Skip to Content
Product Information
Author's profile photo Meghna Shishodiya

Creating a Technical User for Cloud Platform Integration

Moderator’s note:

“SAP strongly recommends to not use P-users in any productive integration scenarios. Instead we recommend using client certificate or Oauth authentication for such scenarios.”

 

Purpose of a technical user: Many times, you have several people working in the integration work space, but not all have an individual S-user assigned to them. Also sometimes, during an error, we need several parties to look at the problem and it is immensely cumbersome to assign access to each user on a need basis. There are cases, where you had to share your user password due to time constraints.

All the above problems can be addressed with the help of a technical user. A technical user is a generic user who you can assign the required roles and share with all the intended parties.

Steps to create a technical user:

A technical user is an SAP P-user that can be created as follows:

  1. Go to blogs.sap.com in an incognito mode so you do not get logged in automatically. Click on Log On. Choose Register in the pop-up window:
  2. Enter all the required information on the register screen. The activation link shall be sent to the email address provided by you on this screen, so enter a valid email address:
  3. You will receive the following email for activating the new user:
  4. Click on the activation link – once activated, your registration is complete. You shall be directed to the following page:
  5. Click on Go to Account Settings to get your user details:
  6. Now go to your SAP Cloud Platform Accounts cockpit, choose the sub-account of your Cloud Platform Integration tenant and click on Members:
  7. Add the P-user that you picked in step 5, assign all the required roles and add a relevant description for future reference:
  8. The user is successfully added to your Cloud Platform’s sub-account:
  9. Go to Security –> Authorizations –> Users. Enter the P-user you just added and click on Assign. Now choose all the roles you want to assign to this technical user:
  10. The technical user is ready to use.

Assigned tags

      19 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Thomas Berger
      Thomas Berger

      Hello, thanks for the documentation - but this P-User must change the password every 90 days -  for a technical user this is not practicable?!

      bg Thomas

      Author's profile photo Adrian Torres
      Adrian Torres

      Hi Thomas,

      It seems to me you are talking about a Service User, and this blog is about a technical user.

      Kind regards.

       

       

      Author's profile photo Ching Hong Chong
      Ching Hong Chong

      Hi, would like to check whether the P-user ID password expire? If yes, can we disable this? thanks

      Author's profile photo Zlatan Cehajic
      Zlatan Cehajic

      HI, on SAP Cloud trial account there is no 'member' tab ? Am I right ? Or could you please guide to me ?

      Author's profile photo France Masemo
      France Masemo

      Hi. I have been looking for that option too. First, I need to find where's SAP Cloud Platform Accounts cockpit located. Help!

      Author's profile photo Mounica Narava
      Mounica Narava

      Hi, On SAP Cloud trail account, I am not able to find the member tab. Can someone here please help me?

      Author's profile photo Manoj K
      Manoj K

      I don't think Members tab is available for trail account , i did cross check with my licensed tenant and i can see the same tab there.

      Author's profile photo Mounica Narava
      Mounica Narava

      Thank you so much Manoj for the information.

      Author's profile photo Ella Maria
      Ella Maria

      Thank you for sharing this data. Really increase in value the way you have describe everything in this article. Keep up the decent work

      Author's profile photo Philip Michels
      Philip Michels

      This did not work in our testing for a person that already has an S-User tied to the e-mail address.  We wanted to create and use a P-User as a technical user, but when we try to follow your steps for a person that already has an S-User, when we fill out the form we get an error that the e-mail address is already tied to another account.  How can you get a P-User for technical usage when you already have a S-User?

      Author's profile photo Jens Schwendemann
      Jens Schwendemann

      Not possible. Need a new (previously unused) email address for that. We circumvented using aliases so one common email address, say sap-it@example.com is main and sap-it-cpi-user1@example.com is alias.

      Better still to use certificates or own identity service, if applicable, see https://blogs.sap.com/2019/08/09/technical-user-cpi-with-custom-ias/

      Author's profile photo Devendra Patil
      Devendra Patil

      Hi,

      I am not getting SAP Cloud Platform Accounts cockpit. Tab Could you please help me in this

      Thanks,

      Author's profile photo Pablo Lopez
      Pablo Lopez

      Hi,

      I was able to send messages to my CPI instance, even without registering the user as a member or as part of the Users under BTP Cockpit. I simply registered a user under the SAP Identity Service as suggested in this blog.

      Does everyone else get the same? Seems to be a big security risk.

      Thanks.

      Author's profile photo Axel Albrecht
      Axel Albrecht

      Hi Pablo,

      without the esb.messaging role you should not be able to execute any integration scenario. So without any role assignment I doubt that your calls are successful. If they are, kindly open a ticket.

      thx,
      Axel

      Author's profile photo Pablo Lopez
      Pablo Lopez

      Hi,

      I've tried this a few times. Deleting the user from BTP and sending a request with the that user. I also tried this with an Identity User that was never registered in my BTP. In both cases the requests are reaching the tenant.

      Regards.

      Author's profile photo Joachim Herud
      Joachim Herud

      We have implemented an CPI integration scenario in 2019 with a P-User in our HR-System. Now we can't find the password, furthermore we don't find any traces from the P-User in the CPI administration console.
      Where can we find the P-User in the cloud and do changes?
      How do we get the password?

      Thanks

      Joachim

      Author's profile photo Axel Albrecht
      Axel Albrecht

      Hi Joachim,

      try opening a ticket on the SAP ID service. Or write a mail from the mail account that you were using for that p-user to sso @ sap.com.

      regards,
      Axel

      Author's profile photo Philomena steffy
      Philomena steffy

      Hi All,

      Under Security I cannot see OAuth option,

      Author's profile photo Axel Albrecht
      Axel Albrecht

      The screenshots are a bit outdated...