There is no special introduction needed on how relevant it is to have a mobile application to expose SAP’s business content in a safe and secure environment using our smart phone.
In this blog, we would like to cover how the contents like roles, groups, apps etc. from an SAP S/4HANA public Cloud system can be federated into SAP Launchpad service on BTP and then further make it available for mobile users using SAP Mobile Start.
SAP Mobile Start is a native app that serves as the mobile entry point to SAP’s business applications and content, providing users with a consumer-grade experience.
In order to configure the SAP Build Work zone, you need the role Launchpad_Admin and this achieved by going into the Role Collection under Security.
In the Host Name field, enter the host of SAP Build Work Zone, standard edition, that is, <subdomain of your subaccount>.launchpad.cfapps.<region>.hana.ondemand.com.
Fig1: HostName
Create the Users for Inbound and Outbound Communication.
Create new Communication Arrangement, select the communication scenario SAP_COM_0647. The arrangement name is prefilled with SAP_COM_0647. As suffix, add _LPD_EXPOSURE and I named it: SAP_COM_0647_LPD_EXPOSURE
Fig 2: Communication Arrangement
Add your SAP Build Work zone standard edition as trusted host to the allowlist.
Name | N5T_Starter_dt |
Type | HTTP |
Description | design-time connection |
URL | https://<S/4HANACloudtenantID>-api.s4hana.ondemand.com/sap/bc/http/sap/aps_flp_content_exposure/entities |
Proxy Type | Internet |
Authentication | Basic Authentication |
User | LPD_EXPOSURE_COM_0647_USER |
Password | *************** |
Additional Properties
HTML5.DynamicDestination | true |
Use default JDK trust store | Checked |
Name | N5T_Starter_rt_tiles |
Type | HTTP |
Description | runtime tiles |
URL | https://<SAP S/4HANA Cloud tenant ID>-api.s4hana.ondemand.com |
Proxy Type | Internet |
Authentication | SAML Assertion |
Audience | https://<SAP S/4HANA Cloud tenant ID>.s4hana.ondemand.com |
AuthnContextClassRef | urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession |
Additional Properties
HTML5.DynamicDestination | true |
nameIdFormat | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
Use default JDK trust store | Checked |
Name | N5T_Starter_rt_apps |
Type | HTTP |
Description | RunTimeApps |
URL | https://<SAP S/4HANA Cloud tenant ID>-api.s4hana.ondemand.com |
Proxy Type | Internet |
Authentication | No Authentication |
Additional Properties
HTML5.DynamicDestination | true |
sap-platform | ABAP |
Use default JDK trust store | Checked |
This step is performed to establish trust with SAP BTP subaccount using necessary SAML2 Configurations.
Create a communication system and upload the SAML certificate downloaded from Trust Certificate of the Sub Account. Refer to step: 4.2
Configure Identity Authentication tennant as a proxy to corporate Identity Provider(IdP) for the SAP BTP SubAccount.
a. Choose + Create to add an application Name from Application & Resources > Applications
b. Application Type choose SAP BTP solution -->Save
c. In the application you’ve created, choose SAML 2.0 configuration.
d. Browse the file exported from SAP BTP Cockpit. All fields are pre-filled -->Save
e. Under Subject Name Identifier, choose Basic Configuration and select the basic attribute E-Mail
f. Choose Email as the Default Name ID format.
g. Conditional Authentication: Choose Identity Authentication as default Identity provider.
h. Assertion Attribute: Groups
Go to Users and Authorizations --> User Groups--> Create.
User Group
Please make a note of the Group Name.
Establish New Trust Configuration in BTP cockpit of your respective Sub Account.
7.1 Launch SAP Build Work Zone, standard edition from your subaccount
7.2 In the site Directory, choose + Create Site.
7.3 Enter a Site name of your choice. For e.g. SAP Start.
7.4 Click the cog wheel icon to display the Settings and navigate to Notifications
Settings
7.5 Go to Notification tab
7.6 Choose Generate to get the credentials required to configure Communication System(You can bookmark the URL to access SAP Build Work Zone, standard edition more quickly)
8.1 Create Communication System using the credentials generated from Step 7.4
Comm.System_Notification
8.2 Create Communication Arrangement using the Comm.Scenario SAP_COM_0683. In the Outbound Services Outbound HTTP Service for Notifications Publish section, make sure that Path is set to /v2 and the Port is set to the 443 default value.
ChannelManager
Click on the pencil(Edit) button and enter the details as below which is consumed from the Destination created
ContentProvider
Title | Refer to your S/4HANA System ID |
ID | Automatically derived from Title |
Design-Time Destination | Select the destination for exposing N5T_starter_dt |
Runtime Destination | Select the destination for runtime apps |
Runtime Destination for Dynamic Data | Select the destination for fetching data for dynamic tiles |
Content Addition Mode | Automatic addition of all content Items |
The content is ready to be consumed by SAP Build Work Zone, standard edition.
Note: It takes ~2-3 minutes for the role to reflect in the site Editor.
Since we already created Site( refer Step 7.1 to 7.3), click the cog wheel icon to display the site Settings.
Site Directory
Site Editor
11.1 In your SAP BTP Account, go to the respective Sub Account and navigate to Trust Configuration under Security Tab.
11.2 Click on the Custom Identity Provider created from step 6.3
11.3 Navigate to Role Collection Mappings
11.4 Click New Role Collection Mapping
11.5 Select the Role you have imported from Step 10
11.6: Select the attribute in this case: Groups from the step: 6(h)
11.7: Select the Value as Group Name from Step 6.1
Role Collection
12.1 Install the app: SAP Start from the App store or Play store
12.2 Scan the QR Code from the site: Under User Profile --> Settings --> SAP Mobile Start Application. Register( not Install)
Scan the QR Code: Register
https://www.youtube.com/watch?v=R3_49jHjSuQ
SAP Mobile Start puts people at the heart of business processes — anywhere and anytime.
Integration Guide
Trust Configuration: Mapping
Learning Journey
SAP MobileStart: Intelligent Enterprise at your fingerprints
SAP MobileStart: Community Page
Voice Commands Using Siri Shortcuts (iOS Only)
Courtesy: dennis.koehler for offering his expertise in this topic.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
30 | |
19 | |
10 | |
9 | |
8 | |
7 | |
7 | |
7 | |
7 | |
7 |