Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Third-Party Cookies and SAP Analytics Cloud

paul_brownsey
Product and Topic Expert
Product and Topic Expert
2 weeks ago

As communicated in a previous blog, Google Chrome is restricting third-party cookies by default for 1% of users of unmanaged browsers as of January 4th, 2024. Since then, Microsoft has announced similar plans for Microsoft Edge. Most recently, Google has delayed its plans to further roll out this change, and so ramp up beyond 1% of users is not expected to begin until early 2025.

This deprecation of third-party cookies impacts workflows in SAP Analytics Cloud where cookies are used in a third-party context. However, working in collaboration with Google, SAP has registered for a temporary exemption for SAP Analytics Cloud that will apply until December 27th, 2024, for most cases where users of unmanaged browsers find themselves in the 1% (for details, see below). SAP is also working to adapt SAP Analytics Cloud workflows to provide a long-term solution before the end of 2024.

This document aims to provide the most up-to-date information about which workflows will be affected, for which users, and what you can do to resolve any problems. 

How SAP Analytics Cloud Users Are Affected

When a user’s web browser blocks third-party cookies, they will see errors when performing the following actions in SAP Analytics Cloud. This list has been updated since the previous blog post:

  • Accessing a “direct” live data connection to a remote data source (SAP BPC, SAP BW, SAP HANA, SAP Integrated Business Planning, SAP S/4HANA, or SAP Universe or WebI Document) *
  • Accessing a live data connection to SAP Datasphere
  • Accessing a live data connection to an SAP Cloud Application (SAP SuccessFactors or SAP Sustainability Control Tower)
  • Logging in to SAP Analytics Cloud embedded in an iframe on another web site
  • Logging in from a web browser to SAP Analytics Cloud, add-in for Microsoft Office
  • Viewing stories or analytic applications that have custom web content embedded into them (if that custom web content relies on cookies):
    • Embedded web pages
    • Custom Web Fonts
    • Custom widgets

* Note: Only live data connections whose Connection Type is Direct require third-party cookies. Live data connections whose Connection Type is Tunnel, Path, SAP BTP, SAP HANA Cloud, or SAP S/4HANA Cloud are not affected.

Which Users Will Be Affected, And When

Chrome versions 123 and later

Working in collaboration with Google, SAP has registered for a temporary exemption for SAP Analytics Cloud, so that third-party cookies will continue to work in Chrome versions 123 and later until December 27th, 2024. If users directly access your SAP Analytics Cloud tenant by its standard URL, then they are covered by this exemption. Here, “standard URL” means a tenant URL that is on one of the following domains:

  • sapanalytics.cloud 
  • cloud.sap
  • sapanalyticscloud.cn
  • sapcloud.cn
  • sapbusinessobjects.cloud
  • ondemand.com

If users access your SAP Analytics Cloud tenant on a domain that is owned by your company—for example, if they access SAP Analytics Cloud embedded into an on-premises Fiori launchpad or another web site managed by your company—then they will not be covered by this exemption. In such cases, users may be affected by Chrome’s 1% rollout if they are using unmanaged web browsers. Users who find themselves affected by the 1% rollout can configure their web browsers as outlined in Google’s Guidance for end-users accessing enterprise applications through an unmanaged Chrome instance.

Chrome Enterprise

Chrome Enterprise users are expected to be unaffected by the 1% third-party cookie deprecation. For the few that may be affected, enterprise administrators can configure web browser policies to allow their managed browsers to continue to access third-party cookies. For details, see Chrome Enterprise third-party cookie policies.

Google has not yet made it clear whether Chrome Enterprise users will be affected by the 100% rollout starting early 2025.

Unmanaged Chrome versions 121 and 122

1% of users running unmanaged Chrome versions 121 and 122 are affected by the change in Chrome. To allow third-party cookies for SAP Analytics Cloud, affected users will need to upgrade to Chrome 123 or later, or configure their web browsers as outlined in Google’s Guidance for end-users accessing enterprise applications through an unmanaged Chrome instance.

Unmanaged Chrome versions 120 and earlier

Users with Chrome versions 120 or earlier are not affected by the change in Chrome.

Microsoft Edge

Microsoft has not yet provided specific dates for when their 1% deprecation will begin, but they have stated that Microsoft Edge on managed devices will not be impacted.

Direct Live Data Connections

The long-term solution for direct live data connectivity to customer-managed remote data sources (SAP BPC, SAP BW, SAP HANA, SAP Integrated Business Planning, or SAP S/4HANA) is under active development by the SAP Analytics Cloud team. This solution is expected to involve customers making a configuration change to their remote data sources, by deploying new HTML content and configuring certain HTTP headers, similar to the steps that are already necessary when first configuring SSO for the remote data source. The current plan is to release documentation detailing the necessary changes in Q3, so that customers can plan and deploy the changes before Google ramps up to 100% of users in 2025.

For direct live data connections to SAP Universe or WebI documents, the necessary configuration changes are currently expected to be delivered in an updated version of the SAP BusinessObjects Live Data Connect component.

Embedded Web Pages and Web Fonts

SAP Analytics Cloud enables your content designers to insert web pages into their stories, and to use custom web fonts (configured in System > Administration > Default Appearance > Story > Fonts). If this embedded web content requires access to third-party cookies, then it might not load or function correctly when those cookies are blocked.

Going forward, consider adapting the embedded web content so that it no longer requires access to third-party cookies:

  • If the embedded web content needs to set and retrieve its own cookies, then consider partitioning those cookies using Cookies Having Independent Partitioned State (CHIPS).
  • If, in order to load, the embedded web content expects to have third-party access to already-set first-party cookies (for example, a session cookie), then consider using the Storage Access API to prompt the user for access.

For more details on CHIPS, Storage Access API, and related solutions, see Migrate to privacy preserving solutions.

If the embedded web page launches any popups to the user, then be aware also of Chrome’s bounce tracking mitigations which come into effect when third-party cookies are blocked. See Bounce tracking mitigations.

Custom Widgets

If your Custom Widget uses third-party cookies in cross-site contexts (such as Ajax data requests or loading web pages in iframes cross-site), you need to optimize your Custom Widget to avoid continuing the use of third-party cookies.

Cookies marked for third-party usage can be identified by their SameSite=None value. If you are using such cookies, you may need to check your Custom Widget code to determine whether these cookies are accessed as first-party cookies or third-party.

For more detailed information, please refer to https://developers.google.com/privacy-sandbox/3pcd.

Labels in this area
Popular Blog Posts