3022498 - Unauthorized response when using 3 legged OAuth flow for API access token in SAP Analytics Cloud (SAC) & SAP Digital Boardroom

When accessing the URL <Tenant>/api/v1/stories a http 401 unauthorized response is returned, which prevents returning the result set from the SAC API.

• SAP Analytics Cloud (Enterprise) 2021.3.2

1. Go to System, Administration and click on the App Integration tab.
2. Get the token URL under the first panel.
3. From Postman Environment, create a new Post request to the token URL.
4. Under the Authorization tab, select the type as OAuth 2.0.
5. Under the Configure New Token, select the grant type as Authorization Code.
6. Ensure all the form fields are entered: Callback URL, Auth URL, Access Token URL, Client ID & Secret.
7. Click on the orange button called Get New Access Token.
8. Afterwards a pop up window will appear prompting a login.
9. Get the access token from the response.
10. Create a new Get request to <Tenant>/api/v1/stories
11. Do not include Authorization bearer in the headers tab, instead click on the authorization tab and select the type as Bearer Token and input the string value in the input field to the right.
12. After firing the request, observe the body response as unauthorized. 

The Groups SAML Attribute has not been applied which is causing the authorization issue.

SAC started to enforce “Groups” SAML attribute presence, there it no longer works without Groups attribute, starting December 2020.

• When creating an OAuth Client for 3 legged authorization the purpose must be selected for Interactive Usage.
• Set the Groups SAML Attribute to Value = sac as per the prerequisite of Enabling a Custom SAML Identity Provider

• 2569847 - Where can you find SAC user assistance (help) to use, configure, and operate it more effectively?
• Have a question? Ask it here and let our amazing SAP community help! Or reply and share your knowledge!
• 2487011 - What information do I need to provide when opening an case for SAP Analytics Cloud?
• 2511489 - Troubleshooting performance issues in SAP Analytics Cloud
• Search for SAP Analytics Cloud content using Google or Bing:
• https://www.google.ca/search?q=site%3Ahttps%3A%2F%2Fapps.support.sap.com+SAP+Analytics+Cloud
• https://www.bing.com/search?q=site%3Ahttps%3A%2F%2Fapps.support.sap.com+SAP+Analytics+Cloud
• Note: Add relevant text or warning/error messages to the text search field to filter results.
• SAP Analytics Cloud > Learning > Data Connections
• SAP Analytics Cloud > Learning > Guided Playlists
• SAP Analytics Cloud > Learning > Guided Playlists > Getting Support
• Need More Help? Contact Support or visit the solution finder today!

Your feedback is important to help us improve our knowledge base.

SAP Cloud for Planning, sc4p, c4p, cforp, cloudforplanning, Cloud for Analytics, Cloud4Analytics, CloudforAnalytics, Cloud 4 Planning, BOC, SAPBusinessObjectsCloud, BusinessObjectsCloud, BOBJcloud, BOCloud., SAC, SAP AC, Cloud-Analytics, CloudAnalytics, SAPCloudAnalytics,Error, Issue, System, Data, User, Unable, Access, Connection, Sac, Connector, Live, Acquisition, Up, Set, setup, Model, BW, Connect, Story, Tenant, Import, Failed, Using, Working, SAML, SSO, sapanalyticscloud, sap analytical cloud, sap analytical cloud, SAC, sap analyst cloud, connected, failure, stopped, api, oauth, idp , KBA , LOD-ANA-AUT , SAC Authentication / Login , Problem