This blog post will explain how to use the SAP Identity Provisioning Service (IPS) to automatically provision users from SAP Marketing Cloud (SMC) Standard, Professional and Enterprise Edition to SAP Identity Authentication Service (IAS). You can also automatically provision users from SMC to SAP Analytics Cloud (SAC) as explained in this blog post.
The following steps show the setup in an SMC 1908 system with screenshots. You find the official documentation here. The setup is done automatically for newly provisioned systems as of 2002.
The following steps show the setup in an IPS system 2019 with screenshots. You find the official documentation here. If you are missing the IPS, create a support ticket to component BC-IAM-IPS (Identity Provisioning). Explain that you have purchased an SAP Marketing Cloud Standard, Professional or Enterprise Edition and you require Identity Provisioning tenants.
The following steps show the setup in an IPS system 2019 with screenshots. You find the official documentation here. The setup is done automatically for newly provisioned systems as of 2002.
By default users are provisioned to IAS as corporate user store users. If you do not have a corporate user store and you want your users to logon with password and be redirected from the password activation page to your SMC system instead of the IAS profile page, you have to delete the following code from the IPS transformation:
Moreover, you must add the following code to your transformation:
After the following coding:
Moreover, you need to change the constant for target path sendEmail from false to true in this coding part:
To start the user provisioning from SAP Marketing Cloud to SAP Identity Authentication Service you now need to setup a job for your source system as described here.
When you have setup the job, you can start creating business users in SMC. The users will be provisioned to IAS when your job is executed, and new business users will get an email notification about their activated user.
Setup in SAP Marketing Cloud
The following steps show the setup in an SMC 1908 system with screenshots. You find the official documentation here. The setup is done automatically for newly provisioned systems as of 2002.
- Logon to your SMC system with a user that has access to the communication management business catalog. Open the tile “Communication Arrangements”.
- Create a new communication arrangement. In the popup select Scenario SAP_COM_0193 for SAP Cloud Platform Identity Provisioning Integration and define an own arrangement name:
- Create a new Communication system. On the popup that occurs you can freely define a system ID, e.g. IPS_SYSTEM, and a system name.
- Enter the host name of your IPS services as host name. Afterwards press the + button on the Users for Inbound Communication section:
- On the upcoming popup choose New User. Enter IPS_USER as User Name and choose a description as well as a password. You can let the system propose a password. In this case keep the password for later configuration. Save the new user and accept the popup from before. Your new user is now shown in the Users for Inbound Communication section.
Setup SMC in IPS
The following steps show the setup in an IPS system 2019 with screenshots. You find the official documentation here. If you are missing the IPS, create a support ticket to component BC-IAM-IPS (Identity Provisioning). Explain that you have purchased an SAP Marketing Cloud Standard, Professional or Enterprise Edition and you require Identity Provisioning tenants.
- Logon to your IPS system. Open the tile “Source Systems”.
- Create a new source system. Save the following coding as json file and upload the file under Define from File. In the coding you will have to exchange <<SMC Host Name>> with your SAP Marketing Cloud Host Name. If you have named the communication user not IPS_USER in your SMC system, you also must exchange the user name.
{
"connectorType": "MARKETING_CLOUD",
"accessMode": "READ",
"name": "SAP Marketing Cloud",
"state": "ENABLED",
"properties": {
"Type": "HTTP",
"User": "IPS_USER",
"Authentication": "BasicAuthentication",
"ips.date.variable.format": "yyyy-MM-dd",
"marketing.cloud.skip.read.archived": "true",
"ProxyType": "Internet",
"ips.trace.failed.entity.content": "false",
"URL": "https://<<SMC Host Name>>-api.s4hana.ondemand.com"
},
"encryptedProperties": {
"Password": null
}
}
After the upload the Properties Tab shows a red mark:
Switch to the properties tab and enter the password for the user IPS_USER which you have defined in the SMC system.
- Save your system.
Setup in SAP Identity Authentication Service
- Follow the steps in the SAP IAS documentation regarding adding a system as administrator. Choose Set Password as authentication method and keep the password you maintain for later configuration. When you save your system, you see the internal system user name next to the Set Password Authentication. Keep this user name also for later configuration:
- If you want to inform your users automatically via email that their user was activated in IAS system and that they can now logon to the application to setup a password, you need to set your SMC system as trusted domain as explained here. You can skip this, if you enabled your IAS system to use another logon mechanism like Kerberos Authentication.
Setup IAS in IPS
The following steps show the setup in an IPS system 2019 with screenshots. You find the official documentation here. The setup is done automatically for newly provisioned systems as of 2002.
- Logon to your IPS system. Open the tile “Target Systems”.
- Create a new target system. Save the following coding as json file and upload the file under Define from File. In the coding you will have to exchange <<IAS Host Name>> with your SAP Identity Authentication Service Host Name.
{
"connectorType": "SAP_CLOUD_IDENTITY",
"accessMode": "WRITE",
"relatedSystems": [
"SAP Marketing Cloud"
],
"name": "SAP Identity Authentication Service",
"state": "ENABLED",
"properties": {
"Type": "HTTP",
"User": null,
"Authentication": "BasicAuthentication",
"ProxyType": "Internet",
"ips.trace.failed.entity.content": "true",
"URL": "<<IAS Host Name>>"
},
"encryptedProperties": {
"Password": null
}
}
After the upload the Properties Tab shows a red mark:
Switch to the properties tab and enter the system user name for the IPS from your IAS system and the password which you have defined in the IAS system for IPS.
Save your system.
Change User Provisioning to Password Logon in IAS
By default users are provisioned to IAS as corporate user store users. If you do not have a corporate user store and you want your users to logon with password and be redirected from the password activation page to your SMC system instead of the IAS profile page, you have to delete the following code from the IPS transformation:
{ "constant": "39",
"targetPath": "$.sourceSystem",
"scope": "createEntity"
}Moreover, you must add the following code to your transformation:
{
"constant": "https://<<SMC Host Name>>.s4hana.ondemand.com",
"targetPath": "$.targetUrl",
"scope": "createEntity"
}
After the following coding:
{
"sourcePath": "$.timezone",
"optional": true,
"targetPath": "$.timeZone"
}
Moreover, you need to change the constant for target path sendEmail from false to true in this coding part:
{
"constant": "true",
"targetPath": "$.sendMail",
"scope": "createEntity"
}
Setup Job for User Provisioning
To start the user provisioning from SAP Marketing Cloud to SAP Identity Authentication Service you now need to setup a job for your source system as described here.
When you have setup the job, you can start creating business users in SMC. The users will be provisioned to IAS when your job is executed, and new business users will get an email notification about their activated user.
- SAP Managed Tags:
2 Comments
| User | Count |
|---|---|
| 4 | |
| 2 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
