Skip to Content
Technical Articles
Author's profile photo Pierre VANHOOVE

Setting up SAP Launchpad Service and SAP Mobile Start with Content Federation

In this blog I would like to cover how the content (roles, groups, apps etc.) that is already defined in SAP S/4HANA on-premise system can be easily made available on SAP Launchpad service using content federation and to then make it available for mobile users on SAP Mobile Start. 


You have an SAP S/4HANA on premise solution with SAP Fiori Launchpad configured with standard or custom business roles, containing apps, groups and catalogs. 

You want to reuse the existing content on the SAP Launchpad service and on SAP Mobile Start using content federation. 

Required Systems and Components

  • Embedded deployment for SAP Fiori Frontend server
  • Application content for SAP S/4HANA On-Premise 1809 or above
  • For cloud notification functionality, you’ll need a S/4HANA release 1909 with component SAP_GWFND 7.54 SP06 or above. For lower releases in 755 (SP00 and SP01) implement SAP note 3005409
  • SAP BTP sub-account 
  • SAP Launchpad service subscription
  • SAP Cloud Connector with principal propagation already set up between SAP BTP sub-account and SAP S/4HANA on-premise system (not covered in this blog) 
  • iOS device with software version 14 or above 

Note: you can find more information on the supported platforms/products in the documentation.

Configuration Steps

  • Expose content from SAP S/4HANA 
  • Setup the Runtime and Design-Time destinations in SAP BTP 
  • Import the content in SAP Launchpad service 
  • Create a Site and assign the imported roles 
  • Add the roles to the user 
  • Review the SAP Mobile Start app settings in Mobile Services and onboard the site on SAP Mobile Start 

Expose Content from SAP S/4HANA


Some technical settings are required in SAP S/4HANA before exposing any content. These steps are also described in this tutorial.

FLP entries

Go to transaction /n/UI2/FLP_SYS_CONF where you need to add an additional FLP configuration parameter.

Click on “New Entries”.

And enter the following values:

FLP Property ID Category Type  Property Value
EXPOSURE_SYSTEM_ALIASES_MODE  Automatically filled  Automatically filled  CLEAR

Save the entry and select a transport request when prompted.

Activate Clickjacking Protection 

Go to transaction UCONCOCKPIT and select the “HTTP Whitelist Scenario” from the list.

Then select in the menu More – HTTP Whitelist – Setup.

Tick both options in the setup menu and save it.

You will now see that the entry “Clickjacking Framing Protection” is added with the logging mode, meaning that connections are just logged but not checked. In production, it is recommended to set it to “Active Check” and to maintain the patterns for the SAP Launchpad service as described in the next step.

If you double click on the row “Clickjacking Framing Protection”, you’ll be able to see and edit the blocked and allowed connections.

Exposure Service

Go in transaction SICF and activate the service /sap/bc/ui2/cdm3. 

Then make sure in to check “use all logon procedures” for the service in the Logon Data tab.

Check the exposing user

Go in the user maintenance (transaction SU01) and check the parameters for the user who will expose the content. 

Go in the tab parameters and make sure that the parameter /UI2/PAGE_CACHE_OFF does not show up there. If it does, remove it. 

Your SAP S/4HANA system is now ready for exposure.

Expose content from SAP S/4HANA

Go to transaction /n/UI2/CDM3_EXP_SCOPE 

Click on the multiple selection icon to select the roles you want to expose.

Then fill in the business roles you want to expose. In this example I have a set of custom and standard roles. 

Then copy the list to your selection, F8 or with the second icon from the left. 

Click on Save Selected Roles 

Click on Expose. 

As a result, the business content is exposed from your SAP S/4HANA system as a json file and accessible with the service path /sap/bc/ui2/cdm3/entities. 

With the buttons “Preview” and “View Exposed Content” of the transaction, you can have a more comprehensive view of the exposed content. 

Create SAP BTP Destinations

We need to create two destinations in the SAP Business Technology Platform, a Design-Time and a Runtime destination.  

The Design-Time destination is used by SAP Launchpad service to fetch the exposed data from the SAP S/4HANA system. 

The Runtime destination is used during runtime i.e., whenever a user is working on the Launchpad and access backend data. 

Logon to your SAP BTP sub-account, navigate to the Destinations and click on “New Destination”.


