SAP has introduced SAP Start, our new default central entry point, designed to easily engage with all cloud business solutions across the SAP portfolio. It is included out-of-the-box, at no additional cost, with all integrated SAP cloud business solutions.
If you want to learn more about SAP Start in general, have a look at our recent "Things You Need to Know About SAP Start” blog post.
Today, we want to show you how easy it is to set up SAP Start seamlessly integrated with SAP S/4HANA Cloud, private edition. Please note that there is also the possibility to integrate SAP SuccessFactors already today, and more SAP cloud business solutions in the future, which we are covered in blog entries. (see links at the end of this blog post)
To follow along with this how-to, please make sure you already fulfill the following prerequisites:
You have an existing global account on the SAP Business Technology Platform
Your global account has these entitlements assigned
Service Plan Required QuotaCloud Management Service | Local | 1 |
SAP Build Work Zone, standard edition | foundation | 1 |
SAP Build Work Zone, standard edition | foundation (Application) | 1 |
SAP Task Center | standard | 1 |
Cloud Identity Services | connectivity | 1 |
You have (admin) access to your S/4HANA Cloud Private Edition system with minimum required version 2023 FPS1
You have an Identity Authentication Service available in your global account
You have set up a SAP Cloud Connector as outlined by the SAP Cloud Connector documentation
You first need to create a new subaccount in your BTP global account. Open the Account Explorer page of your global account in the BTP cockpit. You should see a dropdown menu called Create where you select Subaccount. Follow the wizard and enter all required fields.
In your created subaccount, go to the Entitlements section and entitle the subaccount for:
SAP Build Work Zone, standard edition (plan: foundation & foundation (Application))
SAP Task Center (plan: standard)
Expand the Services section to open the Instances and Subscriptions section for the subaccount and create a subscription for SAP Build Work Zone, standard edition
Go to the Overview section of the subaccount and Enable Cloud Foundry in the subaccount
Go to the Overview section of the subaccount and click Create Space
Add your user as Space Developer, Space Manager, and Space Auditor
In your created space, expand the Services section to open the Instances section for the space and create a service instance for SAP Task Center
Create a service key for your created service instance of SAP Task Center
In your subaccount, expand the Connectivity section to navigate to the Destinations section of your subaccount and create a new destination based on the service instance of Task Center
In your global account, select System Landscape from the left panel, and select the Formations tab
Click Create Formation (in the top right corner)
Enter a Formation Name and select Integration with SAP Start as the Formation Type and click Next Step
Select the SAP Start system that reflects your SAP Build Work Zone subscription which you created in step 3 and click Next Step
Double check on the review page that everything looks correct and click Create
Important: SAP Build Workzone automatically proxies a system connected to it via the SAP Cloud Connector. All paths that you configure in your cloud connector will be reachable via the public internet. Please make sure that you only configure necessary paths and that your S/4HANA Cloud Private Edition system is properly secured to prevent unauthorized access.
Follow the SAP Cloud Connector documentation to establish trust between your created subaccount and your S/4 Private Cloud System
Open the Cloud To On-Premise tab in your SAP Cloud Connector Administration UI
Create a new mapping for the SAP Build Work Zone with SAP Start integration following the Workzone SAP Cloud Connector Setup documentation
NOTE: This is a default configuration with the purpose to cover most use cases. From a security perspective it is recommended to investigate which services are really used in your use case and restrict the paths further.
Create a new mapping for the integration with the Identity Provisioning Service (IPS)
With these example properties you would get ldcsuct:sapmsUCT as internal host
Allow access to the following resources with Naming Policy Exact Name as outlined by the IPS documentation for SAP Application Server ABAP
Open your S/4HANA Cloud Private Edition system and follow the Manage Launchpad Content for Exposure documentation to preview and expose your content. Pay attention to select Version 2 as the Exposure Version. The Result should look like this:
To check that your content exposure was successful you can use the SAP Gateway Client (transaction /IWFND/GW_CLIENT)
Create a technical service user that fulfills the Prerequisites for Launchpad Content Exposure
Open transaction SU01 to create a technical service user
Select Service as User Type
Ensure the business users have Insights Cards assigned in the MyHome Settings of your S/4 HANA Private Cloud system
In your subaccount, expand the Connectivity section and navigate to the Destinations section.
Follow the Configure Destinations section to create the Design-Time and Runtime destinations.
Create a destination for retrieving nominations via the SAP Cloud Connector
Navigate to the Channel Manager section in SAP Build Work Zone and add a new Content Provider with the following properties:
NOTE: The role MAINTAIN_USER_GLOBAL_ID is required by IPS to synchronize the Global User ID. The Global User ID is required for the Task Center integration to display the tasks of the business users.
