Skip to Content
Author's profile photo Murali Shanmugham

Implementing a user self-registration scenario using Workflow and Business rules in SAP Cloud Platform – Part 7


Part 1 – Overall Solution

Part 2 – Setting up Business Rules in SAP Cloud Platform

Part 3 – Modeling workflows in SAP Cloud Platform

Part 4 – Testing you workflow using monitoring tools

Part 5 – Triggering the workflow using a Start UI

Part 6 – Configuring trust between SAP Cloud Platform account and Identity Provider

Part 7 – Mapping user groups and roles in SAP Cloud Platform Portal


In the last blog of this series, I will show you how to perform groups/role mapping between SAP Cloud Platform and the Identity Provider (in this case Cloud Identity). I will also show you how to quickly create a Portal site with apps for specific vendors.

Navigate to the Portal service and click on “Configure Portal” link. Here, you can create Portal roles and groups. I have added two Portal roles – AccountsPayableA_Role and AccountsPayabaleB_Role.

I have also created SAP CP groups. If you are not sure how to do it, click on “Assign” button in the Groups table. In the popup, select the “New Group” option. I have created two groups AccountsPayabaleA_Group & AccountsPayabaleB_Group.

I have assigned the roles with the groups as shown above.

Navigate to SAP CP Trust setting and under “Application Identity Provider” select the IdP which has been configured earlier (In this case, its my Cloud Identity tenant)

In the Groups tab, map the SAP CP group with SAP Cloud Identity group as shown below. Once the external vendor authenticates themselves, their relevant IdP groups will be mapped to SAP CP groups and the relevant roles/apps will be assigned to the user in SAP CP.

I have created a Portal site to test this scenario. The site is simple, with just two Apps – one for each vendor – “Vendor A” and “Vendor B”. Also notice that the highlighted apps are offered as part of the workflow service and would be made available by default in all the portal sites.

I have created two catalogs and groups for each vendor. In the Roles configuration, I can view both the roles which were created for both the vendors

For each role, I have assigned the relevant catalog and group.

At the end, when vendors self-register and login to the Portal site, based on the organization they belong to, they will be shown only apps which are specifically created for their respective organization.

This concludes the blog series and I hope you enjoyed reading it.

Assigned Tags

      1 Comment
      You must be Logged on to comment or reply to a post.
      Author's profile photo Adam Hakim
      Adam Hakim

      Hi Murali,

      For some reason I was not able to get the results. I have followed the same steps.

      From your blog, there was no screen shot of the SC Identity provide group. Am not sure if in the mapping you used the group name or group display name. Either ways i tried with both and i am unable to see the apps show up.

      I created a new user which was successful. The User is successfully able to login to the portal home page as well. But the group which has the set of apps i want to be displayed the user didn't show up.

      Please let me know your comments