Backoffice Associates is an S/4HANA Cloud Lighthouse Partner which has succesfully implemented S/4HANA Cloud 1702 (now upgraded to 1711).
My colleague Guillem Oña wrote 3 blogs to expose the Key to a successful implementation of S/4HANA Cloud. I highly recommend to take a look at these blogs in order to get an idea about Activate Methodology, tools, approaches and cloud mindset.
In this serie of 3 blogs I will cover the following technical topics in order to give you a complete insight into a full and succesfull S/4HANA Cloud Implementation:
- Blog 1: S/4HANA Cloud – System Setup
- Blog 2: S/4HANA Cloud – In-App Extensibility
- Blog 3: S/4HANA Cloud – Side-by-Side Extensibility
Let’s start! 🙂
From a System Lifecycle point of view, different systems are used to ensure a successful implementation of S/4HANA Cloud.
- Starter system
In addition to these three systems, the landscape is complemented by:
- SAP Cloud Identity for the Sarter System and Q-system
- SAP Cloud Identity for the P-system
- SAP Cloud Platform for Side-by-Side Extensibility and Custom Development
Signing a Contract
An IT contact or a Technical Administrator should be named in the contract. This person will be the Owner of the systems.
Tip: Ensure while signing the contract that the IT contact is the right person. Changing this person further requires opening a ticket to SAP and waiting for 2 or 3 days.
Once the Contract is signed, SAP delivers 3 separate emails with the all necessary information to set up your system.
Starter system URL and Initial User
The first email contains the Initial User and access information to the starter system. This 20-char user is a Technical Administrator which allows you to create the Business users with the Administrator Role. It’s is not supposed to be used further. But it’s good to keep it safe.
Tip: You should use the system URL with the parameter saml2=disabled since no Identity Provider has been set at this moment.
The second email, for security sent separately, contains the Initial password which you can reset and make it suitable for humans 🙂
SAP Cloud Identity and User Onboarding Guide
The third email comes with the access infromation to the SAP Cloud Identity system (SCI). Again the IT person specified in the Contract will be the owner of this system.
SAP attaches with this email an Onboarding Guide to setup the Starter system and the SAP Cloud Identity.
The Onboarding Process guides you to create and maintain Employees and Business roles in the Starter System and import the associated Business Users into the SCI (SAP Cloud Identity).
Creating Employees and Business Users
- First you Log-on as a Technical Admin (The user and password provided by SAP). This user, as mentioned before, is meant only for temporary use in order to create the Administrator Employee and its Business user which will create the other Employees and Users.
- Navigate to Import Employees app and Download the Employee and Employment Data templates.
- Fill the data in the templates. Please note:
- Fields Marked with an asterisk are mandatory
- E-mail address is needed for the user registration in SCI
- The field EmployeeID represents the employee
- The field UserName represents the business user
- EmployeeID and UserName must be identical
- In the Starter System, CompanyCode is 1010 for DE and 1710 for US. For Q and P systems it should be the one you handed over to SAP.
- When uploaded, the system triggers an asynchronous import and create the employee data, synchronize the business Partner, and create the Business Users. Check if there is any error logs.
Creating the Administrator Business Role
- Navigate to Maintain Business Roles app and create the Administrator Business Role from the Template
- Check if the Administrator role has assigned the Business Catalog Employee – HR Data. If not assign it. Save and Activate.
- Go to Maintain Business Users app and assign the Administrator Role to the Administrator User previously imported.
- Download the user list as a CSV file. You will need to configure their access in SCI.
SAP Cloud Platform Identity Authentication service is a cloud solution for identity lifecycle management for SAP Cloud Platform applications, and optionally for on-premise applications.
It provides services for authentication, single sign-on, and on-premise integration as well as self-services such as registration or password reset for employees, customer partners, and consumers.
For administrators, Identity Authentication provides features for user lifecycle management and application configurations.
Please note that SAP delivers an SCI tenant for the Starter System and Q-system and a separate tenant for the P-System. SCI configuration should be updated once the q-system is delivered.
The URL looks like https://xxxxxxxxx.accounts.ondemand.com/admin where you can navigate to different sections to manage Users & Authorizations, Applications & Resources and Identity Providers.
Tip: The SCI is key to configure the trust between SAP Cloud Platform and your S/4HANA Cloud system in the Side-by-Side Extensibility scenario.
In Applications you can set up the SAML 2.0 configuration and the Assertion Consumer Service Endpoint which will point to your S/4HANA Cloud tenant.
Tip: The Co-Pilot functionality is also configured in SCI as an application with a different end-point configuration.
In the previous section you exported the users list in a CSV file and now you need to go to Import Users and import.
Once imported you can send emails to the users with a link to set up their passwords.
You can always reset the password for a specific user and send the authentication information email in the User Management Section.
For more Information about SCI refer to SAP documentation.
Now your S/4HANA Cloud system is set up and ready for users to Log-In! You can create Custom Roles, assign Catalogs and users to them and configure your launchpad. (Not covered in this serie of Blogs)
In the second and third Blogs I will expose how the S/4HANA Cloud Extensibility works and showcase examples and apps to demonstarte its potential.
See you soon ;)!