Clicking the “New Destination” will open a destination template – fill in the following information for the Design-Time destination. For Name use the SAP S/4HANA system ID with the suffix “dt” for Design-Time; for e.g., he4dt. 

Important – the destination name must be lower case and must not contain the underscore character (_).


Name e.g., he4dt
Description e.g., HE4 Design Time
URL http ://<virutal hostname> :<port>/sap/bc/ui2/cdm3/entities
Proxy Type OnPremise
Authentication BasicAuthentication 
Location ID <Location ID defined in the SAP Cloud Connector>
User User in the backend 
Password Password of the above user


sap-client  <client> e.g., 400

Save the entered information. 

Other authentication methods are supported for this destination but not principal propagation, you can find additional information in the documentation.


Create an additional destination for the runtime destination and fill in the following information. For name we use the SAP S/4HANA system ID and the suffix “rt” for Runtime; for e.g., he4rt. 

Important – the destination name must be lower case and must not contain the underscore character (_).


Name e.g., he4rt
Description e.g., HE4 Runtime Destination
Proxy Type OnPremise
URL http://<virutal hostname>:<port> 
Authentication Principal Propagation
Location ID <Location ID defined in the SAP Cloud Connector>


HTML5.DynamicDestination  true
MobileEnabled  true
sap-client  <client> e.g., 400
sap-platform  ABAP
sap-service  32<service number> e.g., 3200
sap-sysid  <systID> e.g., HE4
NOTIF_SERVICEPATH  /sap/opu/odata4/iwngw/notification/default/iwngw/notification_srv/0001 

Save the entered information. 

HTML5.DynamicDestination is for enabling dynamic tiles.

MobileEnabled is required for SAP Mobile Start.

NOTIF_SERVICEPATH is used in combination with sap-sysid and sap-client by the Notification Service to perform callbacks.

More information on the parameters is available in the documentation.

Import Content in the SAP Launchpad Service

Logon into SAP BTP sub-account and navigate to the Instances and Subscriptions. 

If you haven‘t already done it, create a subscription for the SAP Launchpad service from the Service Marketplace and assign yourself the role collection “Launchpad Admin”.


From the three little dots at the right select „Go To Application“, this will open the Site Manager. 

Go to the Provider Manager to create a provider for SAP S/4HANA content. 

Note that he HTML5 Apps provider is created by default, you can find more information in the documentation.

Click on New and complete the required information.

Title Name of the content provider
Description A meaningful description 
ID Automatic generated based on Title 
Design-Time Destination Select the design-time destination from the dropdown – the one created earlier 
Runtime Destination Select the runtime destination from the dropdown – the one created earlier 
Content Addition Mode  Select Manual or Automatic 
Runtime Destination for OData  Use default runtime destination 
Do not create role collection  Leave it unchecked

After a few seconds, you should see a new content provider with the green status “created”.

If something goes wrong and the status is in error, check the pre-requisite settings in SAP S/4HANA. If this doesn’t help you may check the SAP note 2548392 for connectivity between BTP and SCC with basic authentication. 

 Now navigate to the content manager. In the tab “Content Explorer” you should see the new content provider. 

Click on it. 

Select the roles and add them to your content with the button “Add to My Content”.

Now you can see the selection in the tab “My Content”. 

Clicking on a role will show you the apps included and their parameters.  

NOTE: You won’t be able to change anything, remote content can only be edited in the source system. 

You can notice the supported devices for the displayed application, it is coming from the backend catalog configuration and apply to the SAP Launchpad service and SAP Mobile Start.

Create a Site in SAP Launchpad Service

Navigate to the Site Directory and create a new site. 

Give your site a name and click “Create”, it will not display anywhere on your final site, it is just reference.  

You can review all options.

Make sure to enable SAP Mobile Start under User Capabilities.

Note: The toggle button is enabled by default for new sites. For existing sites, the setting is disabled by default and you’ll need to manually toggle it to Yes.


Assign the Roles to the Site

We now need to assign the roles to the site. In the Site Directory, you can access your site settings by clicking on the gear icon.

In edit mode, you can now assign the roles imported from SAP S/4HANA. In the “Assignments” box on the right you can search for the roles to assign to the site. 

Click on the + button to assign the roles to the site and save. 


Assign the roles to the users

The last step before testing the site is to assign the roles to the users. 

In the SAP BTP sub-account navigate to the security section and select “users”. 

Click on a user row, this will open an overview with its details and assigned role collections. 

