Product Information
Creating a Technical User for Cloud Platform Integration
Moderator’s note:
“SAP strongly recommends to not use P-users in any productive integration scenarios. Instead we recommend using client certificate or Oauth authentication for such scenarios.”
Purpose of a technical user: Many times, you have several people working in the integration work space, but not all have an individual S-user assigned to them. Also sometimes, during an error, we need several parties to look at the problem and it is immensely cumbersome to assign access to each user on a need basis. There are cases, where you had to share your user password due to time constraints.
All the above problems can be addressed with the help of a technical user. A technical user is a generic user who you can assign the required roles and share with all the intended parties.
Steps to create a technical user:
A technical user is an SAP P-user that can be created as follows:
- Go to blogs.sap.com in an incognito mode so you do not get logged in automatically. Click on Log On. Choose Register in the pop-up window:
- Enter all the required information on the register screen. The activation link shall be sent to the email address provided by you on this screen, so enter a valid email address:
- You will receive the following email for activating the new user:
- Click on the activation link – once activated, your registration is complete. You shall be directed to the following page:
- Click on Go to Account Settings to get your user details:
- Now go to your SAP Cloud Platform Accounts cockpit, choose the sub-account of your Cloud Platform Integration tenant and click on Members:
- Add the P-user that you picked in step 5, assign all the required roles and add a relevant description for future reference:
- The user is successfully added to your Cloud Platform’s sub-account:
- Go to Security –> Authorizations –> Users. Enter the P-user you just added and click on Assign. Now choose all the roles you want to assign to this technical user:
- The technical user is ready to use.
Hello, thanks for the documentation - but this P-User must change the password every 90 days - for a technical user this is not practicable?!
bg Thomas
Hi Thomas,
It seems to me you are talking about a Service User, and this blog is about a technical user.
Kind regards.
Hi, would like to check whether the P-user ID password expire? If yes, can we disable this? thanks
HI, on SAP Cloud trial account there is no 'member' tab ? Am I right ? Or could you please guide to me ?
Hi. I have been looking for that option too. First, I need to find where's SAP Cloud Platform Accounts cockpit located. Help!
Hi, On SAP Cloud trail account, I am not able to find the member tab. Can someone here please help me?
I don't think Members tab is available for trail account , i did cross check with my licensed tenant and i can see the same tab there.
Thank you so much Manoj for the information.
Thank you for sharing this data. Really increase in value the way you have describe everything in this article. Keep up the decent work
This did not work in our testing for a person that already has an S-User tied to the e-mail address. We wanted to create and use a P-User as a technical user, but when we try to follow your steps for a person that already has an S-User, when we fill out the form we get an error that the e-mail address is already tied to another account. How can you get a P-User for technical usage when you already have a S-User?
Not possible. Need a new (previously unused) email address for that. We circumvented using aliases so one common email address, say sap-it@example.com is main and sap-it-cpi-user1@example.com is alias.
Better still to use certificates or own identity service, if applicable, see https://blogs.sap.com/2019/08/09/technical-user-cpi-with-custom-ias/
Hi,
I am not getting SAP Cloud Platform Accounts cockpit. Tab Could you please help me in this
Thanks,
Hi,
I was able to send messages to my CPI instance, even without registering the user as a member or as part of the Users under BTP Cockpit. I simply registered a user under the SAP Identity Service as suggested in this blog.
Does everyone else get the same? Seems to be a big security risk.
Thanks.
Hi Pablo,
without the esb.messaging role you should not be able to execute any integration scenario. So without any role assignment I doubt that your calls are successful. If they are, kindly open a ticket.
thx,
Axel
Hi,
I've tried this a few times. Deleting the user from BTP and sending a request with the that user. I also tried this with an Identity User that was never registered in my BTP. In both cases the requests are reaching the tenant.
Regards.
We have implemented an CPI integration scenario in 2019 with a P-User in our HR-System. Now we can't find the password, furthermore we don't find any traces from the P-User in the CPI administration console.
Where can we find the P-User in the cloud and do changes?
How do we get the password?
Thanks
Joachim
Hi Joachim,
try opening a ticket on the SAP ID service. Or write a mail from the mail account that you were using for that p-user to sso @ sap.com.
regards,
Axel
Hi All,
Under Security I cannot see OAuth option,
The screenshots are a bit outdated...