The goal of this blog post is to learn what the best practices are to manage credentials. For the use case, we will create an automation that will log in SAP Logon using environment variables as credentials or local agent credential.
Managing credentials with environment variables
The first step is to create the credentials. In order to do that, you need to create a new project and follow instructions on this link. You need to create a user which is a simple string and a password which is a password type. Once you have those, you can continue.
Capture SAP logon
For this use case we will need to capture the connection screen as well as the login screen. To capture those screen you can look at this blog post that can help you: https://blogs.sap.com/2020/11/03/sap-intelligent-rpa-2.0-how-to-capture-sap-logon-pad-and-sap-gui/
You will need to capture the first screen and define the connection line and the logon button. And the second screen and define the user and password field.
Now we can start building the automation
Create the automation
The first step is to start the application, so put the activity start application on the workflow and set the SAP Logon 760 as the target.
Once this is done you can add the first captured screen: SAP Logon 760. When the activity is on the workflow, you can click on the define screen activities button.
Then drag the click activity on the line that was declared in the capture step.
And do the same for the logon button.
Now we can put the second screen captured and setup the user and the password. To do that, you can drag the set element activity on the user field and on the password field.
For both set element activities, click on them and set up the values with the environment variables already created. They should appear on the dropdown menu with an E before them.
Now that the variables are set up we can test it. There is two to do this, the first is to launch the automation from the project and the second way is to launch it from an environment. We will see both ways.
Test in the project
In the project you can click on the test button. This screen will appear, there you can choose an environment and enter the user and the password in the fields. You can see that the password is hidden because you choose the password field type at the creation of the variable.
Then you can click on test and the automation will run.
Use it once it’s deployed
Create a package
In the overview tab of the project, click on the generate package button on the top right.
Once the package is generated you will be able to add it to an environment.
Now go to your environment, see this link if you don’t have one : https://help.sap.com/viewer/c836fab4182e45548b6c6c6d0d0a9146/Cloud/en-US/99260b06a2034e888b96a9f5e5b1960a.html
Once on your environment, click on the Add Package button in the Packages tab.
Then you have a window that open where you can search the name of your package (the name will be the name of the project if not modified). When you find the package, you can add it by clicking on next.
At this step you can setup the password and the user field, or you can choose to set them up later.
You can click on the OK button to finish the import of the package. Now you are done creating the credentials for your automation.
If you choose to not set the variables at the import package step, you can see the next two sections to set them up in the environment or in a trigger
Set up the variables in the environment.
In the cloud studio tab in the environment, you can click on the pen to enter the value of the variables and finalize the creation of the credentials.
Set up the variables in the trigger
The other way that you can set up you credentials in the environment is in the trigger creation step.
In the trigger tab, you click on the create a trigger button, choose the package you imported and then enter the value of the credential. Then click on Next and finish the creation of the trigger.
Once you are done, you have a trigger with specific credential for your automation.
Managing credentials with local agent credentials
Another way to manage credentials is to use local agent credentials. Instead of using an environment, you can use the credentials from the Windows Credential Manager by retrieving it with the Get Local Agent Credential activity. This method allows each user to have is own credentials.
You can find more information on the local agent credentials here: link
Get local agent credentials
Drag the activity on your workflow and set up the activity.
The variableName parameters is the name of the variable you wish to retrieve. You can set the variableScope to global or project.
This automation shows a best practice of how to use the Get Local Agent Credential activity by checking with the condition if the value returned by the activity is null or not. This way you can be sure that the credential exists and has been well found.
Those two ways helps us using credential without having them in clear in the automation or in the environment which better for security reasons. Later, we will have the possibility to manage the credentials without having to use environment or local agent variables.