Right to the Role collection search box, click on the three little dots and select “Assign Role Collection”. 

Select the role collections you want to assign to the user and click on “Assign Role Collection”. Note you can search with the content provider name. 

Note: in a productive scenario and using your own IAS, you’ll prefer to use the Role collection mapping against Idp groups. Please refer to the documentation for more information 

Test the Site

Back to the Site Manager, you’ll find your site in the Site Directory.

With the arrow icon you can launch it, with the gear icon you’ll access its setting and the three little dots give you more option like export, set an alias or delete it.

Launch your site, it is now ready to use.


SAP Mobile Start Enablement and Onboarding

Create the role collection to access Mobile Services

As an admin with this role collection, you can access the Mobile Services included in SAP Launchpad service. 

This role collection doesn’t need to be assigned to the SAP Mobile Start end users. 

In the SAP BTP sub-account go into the role collections and click on the + button to create a new role collection. 

In the dialog pop-up name it “MobileTenantAdmin”, give it a description and click on Create. 

In the role collection list, select your new role collection to edit it. 

Open the value help and search for the role MobileAdmin and add it to the role collection. Save it. 

Review the Mobile Services Settings

As an admin, with this role collection you can access the Mobile Services with the url https://<subdomain>.m.launchpad.cfapps.<region> 

Tip: open the Launchpad service and change the bold part in the url. 

In the Mobile Services admin page, no additional configuration is required. But you can review its properties, see the user registrations and optionally edit the passcode policy and the feature flags for the app under Mobile Settings Exchange.  

Mobile Settings Exchange:

Important: by default the feature flag for the widgets (GlobalWidget) is not active. Set it to active if you want to allow users to add widgets on their device for SAP Mobile Start.

Onboard the Site on SAP Mobile Start

First open the site in a browser. 

In your user settings you can see the QR Code for onboarding in the SAP Mobile Start Application section. 

The first QR code is for the app installation from Apple store. If you already have SAP Mobile Start installed on your device select the QR code for registration. 

On your device start the application, you’ll be prompted to scan the registration QR code and follow the onboarding process. 

Here is the result on a smartphone (Home tab with grouped KPI, app suggestions and the applications tab) 


Setting up an SAP Launchpad Site can be quick with content federation. Check the SAP documentation for the current restrictions. 

We look forward to your comments.

Stay up to date with latest news and post your questions or feedback about SAP Mobile Start in the Q&A area. Start by visiting your SAP Mobile Experience community page and click “follow”. We’ll be publishing more informative blog posts.

Want to be notified? Check your profile settings to ensure you have your settings activated.



Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo anton kopylov
      anton kopylov

      Thanks for that blog.
      Everyone who faced with error "Not Found", when executing Fiori application in SAP Launchpad Service, read carefully that blog.

      Important – the destination name must be lower case and must not contain the underscore character (_).

      Runtime destination should have only lower case chars and must not contain the underscore character (_).

      Author's profile photo Vincent Blum
      Vincent Blum


      thanks for the blog post.


      I have a problem with the launchpad service subscription.

      I don't have the service on my BTP.

      The service also doesn't appear on the entitlement page on the btp.

      I've also tried to use the booster "Configure Access to the Authorization Service", but that doesn't had any effort.


      Do you know why I don't have the launchpad service on my btp subaccounts? Or do I need to create a new subaccount?


      Best regards,


      Author's profile photo Pierre VANHOOVE
      Pierre VANHOOVE
      Blog Post Author

      Hi Vincent,

      Thanks for your comment.

      It looks like a license issue, and I can't really help. I suggest that you contact your SAP account manager for more information.

      But if you want to try the Launchpad service for free, it is available on any trial account.

      Kind regards,


      Author's profile photo anton kopylov
      anton kopylov

      I made same configurations for one role. All was fine. After then add some other roles to sync. As result all roles deleted from BTP.

      I see roles in Site Manager, but it doesn't exists in BTP Cockpit.

      1. Site Manager

      2. BTP Cockpit

      Author's profile photo Pierre VANHOOVE
      Pierre VANHOOVE
      Blog Post Author

      Hi Anton,

      Did you made any change in the content provider ? If you checked the last option "Synchronize existing authorizations" the roles won't be created in your BTP sub-account.

      If that doesn't solve your issue, I suggest that you post the question in the community with the tag SAP Launchpad service. Personally I never faced this issue.

