Managing SAP Enable Now User Accounts

SAP Enable Now provides access to information that can be used to build employee knowledge and capability and to support the use of systems, such as S/4HANA, Ariba and SuccessFactors.  In short, SAP Enable Now helps organisations to develop a knowledgeable, efficient workforce that can continuously learn and develop new skills, to meet constantly changing business requirements.

To access information from SAP Enable Now, employees must have their own user account in Enable Now.  In the vast majority of instances, employees will access information from Enable Now through Single Sign On (SSO) but those that do not have an account in one of their organisation’s Identity Provider (IDP) system(s), e.g. Active Directory, Azure AD or Okta, can still access content using a manual Enable Now user account. In both these scenarios, manual access or access via SSO, employees accessing content from Enable Now must have an Enable Now user account.

In one scenario, temporary employees – such as contingent workers or contractors – are able to access Enable Now content through SAP Companion, without any Enable Now account.  You can learn more about this scenario by reading SAP Companion for External Workers.

Given that most employees who access information from Enable Now will have a user account in Enable Now, it is important to understand the options for managing these accounts.  The rest of this post discusses options for managing Enable Now  user accounts.

Types of SAP Enable Now user accounts

There are two types of user accounts in Enable Now that can be used to access content: manual user accounts and Single Sign On (SSO) user accounts.  Users with manual user accounts must log into Enable Now manually, by entering their Enable Now username and password, while users with SSO user accounts are automatically authenticated and logged into Enable Now through the SSO process.  SSO user accounts cannot be used to log into Enable Now manually and manual user accounts cannot be used to authenticate users by the SSO process.  The two different types of account accounts are created and managed very differently, but it is possible to have users using both types of accounts simultaneously, to access Enable Now content.

Manual user accounts can be manually created in Enable Now or created using an Excel spreadsheet or LDAP import.  These accounts are managed in Enable Now, including maintenance of personal information such as the user’s email address.  User passwords are also maintained in Enable Now for manual user accounts.

Enable Now SSO user accounts are typically automatically created by Enable Now when the corresponding user first attempts to access content from Enable Now, is authenticated by the organisation’s IDP, but has no existing user account.  Enable Now Administrators can modify the user Role assigned to SSO accounts and can also deactivate and delete these accounts, but all other account maintenance must be performed in the IDP.

To learn how to determine the difference between SSO and manual user accounts in Enable Now, refer to Determining the Difference Between Manual and SSO User Accounts in Enable Now.

User account administration

In SAP Enable Now, there are several common administrative tasks associated with the maintenance of user accounts.  These tasks include:

• Resetting the passwords of manual user accounts; passwords for SSO user accounts are managed in the organisation’s IDP, not in Enable Now
• Assigning new user Roles to individual user accounts. This is typically done to allow the corresponding user to access additional Enable Now functionality, e.g., assigning the Master Authors Role to an existing user account to allow the corresponding individual to author content
• Deactivating and deleting user accounts that are no longer required.

Only Enable Now users with the standard Role called Administrators will typically have the necessary user Permissions to be able to successfully administer user accounts.  This may not be the case for organisations that are using custom user Roles in Enable Now.

Deactivating and deleting user accounts

In SAP Enable Now, every active user account consumes one Enable Now user license; every account can access an unlimited amount of content on any topic.  At some point, individual Enable Now user accounts may become redundant, e.g., the corresponding user leaves the organisation or changes roles and no longer requires access to Enable Now content.  In these situations, it is possible to deactivate the corresponding user account in Enable Now so that it no longer consumes an Enable Now license.  It is also possible to permanently delete a user account from Enable Now, however, deleting user accounts should only occur when the corresponding users leave the organisation permanently.

Deactivated accounts can be reactivated if the corresponding user requires access to Enable Now content at a future date, but deleted accounts must be recreated.  There is no way to restore deleted user accounts.

Enable Now contains functionality that can be used to automatically deactivate dormant user accounts.  This functionality can be configured to automatically deactivate user accounts, if the corresponding individuals do not access Enable Now content within a specified period of time, e.g., 3 months.

Whilst the automatic deactivation functionality has been widely used by Enable Now customers, many found that it resulted in user support issues.  Prior to the 2206 (June 2206) release of Enable Now, the automatic deactivation functionality did indeed deactivate user accounts – both manual and SSO user accounts – but if the corresponding individuals then attempted to access Enable Now content, they would be prompted to log in with another manual Enable Now user account because their main account had been deactivated.  This was generally not possible, because very few Enable Now users have a second manual user account, so resulted in great frustration.  Ultimately, this issue required Enable Now Administrators to manually reactivate user accounts that had been incorrectly deactivated so resulted in increased administration effort.

The 2206 release of Enable Now greatly improved this situation because it introduced the option for customers to have Enable Now automatically reactivate SSO user accounts that had been deactivated.  This means that Enable Now customers can use the automatic deactivation functionality to deactivate user accounts, that are not actively consuming Enable Now content, with the knowledge that if the user does attempt to access content in the future, Enable Now will automatically reactive their account and provide access to the relevant content.  Now that is sweet!  For more information on the automatic deactivation and reactivation functionality, watch Automatic User Account Deactivation and Reactivation.

The 2206 release of Enable Now not only simplified the user account activation and deactivation process, it also introduced enhanced user account deletion functionality.  Prior to the 2206 release, Enable Now Administrators had to use the Manager Housekeeping functionality to remove user accounts.  To cut a long story short, this was very difficult, bordering on impossible, in some instances because the corresponding user accounts were associated with other data in Enable Now, so could not be deleted.

Following the 2206 release of Enable Now, it is now possible for Enable Now Administrators to delete user records from the Users screen in Manager.  An Administrator need only select the relevant user accounts and click a Delete button to remove those accounts.  A task that was cumbersome and frustrating has been replaced by a process that can be easily completed by several clicks of a mouse.  If the automatic reactivation of user accounts is an ice-cream sundae, this is the cherry on the top!  If you are interested in seeing how to delete user records in Manager using the new functionality, watch Deleting Enable Now User Accounts.

Summary

User management is an important part of administering Enable Now systems.  Manually created Enable Now user accounts are managed in Enable Now, while SSO user accounts are, to a large part, administered in the organisation’s IDP.

The 2206 release of Enable Now significantly improved the process of deactivating and reactivating user accounts and also simplified the task of deleting user accounts from Enable Now.  Overall, the challenging task that was user management prior to the 2206 release of Enable Now, has been replaced by simple, efficient functionality that empowers organisations to control their Enable Now user numbers.

If you struggled with managing user account in Enable Now previously, give it another try; you’ll be surprise how easy it now is!