Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Third-Party Cookies and SAP Analytics Cloud

paul_brownsey
Product and Topic Expert
Product and Topic Expert
‎2024 May 03 7:31 AM
5,678

UPDATE 2024-09-25: Google has revised its strategy regarding third-party cookie deprecation. Instead of deprecating third-party cookies, Google is planning to "introduce a new experience in Chrome that lets people make an informed choice that applies across their web browsing, and they’d be able to adjust that choice at any time." Google has not yet communicated a timeline for the introduction of this user choice.

SAP is meanwhile continuing to adapt SAP Analytics Cloud workflows so that features can work when third-party cookies are blocked. This work is expected to continue into 2025.

In revising its strategy, Google has not cancelled the 1% deprecation experiment that began in January 2024. Consequently, Google Chrome continues to restrict third-party cookies by default for 1% of users of unmanaged browsers. Working in collaboration with Google, SAP has registered for an exemption for SAP Analytics Cloud that will apply to most cases where users of unmanaged browsers find themselves in the 1% (for details, see below).

How SAP Analytics Cloud Users Are Affected

When a user’s web browser blocks third-party cookies, they will see errors when performing the following actions in SAP Analytics Cloud:

  • Accessing a “direct” live data connection to a remote data source (SAP BPC, SAP BW, SAP HANA, SAP Integrated Business Planning, SAP S/4HANA, or SAP Universe or WebI Document) *
  • Accessing a live data connection to SAP Datasphere
  • Accessing a live data connection to an SAP Cloud Application (SAP SuccessFactors or SAP Sustainability Control Tower)
  • Logging in to SAP Analytics Cloud embedded in an iframe on another web site
  • Logging in from a web browser to SAP Analytics Cloud, add-in for Microsoft Office
  • Viewing stories or analytic applications that have custom web content embedded into them (if that custom web content relies on cookies):
    • Embedded web pages
    • Custom Web Fonts
    • Custom widgets

* Note: Only live data connections whose Connection Type is Direct require third-party cookies. Live data connections whose Connection Type is Tunnel, Path, SAP BTP, SAP HANA Cloud, or SAP S/4HANA Cloud are not affected.

Which Users Will Be Affected, And When

Chrome versions 123 and later

Working in collaboration with Google, SAP has registered for a temporary exemption for SAP Analytics Cloud, so that third-party cookies will continue to work in Chrome versions 123 and later if users find themselves in the 1% experiment. If users directly access your SAP Analytics Cloud tenant by its standard URL, then they are covered by this exemption. Here, “standard URL” means a tenant URL that is on one of the following domains:

  • sapanalytics.cloud 
  • cloud.sap
  • sapanalyticscloud.cn
  • sapcloud.cn
  • sapbusinessobjects.cloud
  • ondemand.com

If users access your SAP Analytics Cloud tenant on a domain that is owned by your company—for example, if they access SAP Analytics Cloud embedded into an on-premises Fiori launchpad or another web site managed by your company—then they will not be covered by this exemption. In such cases, users may be affected by Chrome’s 1% experiment if they are using unmanaged web browsers. Users who find themselves affected by the 1% experiment can configure their web browsers as outlined in Google’s Guidance for end-users accessing enterprise applications through an unmanaged Chrome instance.

Chrome Enterprise

Chrome Enterprise users are expected to be unaffected by the 1% experiment. For the few that may be affected, enterprise administrators can configure web browser policies to allow their managed browsers to continue to access third-party cookies. For details, see Chrome Enterprise third-party cookie policies.

Unmanaged Chrome versions 121 and 122

1% of users running unmanaged Chrome versions 121 and 122 are affected by the experiment in Chrome. To allow third-party cookies for SAP Analytics Cloud, affected users will need to upgrade to Chrome 123 or later, or configure their web browsers as outlined in Google’s Guidance for end-users accessing enterprise applications through an unmanaged Chrome instance.

Unmanaged Chrome versions 120 and earlier

Users with Chrome versions 120 or earlier are not affected by the change in Chrome.

Microsoft Edge

Microsoft has not yet provided specific dates for when their 1% experiment will begin, but they have stated that Microsoft Edge on managed devices will not be impacted.

Direct Live Data Connections

The long-term solution for direct live data connectivity to customer-managed remote data sources (SAP BPC, SAP BW, SAP HANA, SAP Integrated Business Planning, or SAP S/4HANA) is under active development by the SAP Analytics Cloud team. This solution is expected to involve customers making a configuration change to their remote data sources, by deploying new HTML content and configuring certain HTTP headers, similar to the steps that are already necessary when first configuring SSO for the remote data source. The current plan is to release documentation detailing the necessary changes in the coming months.

For direct live data connections to SAP Universe or WebI documents, the necessary configuration changes are currently expected to be delivered in an updated version of the SAP BusinessObjects Live Data Connect component.

Embedded Web Pages and Web Fonts

SAP Analytics Cloud enables your content designers to insert web pages into their stories, and to use custom web fonts (configured in System > Administration > Default Appearance > Story > Fonts). If this embedded web content requires access to third-party cookies, then it might not load or function correctly when those cookies are blocked.

Going forward, consider adapting the embedded web content so that it no longer requires access to third-party cookies:

  • If the embedded web content needs to set and retrieve its own cookies, then consider partitioning those cookies using Cookies Having Independent Partitioned State (CHIPS).
  • If, in order to load, the embedded web content expects to have third-party access to already-set first-party cookies (for example, a session cookie), then consider using the Storage Access API to prompt the user for access. If you take this approach, you will need to edit the web page widget’s properties in your SAP Analytics Cloud story: in the “Additional Sandbox Restrictions” list, select “allow-storage-access-by-user-activation”.

For more details on CHIPS, Storage Access API, and related solutions, see Migrate to privacy preserving solutions.

If the embedded web page launches any popups to the user, then be aware also of Chrome’s bounce tracking mitigations which come into effect when third-party cookies are blocked. See Bounce tracking mitigations.

Custom Widgets

If your Custom Widget uses third-party cookies in cross-site contexts (such as Ajax data requests or loading web pages in iframes cross-site), you need to optimize your Custom Widget to avoid continuing the use of third-party cookies.

Cookies marked for third-party usage can be identified by their SameSite=None value. If you are using such cookies, you may need to check your Custom Widget code to determine whether these cookies are accessed as first-party cookies or third-party.

For more detailed information, please refer to https://developers.google.com/privacy-sandbox/3pcd.

2 Comments
Labels in this area
Popular Blog Posts