      Author's profile photo anton kopylov
      anton kopylov

      I not set that checkbox. It some issue in last time. I have one role synced but after some time I need extra roles. I add them in SAP S/4HANA to sync. Press provider refresh and lost all roles in BTP.

      Author's profile photo anton kopylov
      anton kopylov


      Or you could set Automatic mode

      Author's profile photo Pierre VANHOOVE
      Pierre VANHOOVE
      Blog Post Author

      Following Anton's issue. It is related to the content addition mode feature in the content provider.

      If you select "Manual addition of selected content items" you need to manually add the roles to your content in the content manager in order to create the role collections.
      If you select "Automatic addition of all content items" the role collections will be created in your sub-account automatically.

      Author's profile photo Vinod Patil
      Vinod Patil

      Do we need to assign security roles to users in S/4HANA (content provider system) and role collection to users in BTP too?

      Author's profile photo Pierre VANHOOVE
      Pierre VANHOOVE
      Blog Post Author

      Hi Vinod,
      Yes, in the backend (S/4HANA), the users need all the required authorisations (classic and for OData).

      In BTP they need to be assigned to role collections (directly or via role collections mapping against IdP groups).


      Author's profile photo Vinod Patil
      Vinod Patil

      Thanks Pierre

      Launchpad service uses latest SAPUI5 version. However S/4HANA applications have tighter dependencies on UI5 version.

      Does this mean launchpad service uses different UI5 version while S/4HANA applications use their own UI5 version as S/4 Fiori applications are launched inside frame?

      How does this impact performance?

      Author's profile photo Gene Madikrama
      Gene Madikrama

      Hi Pierre,

      Great blog!

      I have followed the steps from your blog. Unfortunately I can't see any tiles in my Launchpad service.

      I see that the status of my content provider remains updated.

      Does the content provider need to have the status "activated" so that I can see tiles on my Fiori launchpad?


      Author's profile photo Pierre VANHOOVE
      Pierre VANHOOVE
      Blog Post Author

      Hi Gene,

      Thanks for your comment.

      The status "updated" is fine for your content provider, if you click on "Report" you should see how many roles, groups, apps etc. have been loaded in the Launchpad service.

      Then you, if you didn't select the automatic mode for the content addition (see the previous comments), you'll need to go in the content explorer and add the new roles to your content.

      Finally add the role collections to your site and assign them to the users as well.

      Note that after adding the roles to the site and assigning them to the user, you won't see the new tiles immediately with a simple refresh. You need to sign out and sign in again to see the changes.

      I hope this will help.


      Author's profile photo Anton Pierhagen
      Anton Pierhagen

      Hi Pierre

      I have a launchpad which should have translation of the tiles in 2 languages. English and Dutch.

      In the FLP of the hana backend system there isn't any problem.

      But in the FLP of the BTP, when i choose Dutch there as my language of choice for the FLP, the tiles are not be translated who are coming from the hana backend system.

      What are the steps to make it work in the FLP of the BTP like it is working in the FLP of the backend? Do you know it?


      Kind regards,



      Author's profile photo Pierre VANHOOVE
      Pierre VANHOOVE
      Blog Post Author

      Hi Anton,
      Sorry for the late reply but in your site settings you can choose the available languages, up to 10.
      Did you tried that ?

      Author's profile photo Shubham Shubham
      Shubham Shubham

      Hello Pierre,

      When I am trying to add an entry in "/n/UI2/FLP_SYS_CONF" I am getting an error saying "EXPOSURE_SYSTEM_ALIASES_MODE does not exist in "/UI2/FLPSETPD".

      Is there any configuration needed for this?



      Author's profile photo Pierre VANHOOVE
      Pierre VANHOOVE
      Blog Post Author

      Hi Shubham,

      I would check the software components level, probably your system does not meet all the requirements for content federation.

      If you can't use the content federation you still can add local content in the Launchpad service pointing to your S/4HAAN solution.

      So keep on and experience SAP Mobile Start.



      Author's profile photo Nikhil B
      Nikhil B

      Hi Shubham,


      Can you please let me know what configuration is required to add "EXPOSURE_SYSTEM_ALIASES_MODE" in "/n/UI2/FLP_SYS_CONF"




      Author's profile photo Raoul Shiro
      Raoul Shiro

      Hi Pierre,


      I went through all the steps, till the very end.


