SAP Knowledge Base Article - Public

3165353 - How to Configure IPS to connect to SAP Analytics Cloud (SAC)


There are different types of user provisioning for SAP Analytics Cloud:

  • Through the SAC UI

  • SAML


The IPS tool uses the SCIM API to provision users in SAC. The advantage of using SCIM user provisioning over SAML provisioning is that when using SAML, new users are created, and changes are made only during login. The SCIM API, on the other hand, makes changes on the backend when they happen, so updates occur without requiring a user login.

SAP IPS (Identity Provisioning Service) provides an out of the box connector for SAP Analytics Cloud. The main use case of IPS is to read users and groups from a source system and provision them to a target system. Filtering and/or mapping can be applied during job execution. The main benefit of SAP IPS is that you don’t have to write an app specific for managing users - IPS calls the SCIM API for you.


  • SAP Analytics Cloud (Enterprise) 2021.20.12


  1. In SAP IPS go to “Source Systems” and click “Add”.


  2. Fill out the information under “Details” tab: source system type, name. Optional: destination name and description. Then click “Save”.


  3. Set up communication between IPS and source system (looking at Identity Authentication here) and configure your authentication method (certificate or basic).

    1. In Identity Authentication go to Administrators -> Add new system. This adds a new administrator of type System.

    2. Assign Manage Users and Manage Groups authorization roles to your technical user.

    3. For Basic Authentication, configure your password and user ID will be generated for you.  You need to remember password and generated ID to complete the next step.


      For more information on adding an Administrator - see here

      If you are using another source system type, look for it in the menu - Source Systems and follow the steps to create a User ID and Password for the next step.

  4. Go to “Properties” tab and click on “Edit”. Select “+” to add more properties.


    Here is the list of properties to add if using Identity Authentication as your source system with Basic Authentication (no certificate):


    Basic Authentication


    Password of Identity Authentication technical user

    Proxy Type





    URL of your Identity Authentication tenant


    User ID of Identity Authentication technical user

    For additional properties - see here.  If you are using another source system type, look for it in the Source Sytems Menu.

  5. Now we move on to the target system. We will be setting SAP Analytics Cloud as your target system. Go to Target System page in SAP IPS and click "Add".


  6. Fill out the details and click "Save"


  7. Now go to your SAC tenant and add a new OAuth Client.  For steps to follow - see here.  Make sure to select

    Purpose: API Provisioning

    Access: User Provisioning

    Also make to remember your secret, OAuth Client ID, and Token URL for the next step

  8. Go to the "Properties" tab and click "Edit", then add the following properties by clicking on the "+"


    Add the following properties:


    Basic Authentication


    true or false (See note below*)


    URL of the access token provider service


    Client secret from Step 7






    URL for your SAP Analytics Cloud system


    Client ID from Step 7

    (*) When you are updating users/groups, the SCIM API is expecting to get the assigned roles. This property defines whether the role assignments in SAP Analytics Cloud will be removed or not as a result of an update operation. In order to keep the roles unchanged.  Setting this to true keeps the roles unchange. More details in kbase 3092730

Additional Resources:

  • Additional help for configuring the SAC Tenant as a target can be found here

  • How to run user provisioning jobs can be found here

  • SAP IPS Documentation can be found here


See Also

Your feedback is important to help us improve our knowledge base.


SAP Cloud for Planning, sc4p, c4p, cforp, cloudforplanning, Cloud for Analytics, Cloud4Analytics, CloudforAnalytics, Cloud 4 Planning, BOC, SAPBusinessObjectsCloud, BusinessObjectsCloud, BOBJcloud, BOCloud., SAC, SAP AC, Cloud-Analytics, CloudAnalytics, SAPCloudAnalytics,Error, Issue, System, Data, User, Unable, Access, Connection, Sac, Connector, Live, Acquisition, Up, Set, setup, Model, BW, Connect, Story, Tenant, Import, Failed, Using, Working, SAML, SSO, sapanalyticscloud, sap analytical cloud, sap analytical cloud, SAC, sap analyst cloud, connected, failure, stopped, sap analyst cloud,,,,,,, predictive analytics (analysis), data analysis (analytics) tools, analytics tools, sap analytics cloud, data literacy, advanced analytics, data democratization, analytics software, real time analytics, self service analytics, advanced data analytics, analytics as a service, analytics cloud / cloud analytics, saas analytics, cloud bi, enterprise planning, cloud data analytics, cloud based analytics, analytics cloud platform, modern analytics, real time analysis, cloud analytics solution(s), what is sap analytics cloud, cloud analytics tools, analytics in the cloud, cloud analytics software, SCIM, IPS , KBA , LOD-ANA-ADM , SAC Administration , BC-IAM-IPS , Identity Provisioning Service (IPS) , Problem


SAP Analytics Cloud 1.0