascalWissler
Explorer
‎2021 Jun 07 5:36 PM
0 Likes

Thanks for the quick answer. So if all imported users are automatically assigned to the Role Learners I can just add the role for example "Standard Author" to some users to extend their permissions. Or can I also unassign a role to assign a new Role like "Standard Author" ....?

MichaelSzmrtits
Product and Topic Expert
Product and Topic Expert
‎2021 Jun 07 5:43 PM
0 Likes

Hi Pascal,

not sure if I got your comment right, but of course you can assign and unassign roles. There is no limit how many roles a user has. So its also possible that he has the Learner Role + the Standard Author role.

Best rgerads, Michael

former_member767567
Participant
‎2021 Oct 19 2:37 PM
0 Likes

hello Michael,

once you've completed the SSO setup, with all parties involved (SAP, SEN and SAML Identity Provider), what happens if you haven't chosen the additional attributes at that stage?

Is it possible to modify the option later on, yet while you still have no users automatically created via SSO access? The purpose here would be not to "dump" new users (learners) into the common OU "Imported Users". I would expect them to inherit organizational attributes and be classified according to a mapping, am I right? Do you need to organize again a SSO setup call in order to obtain that? With the same parties?

Thank you very much for your help.

Best regards,

Marna

MichaelSzmrtits
Product and Topic Expert
Product and Topic Expert
‎2021 Oct 19 3:32 PM

Hi Marna,

I think there is no additional meeting with our support team required. You just have to make sure that your identity provider will send the attribute distinguishedname for the organizational unit. The attribute corporategroups can be used for roles.

This is then something where you need to talk to your SAML Identity Provider Admin.

But should you stuck in the process, of course our support team will help you and you can request via incident a call with them.

Best regards, Michael

Ask a Question