Skip to Content
Technical Articles
Author's profile photo Ali Chalhoub
Ali Chalhoub
November 30, 2022 Less than a 1 minute read

How to configure Trust Configuration in Global Account Step-by-Step

Welcome to How to configure Trust Configuration in Global Account in Cloud Foundry step-by-step. In this whitepaper we will discuss all the steps required in order to configure a trust configuration between Identity Authentication Service and BTP Cloud Foundry. The idea is to allow the platform users from an IAS tenant to login to global account, subaccount and have access to CF and NEO Applications, such as SAP Business Application Studio.

 

Abstract:

Chapter 1 – Overview

  • Architecture
  • Business User vs Platform User

Chapter 2 – Configuring Trust Configuration

  • Creation of two subaccounts NEO and CF
  • Enable SAP Web IDE in NEO
  • Enable SAP Business Application Studio in CF
  • Verifying the Trust creation between BTP and IAS
  • Creating and Testing Platform User
  • Adding authorization to Platform User
  • Configuring NEO Subaccount
  • Accessing SAP Business Application Studio Using Platform User

Chapter 3 – Troubleshooting

  • Error 1 – Access Denied when accessing SAP Web IDE
  • Error 2 – “-subaccount not visited yet-“ message is displayed in the Name column
  • Error 3 – Cockpit shows HTTP Status 500 after logon with IAS acting as proxy to a Corporate IDP for platform user
  • Error 4 – After creating a trust configuration, application end up under charged application in IAS and not bundled application

 

To access the whitepaper, please click on this link: https://wiki.scn.sap.com/wiki/x/cwMPJg

 

Assigned Tags

      2 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Wallace Henry
      Wallace Henry

      Think I found this/have it working: Establish Trust and Federation of Custom Identity Providers for Platform Users [Feature Set B] | SAP Help Portal

      -------------

      Hello,

      This is from 2022 - when SAP didn't allow IAS on the Global Account.  I read "global account" in the blog title, but the details seem to be setting up IAS on a Sub-Account.

      We've done that, but would like to extend the IAS IDP to the Global Account.

      I'll chase this blog also: https://blogs.sap.com/2023/07/07/secure-management-and-authentication-of-sap-btp-account-members-with-custom-identity-providers/?url_id=text-global-profile-inbox-bp-new-in-tag-followed

      Grateful if you have any other suggestions.

      Best Regards Wallace

      Author's profile photo Vijaigeetha Chittaranjan
      Vijaigeetha Chittaranjan

      Actually the paper walks through the entire cycle of access for platform users for both Neo and Cloud Foundry subaccount that is created as well as the platform user trust configuration. The trust configuration in the help document is discussed in Chapter 2.