      The SAP Mobile start page and Apps Page both return the same error : Something went wrong

      The logs reveal no errors. I should mention, I have an Android Version 12, I maybe wrongly assumed , that It should be working now...Any idea?





      Author's profile photo Larry DuBois
      Larry DuBois

      So if we have a Hub architecture instead of Embed we can't use Mobile Start?


      Please explain why that is the case?

      Author's profile photo Pierre VANHOOVE
      Pierre VANHOOVE
      Blog Post Author


      With a Hub architecture you can use SAP Mobile Start but you won't be able to activate push notifications. The main reason is that the NW Gateway as standalone is delivered up to version 7.52, for a NW 7.54 and beyond, you need an S/4HANA installation (so embedded). And push notifications are supported from NW 7.54.

      Hope that helps.



      Author's profile photo Ali Asher
      Ali Asher

      Thanks for this blog.

      Please share for s4 hana cloud system.


      Author's profile photo Diego Marin
      Diego Marin

      You said this:

      Other authentication methods are supported for this destination but not principal propagation, you can find additional information in the documentation.


      in that documentation only  Basic Authentication method is supported for design-time destination.

      That a gap in the product design because all BTP documentation always said this:


      The standard Basic Authentication is supported by all sender and receiver channels, whenever it’s appropriate for the chosen transport protocol. Basic authentication has several drawbacks:

      • Even if transport level security is used, clear text passwords can be retrieved on intermediate network hops (for example, load balancers) that terminate the TLS connection.

      • Short and poorly designed passwords can easily be unveiled by brute-force attacks.

      • The user can be locked because of too many failed login attempts, which opens the door for denial-of-service attacks.

      For these reasons, always consider using more secure authentication methods, if available. that is the key message try to avoid BASIC and also OAUTH.


      Then currently I saw a security gap in the product desing for the Design-Time destination, the runtime destination is OK.

      Author's profile photo srinivas katta
      srinivas katta

      Hello @Pierre VANHOOVE ,


      Thanks for your blog. I setup SAP Mobile Start by following your blog and other two below blogs.



      am facing below issue after done all the configuration.

      Accessing my Site and scrolling through it, raises an authentication popup:

      Please help me with this. This urgent requirement from my company.

      Author's profile photo srinivas katta
      srinivas katta

      Hello Pierre,


      Thanks for your blog. It helped me alot.

      I done SAP Mobile Start setup by following your blog and two below blogs. But am facing authentication pop-up error while accessing application.


      Please help me to resolve this error.

      Accessing My Site and scrolling through it, raises an authentication popup:

      Thank you

      Author's profile photo Pierre VANHOOVE
      Pierre VANHOOVE
      Blog Post Author


      It's clearly an issue with the principal propagation. I can't really help with it.
      Double check the two other blogs from my colleague you've mentioned, you probably miss something.

      You also can install the extension SAML Tracer on Chrome to see what get wrong, the subject name identifier can be mail or email depending on versions.

      But, sorry I can't help much more, post your question on Claus's Bog posts.

      Author's profile photo Chandrashekhar Kolla
      Chandrashekhar Kolla

      Dear Pierre

      First of all thanks for the great blog , we followed all the mentioned steps for our S4HANA and this works as expected.

      Now we have a similar requirement whereby some of the apps are still using SAP NWG ( Netweaver Gateway running on NW 752 ) and not migrated to S4HANA , here also we followed the similar steps as per your blog. We could see the application on the launch pad but while launching it's taking the UI version as 1.71.40 by default which is now outdated and the working version is 1.71.49.


      SAP NWG Product Version


      SAP UI Version

      Kindly suggest how to fix the issue.


      Best Regards


      Author's profile photo Rahul Lohia
      Rahul Lohia

      Hi Pierre,

      Excellent blog and everything works as you have described.Mobile start is setup and shows all the apps as expected. I do however have an issue when I am trying to launch an app on the mobile start it ends with an error like below.


      I have activated all the SICF services and followed this link as well to do everything required.

      Any help would be appreciated.




      Author's profile photo Pierre VANHOOVE
      Pierre VANHOOVE
      Blog Post Author


      First time I see this issue. The note is for the old Java portal, can you check this doc instead ? and try to set t up with UCONCOCKPIT  ?


      Author's profile photo Rahul Lohia
      Rahul Lohia

      Hi Pierre,


      Thanks for your reply, I found the issue was with the setup of principle propagation and re-configuring it fixed the problem.