Supply Chain Management Blog Posts by SAP
Expand your SAP SCM knowledge and stay informed about supply chain management technology and solutions with blog posts by SAP. Follow and stay connected.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Digital Manufacturing - User Onboarding

KatjaHuschle
Product and Topic Expert
Product and Topic Expert
4 weeks ago
790

Introduction

SAP Digital Manufacturing plays a crucial role for various personas on the shop floor. During the implementation phase, the primary users are typically power users like Manufacturing Admins and Production Engineers. However, as you prepare for the go-live stage, it's essential to onboard Production Operators and Production Supervisors to the live system.

This onboarding process involves several key steps: setting up system access, assigning appropriate authorizations, and ensuring organizational alignment with plants and work centers.

In this blog, we'll provide an overview of these steps, along with practical hints to help you set everything up efficiently.

Business Use Case

To prepare for a new plant go-live, IT teams have some critical groundwork to cover. Their first step is to set up the required role collections based on input from the Business team. These role collections are then mapped to SAP Cloud Identity Services - Identity Authentication Tenant (IAS), which is a mandatory component in the overall solution architecture for using SAP Digital Manufacturing. 

Additionally, most customers have integrated SAP IAS with their corporate identity provider. In such cases, user creation and role assignments are managed directly within the corporate identity provider, with IAS acting as a proxy.

KatjaHuschle_0-1745594627677.png

In this blog, we'll use the persona 'Worker' as an example to demonstrate the necessary steps for successful onboarding.

To ensure workers can perform their daily work in SAP Digital Manufacturing, they need to have the following things in place:

  • System access (authentication)
  • Authorizations to perform required actions
  • Organizational assignment, specifying the plant and work centers they're allowed to work in

Onboarding Steps

System Access (Authentication)

Ensuring secure access to Digital Manufacturing starts with authenticating users. SAP Cloud Identity Services - Identity Authentication Tenant (IAS) provides multiple methods to enable secure system access. For detailed information, refer to SAP Help.

Depending on company policies and the chosen setup, new users, such as Production Operators, must receive personal credentials, like an email address and an initial password. In many companies, this process is initiated by the individuals responsible for hiring. It's managed through a central workflow that, once approved, creates the user either in the corporate identity provider or directly within IAS.

At this stage, users gain the ability to log in to SAP Digital Manufacturing. However, without assigned authorizations, they won't be able to perform actions or access any tiles in the system.

KatjaHuschle_1-1745594663341.png

Authorizations

SAP Digital Manufacturing offers a variety of role templates that you can customize to create role collections tailored to specific business requirements. These templates consist of scopes and attributes, which serve as authorization objects. Details on available templates please refer to SAP Help

When users log in with an assigned role collection, SAP Digital Manufacturing evaluates the scopes within that collection. Based on this evaluation, users gain access to various apps (tiles on the launchpad) and receive authorizations, such as the ability to read or modify data and perform actions like raising an alert.

You manage the assignment of role collections within IAS by allocating user groups.

IAS – Group DMC_Operator assigned to Test Worker03

KatjaHuschle_2-1745594685700.png

BTP – Role Collection DMC_OPERATOR mapped to User Groups DMC_OPERATOR:

KatjaHuschle_3-1745594695334.png

Now, when users log on, the apps become visible on the launchpad. However, at this point, there is still no plant assignment configured. Without this critical organizational linkage, users won't have access to plant-specific data or functionality.

Assigning users to the appropriate plant is an important next step to ensure they can fully utilize the system and perform their designated tasks.

KatjaHuschle_4-1745594708940.png

Organizational Assignment

Plant Assignment

The first step in the organizational assignment process is linking users to a plant. When it comes to assigning users with the role of Production_Operator to a plant, there are two possible approaches.

Later in the conclusion, we'll provide a comparison of the pros and cons for each option.

Option 1: Creation of the User in SAP Digital Manufacturing

This approach requires the involvement of a superuser who has authorization to manage user assignments, such as those with roles like Production_Supervisor, Production_Engineer, or Manufacturing_Admin.

To create users within the Manage User Assignments application in SAP Digital Manufacturing, superusers can choose from the following methods:

  • Manual creation through the user interface: Adding individual users directly through the interface.
  • Importing a CSV File: Uploading bulk user data in a structured format.
  • Creation using a public API: Automating user creation through an external API integration.

It's essential that the superuser responsible for assigning the plant is located within the plant they intend to assign the new users to. Additionally, when creating users, you must use their email addresses as their user IDs.

KatjaHuschle_5-1745594767508.png

Option 2: Assignment of the Plant_Access Role

Another method for assigning users to a plant involves using the Plant_Access role template.
When users are granted the custom-defined Plant_Access role and log into SAP Digital Manufacturing for the first time, they can select a plant from the plant selection menu at the top-right corner of the screen. By choosing a plant, users set it as their current plant. This action simultaneously triggers their automatic creation as users within that plant in SAP Digital Manufacturing.

The Plant_Access role also restricts the selection of plants available to users. This limitation ensures that users can only choose from plants specifically maintained within the role, which is a significant benefit for managing access efficiently.

KatjaHuschle_9-1745595005547.png

KatjaHuschle_10-1745595013661.png

For detailed information on the Plant_Access role, refer to SAP Help.
Important Notes:

  • For users with the Production_Operator role, there is no functional difference between plant attributes set as Plant_Read or Plant_Manage, as the Production_Operator role only provides read access to plant data.
  • The Plant_Access role does not provide additional authorizations; it solely restricts access according to predefined parameters. Therefore, it must be paired with a persona-based role. 

Sample role based on Plant_Access template:
KatjaHuschle_6-1745594890525.png

Authorization assigned via User Groups in IAS:
KatjaHuschle_7-1745594943019.png

After successfully creating users and linking them to the plant, the next step is assigning work centers. This assignment is crucial, as it determines the specific areas within the plant where users can operate.

If Production Operators attempt to access a Production Operator Dashboard (POD) and execute a shop floor control (SFC), the system will automatically verify their assigned work centers. Without this assignment, they will not be able to perform operations or access related functionalities.

Work Center Assignment

When it comes to assigning work centers to users, two methods are available:

1. Manual assignment within the Manage User Assignments app 

KatjaHuschle_11-1745595025385.png
2. Automated assignment using the provided public APIs available in the SAP Business Accelerator Hub.

KatjaHuschle_12-1745595033454.png

While the manual process works well for small-scale onboarding, it becomes increasingly time-consuming when you need to onboard multiple Production Operators. To streamline this process, investing time in building a custom application that leverages public APIs can be a game-changer. In the blog Automate User Assignment in Digital Manufacturing you can find a sample application which you might want to use as a starting point.

Conclusion

Streamlining the Onboarding Process with Combined Methods.
To enhance the efficiency of the onboarding process while ensuring secure plant access, you can effectively combine the assignment of the Plant_Access role with user creation via API or by a superuser.

By creating users as part of the onboarding process—either through API automation or manually by the superuser—you eliminate the dependency on Production Operators logging in first to trigger their creation in the system. This proactive approach ensures smoother and faster onboarding.

Simultaneously, assigning the Plant_Access role serves as an additional safeguard. Even in the case of an error by the superuser, the Plant_Access role restricts Production Operators' plant selection to only those defined within the role, thereby maintaining secure and controlled access.

2 Comments
Popular Blog Posts