Skip to Content
Technical Articles
Author's profile photo Sebastian Kronschläger

Roles in BTP, IAS and Launchpad service

I’m still new to cloud development with SAP and got confused the other day about the different roles that exist in the BTP, IAS and Launchpad service.

I want to write this blog to help people who are also just new in this environment.

Simply put:

BTP = Roles / Role Collections

IAS = Groups

Launchpad Service = Roles

Instead of going deep into the theory of why different terms for roles are used for different platforms, I want to show how to implement it.


Create Role in Launchpad Service


Role in Launchpad Service


Name Role

With this ID a role collection is automatically created in the BTP cockpit.



Role collections BTP


In the BTP Cockpit navigate to Security > Role Collections to check if the role is now created.


IAS Assertion Attributes


IAS Assertion Attributes





Now you have to navigate to the IAS and select the application. Then you can define “Groups” via Assertion Attributes, so that the user group can be saved with the user.


IAS User Groups


User Groups


Under User Groups you can add groups in IAS to which you can assign multiple users and which are automatically updated if you add a Group to user like the screenshot below.

You have to navigate in the “User Management” in the IAS to see and edit all users. Now you can assign a role to your user.




Trust Configuration


Back in the BTP, you have to navigate to the IAS Overview under Security > Trust Configuration to set Role Collections Mappings.



New Role Collection Mapping


Now you can choose the role collection (which has been created when you add the role to launchpad service) and set the attribute from the group of the IAS.


So you have users in the IAS that are part of a group and you map this group to the Role Collection in BTP. So all users of the group will have access to the respective content.


Set content in Launchpad service


add app to role


After that, you need to add the apps that you are allowed to view with this role to the role in the Launchpad service.





add role to website


In the settings of the website you have to add the roles that the site contains.
To see the changes, press Refresh in the Launchpad Service > Provider Manager and relog in to the website itself.


This blog post and the answer to one of my questions also helped me a lot.


This article was about the roles in BTP, IAS, and the Launchpad service and how they all play together. I hope you learned something new and would be happy if you add your insights in the comments.

Feel free to comment with any questions/issues as well!


Kind regards


Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Ramin Shafai
      Ramin Shafai

      Wonderful!... Exactly what I needed. Thanks for sharing Sebastian.

      One question I have though, how do we link these BTP role collections and launchpad services roles to the roles defined in our end-applications? For example Ariba, SuccessFactors, Concur, ECC, etc.

      Each app have their own roles and groups, and are accessed through BTP. How would BTP know what tiles/content to show to a user, eg. a SuccessFactor user should only see SuccessFactor tiles that are relevant to them.


      Author's profile photo Sebastian Kronschläger
      Sebastian Kronschläger
      Blog Post Author

      Thank you that I could help you!

      Unfortunately, I have no experience with this yet. If I know more about it, I will report.

      Kind regards

      Author's profile photo Sunil Lal
      Sunil Lal

      Good article, Sebastian.

      Author's profile photo Alok Pandey
      Alok Pandey

      very helpful article!! thanks!

      Author's profile photo Daniel Endres
      Daniel Endres

      Very nice Article.

      I was just wondering if it is possible to add a Role Collection which was created in the BTP Cockpit to WorkZone.

      We couldn't find any option to select existing ones and trying to create it with the same name results in an error which correctly claims it exists already in BTP.