/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
When attempting to create a User to <SAC-Tenant>/api/v1/scim/Users it does not succeed and the following response code is received.
{
"timestamp": <Date>,
"status": 403,
"error": "Forbidden",
"path": "/api/v1/scim/Users"
}
Environment
- SAP Analytics Cloud 2022.24.0
- API-Environment - Postman
Reproducing the Issue
- Navigate to SAC tenant -> System -> Administration -> App Integration
- Click on 'Add a New OAuth Client' under OAuth Clients.
- Provide a name, select the purpose as Interactive Usage and API Access and then select 'User Provisioning' from the access drop down menu list.
- From Postman perform a POST Request to the token URL (Found on App Integration page) with ?grant_type=client_credentials at the end. Select the Authorization tab (next to params) and select the type of authentication to 'Basic Auth' and enter the ClientID and Secret (Auto populated after creating OAuth Client) in the username and password fields.
- If successful, you will return a JSON object with the following properties: - access_token: string, token_type: string, expires_in: number, scope: string, jti: string. Retrieve the access token that will be used in the next request to the API URL.
- Perform a GET request to <SAC-Tenant>/api/v1/scim/Users and include the following headers: Authorization - Bearer <access_token>, x-sap-sac-custom-auth: true, x-csrf-token: fetch.
- If successful status code of 200, click on the headers tab that is 2 across from the response body and retrieve the the string value of the x-csrf-token.
- Perform a POST request to <SAC-Tenant>/api/v1/scim/Users and include the following headers: Authorization - Bearer <access_token>, x-sap-sac-custom-auth: true, x-csrf-token: <string> retrieved from previous GET request network headers. If this final header is not included or misspelt, the described error in the symptom will occur.
- Click on the body tab next to headers on the right beneath the URL bar, beneath this select raw and then at the far right change the drop down option from text to JSON.
- In the text editor, populate the fields with the following request schema:
{ "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User", ] "userName":"<user@email.com>", "name": { "givenName":"<User_Given_Name>", "familyName":"<User_Family_Name>" }, "displayName":"<User_Display_Name>", "emails":[ { "value":"<user@email.com>", "type":"work", "primary":true } ], "roles":[], "groups":[], "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": { "manager": { "managerId": "" } } }
Cause
There are insufficient or incorrect values in the header objects in the request.
Resolution
Please include 'x-csrf-token' in the headers request to complete the operation successfully.
See Also
- 2569847 - Where can you find SAC user assistance (help) to use, configure, and operate it more effectively?
- Have a question? Ask it here and let our amazing SAP community help! Or reply and share your knowledge!
- 2487011 - What information do I need to provide when opening a case for SAP Analytics Cloud?
- 2511489 - Troubleshooting performance issues in SAP Analytics Cloud
- Search for SAP Analytics Cloud content using Google or Bing:
- https://www.google.com/search?q=site%3Ahttps%3A%2F%2Fuserapps.support.sap.com+SAP+Analytics+Cloud
- https://www.bing.com/search?q=site%3Ahttps%3A%2F%2Fuserapps.support.sap.com+SAP+Analytics+Cloud
- Note: Add relevant text or warning/error messages to the text search field to filter results.
- SAP Analytics Cloud Connection Guide
- Getting Started with SAP Analytics Cloud Expert Community page
- SAP Analytics Cloud Get More Help and SAP Support
- Need More Help? Contact Support or visit the solution finder today!
Keywords
SAP Cloud for Planning, sc4p, c4p, cforp, cloudforplanning, Cloud for Analytics, Cloud4Analytics, CloudforAnalytics, Cloud 4 Planning, BOC, SAPBusinessObjectsCloud, BusinessObjectsCloud, BOBJcloud, BOCloud., SAC, SAP AC, Cloud-Analytics, CloudAnalytics, SAPCloudAnalytics,Error, Issue, System, Data, User, Unable, Access, Connection, Sac, Connector, Live, Acquisition, Up, Set, setup, Model, BW, Connect, Story, Tenant, Import, Failed, Using, Working, SAML, SSO, sapanalyticscloud, sap analytical cloud, sap analytical cloud, SAC, sap analyst cloud, connected, failure, stopped, sap analyst cloud, https://hcs.cloud.sap, https://hanacloudservices.cloud.sap, https://cloudanalytics.accounts.ondemand.com, https://hanacloudservices-us.accounts.ondemand.com, https://www.sap.com, https://help.sap.com, predictive analytics (analysis), data analysis (analytics) tools, analytics tools, sap analytics cloud, data literacy, advanced analytics, data democratization, analytics software, real time analytics, self service analytics, advanced data analytics, analytics as a service, analytics cloud / cloud analytics, saas analytics, cloud bi, enterprise planning, cloud data analytics, cloud based analytics, analytics cloud platform, modern analytics, real time analysis, cloud analytics solution(s), what is sap analytics cloud, cloud analytics tools, analytics in the cloud, cloud analytics software epm, business intelligence, api, scim, user provisioning
Product
SAP Analytics Cloud 1.0
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)