In my earlier blog I explain how we can use SAP Cloud Identity Provisioning Service to read users/groups from remote content provider such SAP Business Technology Platform, ABAP Environment into SAP Build Work Zone. The advantages of why you may consider doing this are explained in my earlier blog. There are other reasons why you may need to provision users in SAP Build Work Zone. For eg. to leverage SAP AI service called Joule(see blog) with your SAP SuccessFactors suite requires users and groups to be provisioned from SAP SuccessFactors into SAP Build Work Zone.
SAP Build Work Zone standard or the foundations edition recently released a user interface to search for a user and see it's assigned groups. For more details on this feature refer to the help guide. The feature mentioned in the help guide is probably where you should start, but there are certain scenarios where it may not be sufficient and that's where we can leverage the SCIM APIs offered by Work Zone. The purpose of this blog is to showcase how we can use the SCIM APIs of SAP Build Work Zone to read which users and groups are provisioned into SAP Build Work Zone. SAP Build Work Zone has a standard SCIM interface we can leverage to accomplish this.
To setup the request with your rest client, follow the process below. Exact steps might be different for other rest clients but the process should be same.
For reading groups, change the URL to <portal-service>/roleMapping/scim/v1/Groups.
To read a specific user, add a filter using email or externalID. For eg:
https://portal-service.cfapps.us10.hana.ondemand.com/roleMapping/scim/v1/Users?filter=emails.value eq "harjeet.judge@sap.com"
https://portal-service.cfapps.us10.hana.ondemand.com/roleMapping/scim/v1/Users?filter=externalId eq "fee8b135-502c-49dd-bf1b-10499cc05754"
It may also be useful to filter for users tied to particular providerId. Eg.
https://portal-service.cfapps.us10.hana.ondemand.com/roleMapping/scim/v1/Users?filter=urn:ietf:params:scim:schemas:extension:2.0:mapping.providerId eq "Tutorial"
Note: By default the Identity Provisioning Service writes only minimal user attributes to SAP Build Work Zone so the user information that can be pulled back using the API is minimal.
To write a user in SAP Build Work Zone, send a POST request with the appropriate user/group payload.
Note: A POST request from a rest client should really be only used for troubleshooting. For actually provisioning users/groups into SAP Build Work Zone, you should be leveraging the SAP Cloud Identity Provisioning service as described in the blog link I shared earlier. If for some reason certain users fail to provision during Identity provisioning job, in those scenarios it may be helpful to test writing that user to SAP Build Work Zone through a rest client like Postman. See an example POST request in the screenshot below:
Happy reading!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
20 | |
9 | |
9 | |
7 | |
7 | |
7 | |
7 | |
6 | |
5 | |
5 |