In this blog post you are going to learn step-by-step process with the help of screenshots on how to integrate SAP Analytics Cloud with SAP Cloud Identity Access Governance. For successful integration, you would need administrator access in SAP Analytics Cloud, SAP Identity Provisioning Service(SAP IPS), SAP Bussiness Technology Platform Cloud Foundry(SAP BTP CF) and SAP Identity Authentication Service(IAS).
Step 1: Login into BTP IAG subaccount to create
IPS_PROXY destination. You would need subaccount adminstrator role assigned to your ID against "Default Identity Provider"
IPS_PROXY
Note:
- Make sure name(IPS_PROXY) of this destination should be exactly same including case as well
- Insert IAS-IPS bundled link without "/" or "/ips" in suffix
Step 2: Create user in SAP Analytics Cloud with wide privileges
SAP Analytics Cloud
- Purpose should be selected with value Interactive Usage and API Access
- For Access, value "User Provisioning" must be selected. It is required from SAP Cloud Identity Access Governance to perform provisioning.
Step 3: Create Proxy System in SAP Identity Provisioning Service for SAP Analytics Cloud using
guide
Proxy System in IPS
- Note down Alphanumeric System ID from URL which is required in later steps to configure in SAP Cloud Identity Access Governance(IAG). For eg., it will look like a5af23cb-996b-4249-b52a-385fe50576ab
- Update Read and Write Tarnsformations from Step 5 provided in SAP Help Guide
- Properties Name and Value should be fetched from SAP Help Guide. It is case sensitive and should not have any space in prefix/suffix of the text
- Value of OAuth2TokenServiceURL must be fetched from screen in Step 2 against field Token URL
- Value of URL should be in format https://<tenant>.hcs.cloud.sap
- Value of User must be fetched from screen in Step 2 against field OAuth Client ID and must be of type Standard
- Value of Password must be fetched from screen in Step 2 against field Secret under Security by pressing button Show secret and must be of ty pe Credential
Step 4: Create
Application from
Applications tile for SAP Analytics Cloud in SAP Cloud Identity Access Governance(SAP IAG)
SAP Analytics Cloud in IAG
- Value(for eg., a5af23cb-996b-4249-b52a-385fe50576ab) in External Application ID will be Alphanumeric System ID fetched from URL in Step 3
- HCP Destination will be auto-populated once external application id is filled
Step 5: Run Repository Object Sync job for SAP Analytics Cloud(SAC) system using
Job Scheduler tile
Schedule Repository Sync
Repository Sync from SAP Analytics Cloud(SAC) to SAP Cloud Identity Access Governance(IAG)
As per the design, Repository Sync saves the Teams from SAP Analytics Cloud(SAC) but not the roles to SAP Cloud Identity Access Governance(IAG)
After following above steps, you would be able to sync teams from SAP Analytics Cloud and perform provisioning to SAP Analytics Cloud from SAP Cloud Identity Access Governance. Also, you can perform risk analysis on SAP Analytics Cloud to identify potential risks.
References
Please check the below documentation from
Administration Guide for more information:
Please check below articles which will help in further integration of SAP Analytics Cloud with SAP Cloud Identity Access Governance:
Note: Please share your feedback or thoughts in a comment below or ask questions in the Q&A tag area here about
SAP Cloud Identity Access Governance