Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
cancel
Showing results for 
Search instead for 
Did you mean: 
Murali_Shanmu
Active Contributor
13,046
Note that this asset was drafted & created before our branding changes related to SAP technology were announced on January 2021. Note that SAP Cloud Platform Cockpit was renamed to SAP BTP cockpit.


This blog series will cover some of the concepts of SAP Work Zone and will also help you familiarize with the steps required to setup SAP Work Zone and integrate it with other applications.



























Enhance the Digital Workplace Experience using SAP Work Zone
Part 1 - Setup and configure SAP Work Zone
Part 2 - SAP Work Zone Overview and Components
Part 3 - Developing SAP UI Cards that render SAP business data within SAP Work Zone
Part 4 - Developing SAP UI Cards that render data from 3rd party systems within SAP Work Zone
Part 5 - Integrating Fiori Apps in SAP Work Zone
Part 6 - Integrating SAP Conversational AI based chatbots with SAP Work Zone
Part 7 - Understanding the Admin role concepts

SAP Work Zone is a service on SAP Business Technology Platform which helps improve productivity by providing a personalized, integrated digital workplace experience across multiple touch points. Its a digital workplace solution which centralizes access to SAP and non-SAP solutions by providing a central entry point to access business apps, processes and collaboration capabilities.


I would encourage you to look at this video which demonstrates the capabilities of SAP Work Zone.

The key capabilities of SAP Work Zone are also documented in SAP Help.

This blog will outline some of the steps required to configure and setup SAP Work Zone.Unlike other services on SAP Business Technology Platform (BTP) which can be enabled with a click of a button, Work Zone requires few steps to be performed - though majority of the steps have been automated using boosters (which I will explain below).

The steps which I am going to show assume that you are looking to setup a fresh SAP Work Zone tenant without the need to migrate an existing SAP Jam tenant. The SAP Help documentation clearly outlines the steps and is a great place to start too.

Please note that as of today, SAP Work Zone is not yet in trial landscape.I have used a productive account to demonstrate some of these capabilities.

Configure trust between SAP BTP and Identity Authentication Service


Once you have the entitlement for SAP Work Zone, it should be visible in your cockpit.


SAP Work Zone requires the use of Identity Authentication service (IAS) and Identity Provisioning service (IPS). There are many components/services which are used seamlessly with SAP Work Zone and hence IAS & IPS plays a key role in ensuring the user/developer is able to access them without having to key in the password and also not worry about manually creating the user in all the components.

In the trust configuration, download the “SAML Metadata”. This is required to setup the trust with IAS in the next step.


 Navigate your IAS > Applications and create a new application. I have used the name “WZ SCP Account”.  In the Trust settings for this new applications, navigate toe “SAML 2.0 Configuration”


Upload the metadata file which you had downloaded earlier from BTP subaccount and save your changes.


In the SAML Assertion attributes, add a new attribute called “Groups”. Ensure that it starts with an uppercase.


Similarly, in the Default attributes section, add the Group attribute with the value “Workzone_User_Type_${type}”.

 


Please ensure that the SAP Work Zone users you create in IAS are of type "employee".

This completes the setup of the new application in IAS. Navigate to the User Groups menu and add the below Work Zone groups. Users will be assigned to the respective groups to control the level of access within Work Zone.

 


Assign the Workzone_Admin role to your user in the User Management.

The next task is to setup the trust on the BTP Cockpit side. To obtain the metadata file from IAS, navigate to Tenant Settings > SAMl 2.0 configurations to download the metadata file.


Switch to Trust Configuration in the BTP cockpit . Notice that by default it has the SAP ID service which will enable users to access the applications using S/P/I/C user IDs. Click on the “New Trust Configuration” button.

 


Upload the metadata file which you downloaded earlier from IAS. Provide a meaningful name and description and save your changes.

 


Its important to turn off the SAP ID service once you have configured trust with IAS and activated it. Use the Pencil icon to edit the settings.

 



Setup of Work Zone using Boosters


Boosters are one of the cool features of BTP which helps customers to get started with different use cases like Workflows, Mobile Cards, AI Business services etc. Good to see a booster also available for Work Zone. Look for it in the Global Account level.


Just follow up the prompts provided by the wizard. In this case, it asks the details of the subaccount which you have already prepared (using the above instructions)


The booster will automatically create the relevant artefacts like destinations, role collections etc and save us from manually performing those configurations.


At the end, you will get a popup with a success message. From here, you can navigate directly to the Work Zone application.


 

SAP Work Zone Configurator:


The configurations are not done yet. We still have few more things to do before we could use start using Work Zone.

Work Zone leverages SAP Jam for the collaboration aspects. As most of you might know, it has its own user management. Hence, we need to setup trust with IAS again and also configure IPS to provision users (from IAS to Work Zone)

When you try to access the Work Zone application from the previous step, it would take you to the Work Zone Configurator. It has the below URL Pattern

https://[subaccount_specific].dt.workzone.cfapps.sap.hana.ondemand.com/sites#Workzone-Config

There are few steps which have been automated here and many still need to be done manually. The SAP Help documentation was clear in most of the places.


Trigger the wizard by selecting the relevant options. In the “Set Up Environment”, you will need to copy paste the IdP trust token as shown below.

 


This can be obtained from the destination menu within the subaccount. Click on “Download Trust”. While copying the token, ignore the header and footer.


 

The next steps is to configure trust with IAS and setup IPS for provisioning users. Download the metadata which is provided here. Make a note of the SAP Jam URL and OAuth Client Key/Secrets.


Switch back to IAS > Applications and create a new application. I have given the name “SAP Jam”. Similar to the previous application configuration, navigate to the SAML 2.0 configuration in the Trust settings and import the metadata file which you downloaded in the previous step.

 


Set the Subject Name Identifier to User UUID as shown below.


Add the user attribute “Groups”

 


Set the default attribute Groups with the value Workzone_User_Type_${type}

 


We need to create a technical user to communicate between IAS and IPS.  Navigate to IAS > Administrators and create a user of type “System”. Provide a BASIC Authentication and make a note of the User ID and password.


 

Launch the IPS service to configure the Source and Target systems.

Remember the URL pattern to launch IPShttps://tenant_id.accounts400.ondemand.com/ips

In the Source Systems, create an entry for Identity Authentication. Populate the properties as provided in this Help page. I didn’t bother using any of the optional properties. When adding the properties for passwords – use the credential option.`


In the Target Systems, create an entry for "SAP Work Zone". Maintain the properties for this target system as per this onboarding Help page. After saving your Source and Target systems, its time up update the transformations within each of them. Refer to the same onboarding Help page to copy the snippets to source and target systems.


This completes the setup of IPS. To trigger to replication of users into Work Zone with their respective role assignments, trigger the job from the source system. Click on “Run Now” form the Read Job. You should be able to see in the job logs the users and groups read and written to Work Zone.


Before testing your access in Work Zone, ensure you add the SAP JAM URL in the trusted domain of IAS. This is enable Work Zone to embed SAP Jam contents (within iFrames/overlays)


You should be now able to login to Work Zone using the IAS credentials and explore the capabilities.


The Fiori Launchpad will also be available in the Applications menu.


For questions on SAP Work Zone, please raise them in the forums and use the tag "SAP Work Zone".`
12 Comments
Labels in this area