Product Information
Managing SAP Enable Now User Accounts
SAP Enable Now provides access to information that can be used to build employee knowledge and capability and to support the use of systems, such as S/4HANA, Ariba and SuccessFactors. In short, SAP Enable Now helps organisations to develop a knowledgeable, efficient workforce that can continuously learn and develop new skills, to meet constantly changing business requirements.
To access information from SAP Enable Now, employees must have their own user account in Enable Now. In the vast majority of instances, employees will access information from Enable Now through Single Sign On (SSO) but those that do not have an account in one of their organisation’s Identity Provider (IDP) system(s), e.g. Active Directory, Azure AD or Okta, can still access content using a manual Enable Now user account. In both these scenarios, manual access or access via SSO, employees accessing content from Enable Now must have an Enable Now user account.
In one scenario, temporary employees – such as contingent workers or contractors – are able to access Enable Now content through SAP Companion, without any Enable Now account. You can learn more about this scenario by reading SAP Companion for External Workers.
Given that most employees who access information from Enable Now will have a user account in Enable Now, it is important to understand the options for managing these accounts. The rest of this post discusses options for managing Enable Now user accounts.
Types of SAP Enable Now user accounts
There are two types of user accounts in Enable Now that can be used to access content: manual user accounts and Single Sign On (SSO) user accounts. Users with manual user accounts must log into Enable Now manually, by entering their Enable Now username and password, while users with SSO user accounts are automatically authenticated and logged into Enable Now through the SSO process. SSO user accounts cannot be used to log into Enable Now manually and manual user accounts cannot be used to authenticate users by the SSO process. The two different types of account accounts are created and managed very differently, but it is possible to have users using both types of accounts simultaneously, to access Enable Now content.
Manual user accounts can be manually created in Enable Now or created using an Excel spreadsheet or LDAP import. These accounts are managed in Enable Now, including maintenance of personal information such as the user’s email address. User passwords are also maintained in Enable Now for manual user accounts.
Enable Now SSO user accounts are typically automatically created by Enable Now when the corresponding user first attempts to access content from Enable Now, is authenticated by the organisation’s IDP, but has no existing user account. Enable Now Administrators can modify the user Role assigned to SSO accounts and can also deactivate and delete these accounts, but all other account maintenance must be performed in the IDP.
To learn how to determine the difference between SSO and manual user accounts in Enable Now, refer to Determining the Difference Between Manual and SSO User Accounts in Enable Now.
User account administration
In SAP Enable Now, there are several common administrative tasks associated with the maintenance of user accounts. These tasks include:
- Resetting the passwords of manual user accounts; passwords for SSO user accounts are managed in the organisation’s IDP, not in Enable Now
- Assigning new user Roles to individual user accounts. This is typically done to allow the corresponding user to access additional Enable Now functionality, e.g., assigning the Master Authors Role to an existing user account to allow the corresponding individual to author content
- Deactivating and deleting user accounts that are no longer required.
Only Enable Now users with the standard Role called Administrators will typically have the necessary user Permissions to be able to successfully administer user accounts. This may not be the case for organisations that are using custom user Roles in Enable Now.
Deactivating and deleting user accounts
In SAP Enable Now, every active user account consumes one Enable Now user license; every account can access an unlimited amount of content on any topic. At some point, individual Enable Now user accounts may become redundant, e.g., the corresponding user leaves the organisation or changes roles and no longer requires access to Enable Now content. In these situations, it is possible to deactivate the corresponding user account in Enable Now so that it no longer consumes an Enable Now license. It is also possible to permanently delete a user account from Enable Now, however, deleting user accounts should only occur when the corresponding users leave the organisation permanently.
Deactivated accounts can be reactivated if the corresponding user requires access to Enable Now content at a future date, but deleted accounts must be recreated. There is no way to restore deleted user accounts.
Enable Now contains functionality that can be used to automatically deactivate dormant user accounts. This functionality can be configured to automatically deactivate user accounts, if the corresponding individuals do not access Enable Now content within a specified period of time, e.g., 3 months.
Whilst the automatic deactivation functionality has been widely used by Enable Now customers, many found that it resulted in user support issues. Prior to the 2206 (June 2206) release of Enable Now, the automatic deactivation functionality did indeed deactivate user accounts – both manual and SSO user accounts – but if the corresponding individuals then attempted to access Enable Now content, they would be prompted to log in with another manual Enable Now user account because their main account had been deactivated. This was generally not possible, because very few Enable Now users have a second manual user account, so resulted in great frustration. Ultimately, this issue required Enable Now Administrators to manually reactivate user accounts that had been incorrectly deactivated so resulted in increased administration effort.
