Conditional and Enhanced Integration for SAP Universal ID – And how it works with SAP’s Built-in Support
SAP Universal ID – Conditional Integration
Phase 1 of our SAP Universal ID integration was known as ‘conditional’. This ‘lite’ integration of SAP Universal ID allows an enabled platform to support SAP Universal ID with only minimal adjustments.
The benefits of conditional integration are scale, with speed of deployment, where the user can evolve their experience with SAP Universal ID at their own pace. This approach has allowed SAP Universal ID to integrate with almost 10k sites and applications in under 2 years. Given the different levels of maturity and support in each of the sites, conditional integration was the most pragmatic approach to rolling out SAP Universal ID in such a short timeframe.
However, while providing the stated benefits, as far as system access is concerned, the user is still authenticating with an S-user or P-user. Therefore, conditional integration delivers an entry-level set of features to the user to take advantage of the new SAP Universal ID capabilities i.e. the ability to login using one of their SAP Universal ID, their S-user or P-user.
Additionally, while phase 1 provides the foundation for SAP Universal ID, it is also SAP’s objective to deprecate S-users as a standalone login identity. The S-user will be utilized as an entitlement under the control of SAP Universal ID. Furthermore, the intent is to replace the P-user with SAP Universal ID, with the exception of content migration activities, and to maintain continuity with conditional only sites.
Over 500 key SAP sites currently support conditional integration including SAP.com, SAP for Me, SAP Community, ONE Support Launchpad, SAP Support Portal, SAP Learning Hub, and the SAP Partner Portal. All remaining sites are planned to be conditionally enabled by the end of July.
SAP Universal ID – Enhanced Integration
Phase 2 delivers incremental SAP Universal ID functionality over conditional with the implementation of enhanced integration.
When a site is enabled with enhanced integration, and a SAP Universal ID with a number of linked S-users and P-users logs on, that site intrinsically comprehends the authorization entitlements of those linked accounts. As a result, the site can tailor its’ processes and interfaces to match the complete user profile. It can also attribute content to the SAP Universal ID, maintaining it for the owner regardless of any future changes to their S-users or P-users. Examples of such content are Community posts, direct messages, reputation from gamification, training certifications, site preferences, favorited content, etc.
Enhanced integration sites can also modify the manner in which they interact with a user. For instance, if a user has a product renewal due for a fictional company e.g. ACME.inc, and they click an email link informing them to extend their license, an enhanced site can assimilate the user’s entire authorization model, identify that they have the necessary entitlements for ACME.inc, and allow them to complete the transaction. This enhanced capability of SAP Universal ID simplifies processes and delivers a significantly improved user experience.
It is SAP’s intention that all of its’ most regularly visited or core, sites will migrate to SAP Universal ID with enhanced integration in time. This will enable SAP to deliver the user experience our customers want while improving SAP’s own internal processes through increased efficiency and automation.
Sites such as SAP.com, SAP Community, and SAP for Me, etc. will begin the migration to enhanced integration over the next six to nine months, with SAP.com planned to start in Q3 of 2021.
Built-in Support with SAP Universal ID Enhanced Integration – A Use Case
With the May 2021 SAP S/4HANA Cloud release, Built-in Support became the first enhanced application to go live with SAP Universal ID. Built-In Support moves support directly into the application, providing a seamlessly integrated platform for a consistent user support experience across participating SAP products. It offers access to the content, tools, and channels of SAP’s Product Support at the users’ fingertips with no implementation effort required.
Now let’s take a look at the interaction between SAP Universal ID and Built-in Support as deployed in SAP S/4HANA Cloud.
When a user logs in to Built-in Support with their SAP Universal ID, the application looks at all of the linked S-users. It then checks to see if any have incident permissions for the SAP S/4HANA Cloud tenant that the user is working in when they request support.
On identifying an authorized S-user, Built-In Support automatically selects it, allowing an incident to be opened directly in the application without having to go to the SAP ONE Support Launchpad. The application understands the context of what the user was doing, who the user is, and delivers a simple, seamless user experience to provide the support they need.
Further use cases for this interaction could extend to requesting authorizations automatically or to start a simple workflow to request permissions without the need to know the administrator of the tenant/installation.
As Built-in Support has done in this use case, each core site that goes live with SAP Universal ID enhanced integration can augment their existing processes and capabilities with improved contextualized experiences relevant to their user community.
Additional Information on SAP Universal ID and Built-In Support
SAP hosted a customer collaboration event on ‘One Identity for Life’ on 22nd June. This session was a mix of presentations and demos, touching further on these blog topics, providing additional insights on the benefits of SAP Universal ID, how to simply create yours, and the proposed roadmap. You’ll find more information in the Event Replay and PDF.
You can register for your own SAP Universal ID in under 2 minutes here.
For more information on SAP’s Built-In Support, click here.
If you've been wondering about SAP Universal ID and weren't sure where to get more information, I highly recommend watching the recording that Kevin has shared at the end of this blog post. It's a recording of a recent webinar that contained presentations and demos showing how easy it is to set up and use.
Is there is a trick to make it seamless when testing APIs. I find it challenging when testing APIs with Universal ID and logging on to Cloud foundry to make deployments. This is all from a developer perspective :).
Hi Aman, thank you for contacting us and sharing your experience. On behalf of the Identity and User Management Program @ SAP, we apologize for any inconveniences and thank you for your continued business. Please feel free to send me your contact details via DM if you'd like to discuss further. My team would then reach out to you as we are interested in learning more about your challenges.
Happy to support,