Open your S/4HANA Cloud Private Edition system
Open transaction SU01 to add the role SAP_BC_JSF_COMMUNICATION_RO to the technical service user used for reading the CDM content
Open your subaccount and navigate to your created Cloud Foundry space, expand the Services section to select Instances for the space and create a service instance for SAP Build Work Zone, standard edition
Create a service key for the service instance of SAP Build Work Zone, standard edition
Open your subaccount, expand the Security section to open the Trust Configuration section
Click on the Establish Trust button and select your IAS tenant
Navigate to the Instances and Subscriptions section
Subscribe to Cloud Identity Services with plan connectivity
Expand the Connectivity section to navigate to the Destinations section and create a new destination for the IPS integration as outlined by the IPS documentation for SAP Application Server ABAP
An example for a connection with load balancing:
Open your IAS administrator console at <IAS domain>/admin
Navigate to the Identity Provisioning section and open the Source Systems section
Click on + Add to add a new Source System
Select SAP Application Server ABAP as type
Give the source system a meaningful name
Open the Transformations tab, click on Edit and switch into the JSON mode to paste the following standard transformation
{ "user": { "mappings": [ { "sourcePath": "$.USERNAME", "targetVariable": "entityIdSourceSystem" }, { "sourcePath": "$.USERNAME", "targetPath": "$.userName", "correlationAttribute": true }, { "sourcePath": "$.ALIAS.USERALIAS", "targetPath": "$.externalId", "optional": true, "correlationAttribute": true }, { "sourcePath": "$.SAPUSER_UUID.SAP_UID", "targetPath": "$['urn:ietf:params:scim:schemas:extension:sap:2.0:User']['userUuid']", "optional": true }, { "targetPath": "$.schemas[0]", "constant": "urn:ietf:params:scim:schemas:core:2.0:User" }, { "sourcePath": "$.ADDRESS.E_MAIL", "targetPath": "$.emails[0].value", "optional": true, "correlationAttribute": true }, { "targetPath": "$.emails[0].primary", "condition": "$.ADDRESS.E_MAIL EMPTY false", "constant": true }, { "targetPath": "$.emails[0].type", "condition": "$.ADDRESS.E_MAIL EMPTY false", "constant": "work" }, { "sourcePath": "$.ADDRESS.FIRSTNAME", "targetPath": "$.name.givenName", "optional": true }, { "sourcePath": "$.ADDRESS.LASTNAME", "targetPath": "$.name.familyName" }, { "sourcePath": "$.ADDRESS.MIDDLENAME", "targetPath": "$.name.middleName", "optional": true }, { "sourcePath": "$.ADDRESS.NICKNAME", "targetPath": "$.nickName", "optional": true }, { "sourcePath": "$.ADDRESS.TITLE_P", "targetPath": "$.name.honorificPrefix", "optional": true }, { "sourcePath": "$.ADDRESS.COUNTRY", "targetPath": "$.addresses[0].country", "optional": true }, { "targetPath": "$.addresses[0].primary", "condition": "$.ADDRESS.COUNTRY EMPTY false", "constant": true }, { "targetPath": "$.addresses[0].type", "condition": "$.ADDRESS.COUNTRY EMPTY false", "constant": "work" }, { "sourcePath": "$.ADDRESS.TEL1_NUMBR", "targetPath": "$.phoneNumbers[0].value", "optional": true }, { "targetPath": "$.phoneNumbers[0].primary", "condition": "$.ADDRESS.TEL1_NUMBR EMPTY false", "constant": true }, { "targetPath": "$.phoneNumbers[0].type", "condition": "$.ADDRESS.TEL1_NUMBR EMPTY false", "constant": "work" }, { "sourcePaths": [ "$.DEFAULTS.LANGU" ], "targetPath": "$.locale", "valueMappings": [ { "key": [ "W" ], "mappedValue": "bg" } ], "optional": true, "type": "valueMapping", "defaultValue": "en" }, { "sourcePaths": [ "$.ADDRESS.LANGUP_ISO" ], "targetPath": "$.preferredLanguage", "optional": true, "type": "valueMapping", "functions": [ { "function": "toLowerCaseString" } ] }, { "sourcePaths": [ "$.LOGONDATA.TZONE" ], "targetPath": "$.timezone", "valueMappings": [ { "key": [ "EET" ], "mappedValue": "Europe/Sofia" } ], "optional": true, "type": "valueMapping", "defaultValue": "Europe/Berlin" }, { "targetPath": "$.active", "constant": false }, { "targetPath": "$.active", "condition": "($.ISLOCKED.LOCAL_LOCK != 'L') && ($.ISLOCKED.GLOB_LOCK != 'L') && ($.ISLOCKED.WRNG_LOGON != 'L')", "constant": true }, { "sourcePath": "$.ACTIVITYGROUPS[*].AGR_NAME", "targetPath": "$.groups[?(@.value)]", "optional": true, "preserveArrayWithSingleElement": true } ] }, "group": { "mappings": [ { "sourcePath": "$.ROLE_NAME", "targetVariable": "entityIdSourceSystem" }, { "sourcePath": "$.ROLE_NAME", "targetPath": "$.displayName", "functions": [ { "function": "concatString", "condition": "'%abap.role.prefix%' !== 'null'", "prefix": "%abap.role.prefix%" } ] }, { "targetPath": "$.schemas[0]", "constant": "urn:ietf:params:scim:schemas:core:2.0:Group" }, { "sourcePath": "$.USERLIST[*].USERNAME", "targetPath": "$.members[?(@.value)]", "optional": true, "preserveArrayWithSingleElement": true } ] } }
