SAP Knowledge Base Article - Public

3563695 - How to create Odata connection to SAP Datasphere in SAP Analytics Cloud (SAC)

Symptom

  • It is requested to create a new OData Service Connection in SAP Analytics Cloud connecting to SAP Datasphere
  • Which authentication types should be selected?
  • What configuration should be done in advance on SAP Datasphere tenant?

Environment

  • SAP Analytics Cloud (SAC)
  • SAP Datasphere

Cause

  • You need to create an OAuth2.0 client with an Interactive Usage purpose in SAP Datasphere to consume data via the OData API, which requires a valid SAML-based user context.

Resolution

Scenario 1: Log on to both SAC and Datasphere in same browser session

  1. Log on to SAC tenant and navigate to Connections > Create a new OData Service Connection.
  2. Authentication Type set to Oauth 2.0 Authorization Code, then note down the Redirect URL for this connection.
  3. Keep the dialog open and open a new browser tab to logon to SAP Datasphere system, navigate to System > Administration > App Integration
  4. Note down Authorization URL and Token URL under Oauth Clients in this page.
  5. Click to add an Oauth Client
  6. Give it a name and Purpose set to Interactive Usage, for Redirect URL input the information copied in step 2
  7. Click Add and Copy the Secret (The secret Key for this Oauth client can only be copied during creation.)
  8. Note down the Client ID for this new-created Oauth Client in SAP Datasphere.
  9. Navigate back to SAC and open the previous page for creating Odata Service Connection.
  10. Give it a connection name.
  11. Data Service URL should be in following format:
    https://<TenantURL>.cloud.sap/api/v1/dwc/consumption/relational/<SpaceID>/<View>
  12. Oauth Client ID please use the ID copied in step8.
  13. Secret is the Secret key copied in step7.
  14. Input Token URL and Authorization URL copied in step4.
  15. Click Create.
    => One Pop-up dialog to Datasphere IdP will appear and then closed automatically without inputting any user credential due to existing session of SAP Datasphere in same browser window.

Scenario 2: Log on to both SAC and Datasphere (using same IdP) in different browser session

  1. Log on to SAC tenant and navigate to Connections > Create a new OData Service Connection.
  2. Authentication Type set to Oauth 2.0 Authorization Code, then note down the Redirect URL for this connection.
  3. Open a new private browser window (or another browser) to logon to SAP Datasphere system, navigate to System > Administration > App Integration
  4. Note down Authorization URL and Token URL under Oauth Clients in this page.
  5. Click to add an Oauth Client
  6. Give it a name and Purpose set to Interactive Usage, for Redirect URL input the information copied in step 2
  7. Click Add and Copy the Secret (The secret Key for this Oauth client can only be copied during creation.)
  8. Note down the Client ID for this new-created Oauth Client in SAP Datasphere.
  9. Navigate back to SAC in the other browser window where the connection dialog is still open.
  10. Give it a connection name.
  11. Data Service URL should be in following format:
    https://<TenantURL>.cloud.sap/api/v1/dwc/consumption/relational/<SpaceID>/<View>
  12. Oauth Client ID please use the ID copied in step8.
  13. Secret is the Secret key copied in step7.
  14. Input Token URL and Authorization URL copied in step4.
  15. Click Create.
    => One Pop-up dialog to Datasphere IdP will appear and then closed automatically without inputting any user credential due to existing IdP session (SAC is using same IdP).

Scenario 3: Log on to both SAC and Datasphere (using different IdP) in different browser session

  1. Log on to SAC tenant and navigate to Connections > Create a new OData Service Connection.
  2. Authentication Type set to Oauth 2.0 Authorization Code, then note down the Redirect URL for this connection.
  3. Open a new private browser window (or another browser) to logon to SAP Datasphere system via different IdP, navigate to System > Administration > App Integration
  4. Note down Authorization URL and Token URL under Oauth Clients in this page.
  5. Click to add an Oauth Client
  6. Give it a name and Purpose set to Interactive Usage, for Redirect URL input the information copied in step 2
  7. Click Add and Copy the Secret (The secret Key for this Oauth client can only be copied during creation.)
  8. Note down the Client ID for this new-created Oauth Client in SAP Datasphere.
  9. Navigate back to SAC in the other browser window where the connection dialog is still open.
  10. Give it a connection name.
  11. Data Service URL should be in following format:
    https://<TenantURL>.cloud.sap/api/v1/dwc/consumption/relational/<SpaceID>/<View>
  12. Oauth Client ID please use the ID copied in step8.
  13. Secret is the Secret key copied in step7.
  14. Input Token URL and Authorization URL copied in step4.
  15. Click Create.
    => One Pop-up dialog to Datasphere IdP will appear and due to missing SAML-based user context,  you need to enter user credential which could be used to log on to SAP Datasphere.

Additional Note:

  • Same behavior with pop-up to Datasphere IdP could be also observed when using the connection to create model.
  • It is recommended to check option Share these credentials when sharing this connection. Otherwise, another SAC user getting the connection share needs to enter all OAuth information (Client ID, Secret, Token URL, Authorization URL) at the first time when using the connection to either create model or refresh job.

See Also

Keywords

SAC, odata, datasphere, Best practice, guide, document, DWC, imported, import, acquired , KBA , LOD-ANA-AQU-ODATA , Acquiring Data into SAC using an ODATA connection , Problem

Product

SAP Analytics Cloud 1.0