This blog is part of a series which is related to setting up Cloud Identity to authenticate Cloud Portal in different scenarios.
| Setting up Authentication for Cloud Portal using Cloud Identity |
|
Part 1 – Setting up SCI as IdP for a vendor facing Cloud Portal Part 2 – Using Social Identity Providers to access Cloud Portal Part 3 – Setup Self-registration form Part 4 – Manage Cloud Portal Catalogs and roles |
In the previous blogs, we had a look at how to use Social Media login to gain access to SAP applications using SCI. In this blog, I am going to show how you can manage and assign Portal roles based on the way in which the user profiles are created in SCI. The Cloud Portal (based on Fiori Launchpad) has catalogs and groups which contain the applications. These applications are shown as tiles to the user. Based on the user logging into the Portal, relevant tiles will be displayed to them via the corresponding catalogs/groups. I am going to take an example of two roles – Employee and Manager.
Create a Portal Site
The first step is to create new Portal site using the Portal Service.
Provide a name as Self-Service and select the template “SAP Fiori Launchpad”
From the menu, select “Catalog” and create two catalogs – one for Employee and another for Manager.
Ignore the warning message against both the catalogs.
Similarly, create two groups – Employee Group and Manager Group
Create a sample App for each of the roles. Navigate to Apps menu and create a simple URL based App as shown below.
Notice that this App is assigned to the “Employee Catalog” and “Employee Group” which were created earlier.
Similarly, create another App called “Manager App” and assign it to Catalog “Manager Catalog” and group “Manager Group”.
Create HCP Roles and Assign to users
Now, we need two roles to be defined for Employee and Manager and these roles needs to be assigned to the respective catalogs and Groups. Navigate to the “Configure SAP HANA Cloud Portal” section in the HCP cockpit
Add two new roles – Employee and Manager and assign them to the respective users as shown below
I have created two test users – One for Employee and the other for Manager in SCI. Notice that I have assigned SCI User P000030 with the HCP employee role
Assign these HCP roles to the respective catalogs and groups as shown below
Make sure you assign the Manager role to the Manager Group.
With this we are done with the role assignments and we can test this. Publish the site from Site settings. Clear the browser cache and try to login with the User ID created to test Employee role. You will be challenged with a SCI login screen. Provide the user ID credentials for the Employee user.
You will be presented with the Tiles relevant for employee roles. Notice the corresponding SCI User ID – P000030 (which represents the employee user)
Logoff and login again using the user assigned to manage role.
In the next blog, we will see how to use SCI to map these user roles.