Navigate to the Identity Provisioning section and open the Target Systems section
Click on + Add to add a new Target System
Select SAP Build Work Zone, standard edition as type
Give the target system a meaningful name
Select your created source system for S/4HANA Cloud Private Edition as the source system
Open the Transformations tab, click on Edit and switch into the JSON mode to paste the following standard transformation
{ "user": { "condition": "($.emails EMPTY false) && ($['urn:ietf:params:scim:schemas:extension:sap:2.0:User'].userUuid EMPTY false)", "skipOperations": [ "update" ], "mappings": [ { "targetPath": "$.id", "sourceVariable": "entityIdTargetSystem" }, { "targetPath": "$.schemas[0]", "constant": "urn:ietf:params:scim:schemas:core:2.0:User" }, { "targetPath": "$['urn:ietf:params:scim:schemas:extension:2.0:mapping']['providerId']", "constant": "%cflp.providerId%" }, { "sourcePath": "$.emails[0].value", "targetPath": "$.emails[0].value", "condition": "$.emails[?(@.primary == true)].value == []", "optional": true }, { "sourcePath": "$.emails[?(@.primary == true)].value", "targetPath": "$.emails[0].value", "condition": "$.emails[?(@.primary == true)].value != []", "optional": true, "preserveArrayWithSingleElement": true, "functions": [ { "function": "elementAt", "index": 0 } ] }, { "targetPath": "$.emails[0].primary", "condition": "$.emails[0].length() > 0", "constant": true }, { "sourcePath": "$['urn:ietf:params:scim:schemas:extension:sap:2.0:User']['userUuid']", "targetPath": "$.externalId", "optional": true }, { "sourcePath": "$.groups[*].value", "targetPath": "$.groups[?(@.value)]", "optional": true, "preserveArrayWithSingleElement": true, "functions": [ { "function": "resolveEntityIds", "entityType": "group" } ] } ] }, "group": { "mappings": [ { "targetPath": "$.id", "sourceVariable": "entityIdTargetSystem" }, { "targetPath": "$['urn:ietf:params:scim:schemas:extension:2.0:mapping']['providerId']", "constant": "%cflp.providerId%" }, { "targetPath": "$.schemas[0]", "constant": "urn:ietf:params:scim:schemas:core:2.0:Group" }, { "targetPath": "$.schemas[1]", "constant": "urn:ietf:params:scim:schemas:core:2.0:mapping", "optional": true }, { "sourcePath": "$.displayName", "targetPath": "$.externalId" }, { "sourcePath": "$.externalId", "targetPath": "$.externalId", "optional": true, "functions": [ { "function": "replaceAllString", "regex": "(?i)(^pcd:)", "replacement": "" }, { "function": "replaceString", "target": "/", "replacement": ":" }, { "function": "replaceString", "target": "(", "replacement": "@" }, { "function": "replaceString", "target": ")", "replacement": "+" } ] }, { "sourcePath": "$.members[*].value", "targetPath": "$.members[?(@.value)]", "optional": true, "preserveArrayWithSingleElement": true, "functions": [ { "function": "resolveEntityIds" } ] } ] } }
Open the Properties tab and add the following properties
Navigate to the Identity Provisioning section and open the Source Systems section
Select your created source system for your S/4HANA Cloud Private Edition tenant
Open on the Jobs tab
Click on Run Now for the Read Job to start the synchronization of your S/4HANA users and roles into your SAP Build Work Zone tenant
Navigate to the Identity Provisioning section and open the Provisioning Logs section to see the logs and status of your synchronization jobs
You should now have a working setup of SAP Build Work Zone, standard edition with SAP Start and S/4HANA Cloud Private Edition. For the blog post copy and adjust the section Accessing SAP Start and That is it! from one of the following existing blog posts instead of this Final Result section.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
33 | |
17 | |
15 | |
13 | |
11 | |
9 | |
8 | |
8 | |
8 | |
7 |