Symptom
There are different types of user provisioning for SAP Analytics Cloud:
-
Through the SAC UI
-
SAML
-
SCIM API.
The IPS tool uses the SCIM API to provision users in SAC. The advantage of using SCIM user provisioning over SAML provisioning is that when using SAML, new users are created, and changes are made only during login. The SCIM API, on the other hand, makes changes on the backend when they happen, so updates occur without requiring a user login.
SAP IPS (Identity Provisioning Service) provides an out of the box connector for SAP Analytics Cloud. The main use case of IPS is to read users and groups from a source system and provision them to a target system. Filtering and/or mapping can be applied during job execution. The main benefit of SAP IPS is that you don’t have to write an app specific for managing users - IPS calls the SCIM API for you.
Environment
-
SAP Analytics Cloud (Enterprise) 2021.20.12
Resolution
-
In SAP IPS go to “Source Systems” and click “Add”.
-
Fill out the information under “Details” tab: source system type, name. Optional: destination name and description. Then click “Save”.
-
Set up communication between IPS and source system (looking at Identity Authentication here) and configure your authentication method (certificate or basic).
-
In Identity Authentication go to Administrators -> Add new system. This adds a new administrator of type System.
-
Assign Manage Users and Manage Groups authorization roles to your technical user.
-
For Basic Authentication, configure your password and user ID will be generated for you. You need to remember password and generated ID to complete the next step.
For more information on adding an Administrator - see here
If you are using another source system type, look for it in the menu - Source Systems and follow the steps to create a User ID and Password for the next step.
-
Go to “Properties” tab and click on “Edit”. Select “+” to add more properties.
Here is the list of properties to add if using Identity Authentication as your source system with Basic Authentication (no certificate):
Authentication
Basic Authentication
Password
Password of Identity Authentication technical user
Proxy Type
Internet
Type
HTTP
URL
URL of your Identity Authentication tenant
User
User ID of Identity Authentication technical user
For additional properties - see here. If you are using another source system type, look for it in the Source Sytems Menu.
-
Now we move on to the target system. We will be setting SAP Analytics Cloud as your target system. Go to Target System page in SAP IPS and click "Add".
-
Fill out the details and click "Save"
-
Now go to your SAC tenant and add a new OAuth Client. For steps to follow - see here. Make sure to select
Purpose: API Provisioning
Access: User Provisioning
Also make to remember your secret, OAuth Client ID, and Token URL for the next step
-
Go to the "Properties" tab and click "Edit", then add the following properties by clicking on the "+"
Add the following properties:
Authentication
Basic Authentication
ips.http.header.x-ignore-roles-if-missing
true or false (See note below*)
OAuth2TokenServiceURL
URL of the access token provider service
Password
Client secret from Step 7
ProxyType
Internet
Type
HTTP
URL
URL for your SAP Analytics Cloud system
User
Client ID from Step 7
(*) When you are updating users/groups, the SCIM API is expecting to get the assigned roles. This property defines whether the role assignments in SAP Analytics Cloud will be removed or not as a result of an update operation. In order to keep the roles unchanged. Setting this to true keeps the roles unchange. More details in kbase 3092730
Additional Resources:
-
Additional help for configuring the SAC Tenant as a target can be found here
-
How to run user provisioning jobs can be found here
-
SAP IPS Documentation can be found here
See Also
- 2569847 - Where can you find SAC user assistance (help) to use, configure, and operate it more effectively?
- Have a question? Ask it here and let our amazing SAP community help! Or reply and share your knowledge!
- 2487011 - What information do I need to provide when opening an case for SAP Analytics Cloud?
- 2511489 - Troubleshooting performance issues in SAP Analytics Cloud
- Search for SAP Analytics Cloud content using Google or Bing:
- https://www.google.ca/search?q=site%3Ahttps%3A%2F%2Fapps.support.sap.com+SAP+Analytics+Cloud
- https://www.bing.com/search?q=site%3Ahttps%3A%2F%2Fapps.support.sap.com+SAP+Analytics+Cloud
- Note: Add relevant text or warning/error messages to the text search field to filter results.
- SAP Analytics Cloud Connection Guide
- Getting Started with SAP Analytics Cloud Expert Community page
- SAP Analytics Cloud Get More Help and SAP Support
- Need More Help? Contact Support or visit the solution finder today!
Your feedback is important to help us improve our knowledge base.
Keywords
SAP Cloud for Planning, sc4p, c4p, cforp, cloudforplanning, Cloud for Analytics, Cloud4Analytics, CloudforAnalytics, Cloud 4 Planning, BOC, SAPBusinessObjectsCloud, BusinessObjectsCloud, BOBJcloud, BOCloud., SAC, SAP AC, Cloud-Analytics, CloudAnalytics, SAPCloudAnalytics,Error, Issue, System, Data, User, Unable, Access, Connection, Sac, Connector, Live, Acquisition, Up, Set, setup, Model, BW, Connect, Story, Tenant, Import, Failed, Using, Working, SAML, SSO, sapanalyticscloud, sap analytical cloud, sap analytical cloud, SAC, sap analyst cloud, connected, failure, stopped, sap analyst cloud, https://hcs.cloud.sap, https://hanacloudservices.cloud.sap, https://cloudanalytics.accounts.ondemand.com, https://hanacloudservices-us.accounts.ondemand.com, https://www.sap.com, https://help.sap.com, predictive analytics (analysis), data analysis (analytics) tools, analytics tools, sap analytics cloud, data literacy, advanced analytics, data democratization, analytics software, real time analytics, self service analytics, advanced data analytics, analytics as a service, analytics cloud / cloud analytics, saas analytics, cloud bi, enterprise planning, cloud data analytics, cloud based analytics, analytics cloud platform, modern analytics, real time analysis, cloud analytics solution(s), what is sap analytics cloud, cloud analytics tools, analytics in the cloud, cloud analytics software, SCIM, IPS , KBA , LOD-ANA-ADM , SAC Administration , BC-IAM-IPS , Identity Provisioning Service (IPS) , Problem