Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
Showing results for 
Search instead for 
Did you mean: 
Active Contributor

Part 1 – Overall Solution

Part 2 – Setting up Business Rules in SAP Cloud Platform

Part 3 – Modeling workflows in SAP Cloud Platform

Part 4 – Testing you workflow using monitoring tools

Part 5 – Triggering the workflow using a Start UI

Part 6 – Configuring trust between SAP Cloud Platform account and Identity Provider

Part 7 – Mapping user groups and roles in SAP Cloud Platform Portal


In the last blog of this series, I will show you how to perform groups/role mapping between SAP Cloud Platform and the Identity Provider (in this case Cloud Identity). I will also show you how to quickly create a Portal site with apps for specific vendors.

Navigate to the Portal service and click on “Configure Portal” link. Here, you can create Portal roles and groups. I have added two Portal roles – AccountsPayableA_Role and AccountsPayabaleB_Role.

I have also created SAP CP groups. If you are not sure how to do it, click on “Assign” button in the Groups table. In the popup, select the “New Group” option. I have created two groups AccountsPayabaleA_Group & AccountsPayabaleB_Group.

I have assigned the roles with the groups as shown above.

Navigate to SAP CP Trust setting and under “Application Identity Provider” select the IdP which has been configured earlier (In this case, its my Cloud Identity tenant)

In the Groups tab, map the SAP CP group with SAP Cloud Identity group as shown below. Once the external vendor authenticates themselves, their relevant IdP groups will be mapped to SAP CP groups and the relevant roles/apps will be assigned to the user in SAP CP.

I have created a Portal site to test this scenario. The site is simple, with just two Apps – one for each vendor – “Vendor A” and “Vendor B”. Also notice that the highlighted apps are offered as part of the workflow service and would be made available by default in all the portal sites.

I have created two catalogs and groups for each vendor. In the Roles configuration, I can view both the roles which were created for both the vendors

For each role, I have assigned the relevant catalog and group.

At the end, when vendors self-register and login to the Portal site, based on the organization they belong to, they will be shown only apps which are specifically created for their respective organization.

This concludes the blog series and I hope you enjoyed reading it.
1 Comment
Labels in this area