User Self Service in SAP NetWeaver Gateway
This blog introduces a new feature – User Self Service, from SAP NetWeaver Gateway. This mainly focuses on business to customers(B2C) scenarios using which SAP Business Suite B2C customers:
- can register themselves in the SAP Business suite systems.
- have an option to reset their password in case they forget it.
- can manage their profile
- Change profile data
- Change password
For example, if a company is using SAP’s Business Suite solution, they can enable their business consumers to register themselves in the SAP Business suite system by providing them with an application based on User Self Service.
So are you wondering how to start? How do I use the OData services provided to start using this feature? What are the steps? Can I customize or extend the features to my requirements?
Everything you need to know is below! I will be talking about customizations more while explaining the process.
Self Registration Process
- /IWBEP/USERREQUESTMANAGEMENT – to register a user, activate a user and reset credential. You also have an option to extend the UserRequest entity in this service to suit their requirements.
- /IWBEP/USERMANAGEMENT – to access user’s profile, change profile data and change the password.
Note: Please activate the above two services in your Gateway hub system.
Before we get started, let’s have a quick look at the complete picture of the functionality in brief. An anonymous user can create his user in the SAP system by following the below mentioned two step process:
Step 1: Register your username
UI: The first UI may look like as shown below where in it provides option for users to register themselves. It also shows another view where users can login and view their profile.
- Customization 1*: You need to provide the UserCategory as you must have earlier maintained, in the IMG activity – Maintain User Category. User category is mapped to a reference user which will be used to create your user. The reference user has to be created with proper authorizations and profiles based on your requirements. Multiple user categories can be maintained and used while creating users as per the customers’ requirements. Please check IMG documentation for more information.
The HTTP POST to create a User Request can be done as shown below:
- Customization 2* : To receive the notification email, you need to maintain the application URL in the IMG Maintain URL for User Account Activation as mentioned in the IMG Activities. This URL should take the user to the application page(Figure 3) where he can provide password and can proceed with next step – Activate your User.
- Customization 3 : The email notification is the default implementation provided by SAP. You can define your own notification process. in the IMG Define Notification Process for User Request Management as mentioned in the IMG Activities.
- Customization 4 : In case you want to use the standard notification agent to send email notifications but customize the content of the email, the same can be in the IMG Define Notification Process for User Request Management as mentioned in the IMG Activities. Please check the IMG documentation for more information.
Step 2: Activate your user
UI: The below image is the activation UI which appears when you click on the activation URL received in the email. Here the end users need to just enter the password and click activate. The UI also shows a navigation back to the login page where end users can view their profile after successfully activating their user:
- Customization 5 [Optional but IMPORTANT] : Users have an option to implement their own User Management flow – create users, manage users, reset password and check user existence in a totally different user management system. By default SAP provides an implementation to manage users using the user and role administration functions of SAP NetWeaver AS ABAP. The relevant IMG is Implement User Management – IMG Activities.
- Customization 6* : You need to maintain an RFC destination for a non co-deployed scenario. This enables the user replication on the SAP NetWeaver Gateway hub system. This is not required if IW_BEP and IW_FND component are in the same system i.e. a co-deployed scenario. The relevant IMG node is – Maintain RFC Destination for User Replication – IMG Activities. Please check the IMG documentation for more information.
- Customization 7 : You can also define a handler for User Management notification which is executed after the user is created in the system. For example if you would like to notify the person (who has implemented the BAdI) about the user creation or applications can use this information to perform application specific logic like replication of user along with Business partner data into SAP Business Suite system. The relevant IMG node is – Define Handler for User Management Notification – IMG Activities. Please check the IMG documentation for more information.
The HTTP PUT request can be done as shown below:
——- ( updated )———-
- If the user only remembers his/her user name: A function import(service operation) named ResetUserCredential with method POST needs to be executed with the UserName as an input parameter.
- If the user only remembers his/her email ID: A function import(service operation) named ResetUserCredentialUsingEmail with method POST needs to be executed with the UserEmailID as an input parameter.
The function import can be executed as show below:
A new auto generated password and an activation link will be sent to the user in both the above mentioned cases, to the same e-mail id which was used to create the user. The activation link this time should have a parameter type=1 which signifies it’s a link to reset the credential. The auto generated password can be enabled by the user only upon clicking the activation link.
You need to execute a PUT request on the entity i.e. UserRequestActivationRequestCollection with key as RequestID. The request body while executing PUT in this case has only one property ActivationKey. RequestID and ActivationKey is present in the email link that you received earlier.
Now the user can use the same password for the next login.