/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
You are setting up embedded SAC (eSAC) in your SAP Cloud for Customer (C4C) system. When you try to activate users, you get the error: User Activation Failed.
In other scenarios, the activation may go through, however the users cannot create stories due to authentication error messages such as:
It seems that you don't have an active account. Please contact your system administrator and ensure you have an active account on this system
tenantid.sapanalytics.cloud refused to connect
You may also see the below errors in the browser console logs:
Refused to display 'tenantid.dcid.sapanalytics.cloud/' in a frame because it set 'X-Frame-Options' to 'sameorigin'
Unsafe attempt to initiate navigation for the frame with origin 'https://sso.idp.thirdparty.com' from frame with URL 'https://xyz.ab1.sapanalytics.cloud/sap/fpa/ui/tenants/a1234/bo/story'. The frame attempting navigation is neither same-origin with the target, nor is it the target's parent or opener.
Environment
- SAP Cloud for Customer
- SAP Analytics Cloud, embedded edition
Reproducing the Issue
The exact steps depend on the scenario. For example:
- Go to the work center Business Analytics and the view Common Tasks.
- Click Manage Users for SAC.
- Select a user and click Activate.
You will get the error User Activation Failed.
Cause
This integration only supports SSO login and there is an authentication value mismatch between the Identity Provider (IdP) system and the target eSAC system.
Resolution
In your SAP or Third-Party IdP system, there is a separate application in addition to C4C required for the eSAC tenant authentication. This application should have Entity ID in format 'tenantid.dcid.sapanalytics.cloud'. Under the trust / claim settings, the unique / subject name identifier must refer to a value that can be authenticated by eSAC.
For example:
If Subject Name Identifier in C4C is User ID, the setting in the IdP should refer to an attribute that contains a matching User ID
If Subject name Identifier in C4C is User E-mail, the setting in the IdP should refer to an attribute that contains a matching email address
Note: Authentication in eSAC is case-sensitive, SAPUSER01 does not match SaPuSeR01
See Also
Keywords
embedded sac, business analytics, cannot create story, login issue, user activation failed, capital letters, upper case, lower case, subject name identifier , KBA , AP-RC-ANA-SAC , C4C, ByD: SAC Integration , How To
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)