The 2206 release of Enable Now greatly improved this situation because it introduced the option for customers to have Enable Now automatically reactivate SSO user accounts that had been deactivated. This means that Enable Now customers can use the automatic deactivation functionality to deactivate user accounts, that are not actively consuming Enable Now content, with the knowledge that if the user does attempt to access content in the future, Enable Now will automatically reactive their account and provide access to the relevant content. Now that is sweet! For more information on the automatic deactivation and reactivation functionality, watch Automatic User Account Deactivation and Reactivation.
The 2206 release of Enable Now not only simplified the user account activation and deactivation process, it also introduced enhanced user account deletion functionality. Prior to the 2206 release, Enable Now Administrators had to use the Manager Housekeeping functionality to remove user accounts. To cut a long story short, this was very difficult, bordering on impossible, in some instances because the corresponding user accounts were associated with other data in Enable Now, so could not be deleted.
Following the 2206 release of Enable Now, it is now possible for Enable Now Administrators to delete user records from the Users screen in Manager. An Administrator need only select the relevant user accounts and click a Delete button to remove those accounts. A task that was cumbersome and frustrating has been replaced by a process that can be easily completed by several clicks of a mouse. If the automatic reactivation of user accounts is an ice-cream sundae, this is the cherry on the top! If you are interested in seeing how to delete user records in Manager using the new functionality, watch Deleting Enable Now User Accounts.
Summary
User management is an important part of administering Enable Now systems. Manually created Enable Now user accounts are managed in Enable Now, while SSO user accounts are, to a large part, administered in the organisation’s IDP.
The 2206 release of Enable Now significantly improved the process of deactivating and reactivating user accounts and also simplified the task of deleting user accounts from Enable Now. Overall, the challenging task that was user management prior to the 2206 release of Enable Now, has been replaced by simple, efficient functionality that empowers organisations to control their Enable Now user numbers.
If you struggled with managing user account in Enable Now previously, give it another try; you’ll be surprise how easy it now is!
Thanks for the precise article Shane.
One question please.
Why no mail is sent when importing users from excel? Any strong reason behind it?
Hi Mani,
Just a design decision to not send notifications when importing users. You can always use the Messages option in the Administration > Users screen to send a mass email to all the new users who have just had a user ID created but that is the only option. Outside, raise a feature request through the Influence Portal and see if others are keen on the same change. You never know, it might get selected and created.
Regards
Shane
Hello Shane,
I have a question, is the reactivation of users only for SSO accounts or also for manually created users?
Thanks for information
Hi Sandra,
Only SSO user accounts. Manual user accounts must still be reactivated manually.
Regards
Shane
Thanks
Hello Shane,
Is there a way to monitor and report automatically active users ?
I found some reporting available with the Administrator role (Reporting > Server statistic) but no way to get/send the report automatically.
Thanks in advance.
Hi Carine,
You can manually generate a list of users from Administration > Users and manually determine the number of active users from the Reporting > Server Statistics screen, as you mention. Unfortunately, both these reports must be generated manually. Some reports can be scheduled in Manager but not these ones.
The only option may be to use a third-party reporting tool and the Enable Now reporting API, which allows third-party reporting tools, such as Microsoft Power BI, to access data from Enable Now Manager. You can generate a list of user records using this API so if you can schedule that report in Power BI, that might do the trick.
Regards
Shane
Hi Shane,
Is it possible to revert objects to previous versions in Manager? I am aware of doing it in producer. I tried using manager but something is not working.
Thanks.
Hi Mani,
Yes it is possible to revert objects in Manager. I will send you an email on this topic.
Regards
Shane
Thanks Shane. Got it.
Hello Shane,
Even Administrators accounts are automatically deactivated ?
Is there a way to avoid local admins deactivation (or else we'll be blocked...) ?
Hi Carine,
If you are using the automatic user account deactivation functionality and have set that to a very short time period, e.g. 1 month, then I suspect that it could impact quite a few accounts. Your options are:
Unfortunately, I don't believe that there is any way to target specific accounts and not others with the automatic functionality.
Regards
Shane
Hi Shane
A freelancer (Non-SAP person) wishes to learn SEN. How can he request a trial account for practicing ? Is it free for trail account?
Hi Mani,
Partners can get access to an Enable Now account to learn to use it but I'm not sure that individual consultants can. I will find out and come back to you. Just to confirm, this person is an independent Education Consultant who wants to learn Enable Now. Is that correct?
Regards
Shane
Yes, this person is just an independent consultant.