Follow this procedure to set up procurement data warehouse as a source system.
-
You obtain credentials to access the Procurement Data Warehouse API.
To obtain credentials to access the Procurement Data Warehouse API, create a case to the component BNS-ARI-PRI.
In response to the case, SAP provides the certificate needed to access the API as well as the URL for the procurement data warehouse enrollment service, which is landscape-specific and starts with
*.cloud.sap
. -
You established trust between your SAP BTP subaccount and the SAP Cloud Identity Services - Identity Authentication service. For more information, see Establishing Trust Automatically.
-
To configure your Procurement Data Warehouse provisioning system (see the procedure below), you will need to map your SAP Ariba application parameters to the relevant Identity Provisioning properties. The property mapping between the two systems is as follows:
Procurement Data Warehouse Application
Identity Provisioning
Values
API URL
URL
Examples:
procurement data warehouseOAuth Token URL
OAuth2TokenServiceURL
Examples:
OAuth Client ID
client_id
Enter the OAuth Client id used for access token retrieval.
-
To load transaction data into procurement data warehouse, you must have one or more of the following SAP Ariba applications:
- SAP Ariba Buying
- SAP Ariba Buying and Invoicing
- Guided sourcing capability for SAP Ariba Sourcing
- SAP Ariba Contracts
- SAP Ariba Spend Analysis
The procurement data warehouse is a capability that feeds analytics information from SAP Ariba applications, including guided sourcing capability for SAP Ariba Sourcing, SAP Ariba Buying and Invoicing, and SAP Spend Control Tower, to the embedded SAP Analytics Cloud. It provides data transfer, storage, loading, and reporting, and it drives visualization through advanced analytics dashboards.
You can use Identity Provisioning to configure procurement data warehouse as a source system where you can read users and groups and provision them to target systems of your choice for custom reporting. The source system consumes SCIM 2.0 API provided by procurement data warehouse.
-
Access the Identity Provisioning UI.
-
Sign in to the administration console of SAP Cloud Identity Services and navigate to Identity Provisioning > Source Systems.
-
Add Procurement Data Warehouse as a source system. For more information, see Add New Systems.
-
Choose the Properties tab to configure the connection settings for your system.
If your tenant is running on SAP BTP, Neo environment, you can create a connectivity destination in your subaccount in the SAP BTP cockpit, and then select it from the Destination Name combo box in your Identity Provisioning User Interface.
If one and the same property exists both in the cockpit and in the Properties tab, the value set in the Properties tab is considered with higher priority.
We recommend that you use the Properties tab. Use a connectivity destination only if you need to reuse one and the same configuration for multiple provisioning systems.
Mandatory Properties
Property Name
Description & Value
Type
Enter: HTTP
URL
Enter the SAP Analytics Cloud URL for your procurement data warehouse.
ProxyType
Enter: Internet
Authentication
Enter: ClientCertificateAuthentication
client_id
Enter the OAuth client id, generated for your procurement data warehouse. (see the Prerequisites section)
OAuth2TokenServiceURL
Enter the URL of the access token provider service for your procurement data warehouse instance.
This token URL is listed in the OAuth Clients section of the App Integration page.
(Optional)
pdw.user.filter
When specified, only those procurement data warehouse users matching the filter expression will be read. For example:
-
userName eq "Julie Armstrong"
-
userName sw "J"
-
emails eq "[email protected]"
(Optional)
pdw.group.prefix
This property distinguishes procurement data warehouse groups by specific prefix. It is an optional property which does not appear by default at system creation.
Example value:
PDW_
You can use the example value or provide your own.
When set in the source system, the prefix will be prepended to the name of the groups that are read from the procurement data warehouse source system and will be provisioned to the target system with the following name pattern:
PDW_<GroupDisplayName>
. This way procurement data warehouse groups in the target system will be distinguished from groups provisioned from other applications.If the property is not set, the procurement data warehouse groups will be read and provisioned to the target system with their actual display names.
To learn what additional properties are relevant to this system, see List of Properties. You can use the main search, or filter properties by the Name or System Type columns.
-
-
Configure the transformations.
Transformations are used to map the user attributes from the data model of the source system to the data model of the target system, and the other way around. The Identity Provisioning offers a default transformation for the procurement data warehouse source system, whose settings are displayed under the Transformations tab after saving its initial configuration.
You can change the default transformation mapping rules to reflect your current setup of entities in your procurement data warehouse system. For more information, see: Manage Transformations
To access the Procurement Data Warehouse API documentation, contact theProcurement Data Warehouse technical support.
Default transformation:
{ "user": { "mappings": [ { "sourcePath": "$.schemas", "targetPath": "$.schemas", "preserveArrayWithSingleElement": true }, { "sourcePath": "$.id", "targetVariable": "entityIdSourceSystem" }, { "sourcePath": "$.userName", "targetPath": "$.userName", "correlationAttribute": true }, { "sourcePath": "$.displayName", "targetPath": "$.displayName" }, { "sourcePath": "$.preferredLanguage", "optional": true, "targetPath": "$.preferredLanguage" }, { "sourcePath": "$.name", "targetPath": "$.name", "optional": true }, { "sourcePath": "$.active", "targetPath": "$.active" }, { "sourcePath": "$.emails", "targetPath": "$.emails", "preserveArrayWithSingleElement": true }, { "sourcePath": "$.emails[?(@.primary == true)].value", "optional": true, "correlationAttribute": true }, { "sourcePath": "$['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User']", "targetPath": "$['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User']", "optional": true }, { "sourcePath": "$['urn:ietf:params:scim:schemas:extension:sap:user-custom-parameters:1.0']", "targetPath": "$['urn:ietf:params:scim:schemas:extension:sap:user-custom-parameters:1.0']", "optional": true }, { "sourcePath": "$['urn:scim:schemas:extension:enterprise:1.0']", "optional":true, "targetPath": "$['urn:scim:schemas:extension:enterprise:1.0']" }, { "sourcePath": "$.roles", "targetPath": "$.roles", "preserveArrayWithSingleElement": true, "optional": true }, { "sourcePath": "$.photos", "preserveArrayWithSingleElement": true, "targetPath": "$.photos", "optional": true }, { "sourcePath": "$.groups", "targetPath": "$.groups", "preserveArrayWithSingleElement": true, "optional": true, "functions": [ { "condition": "'%pdw.group.prefix%' !== 'null'", "function": "concatString", "applyOnElements": true, "applyOnAttribute": "display", "prefix": "%pdw.group.prefix%" } ] } ] }, "group": { "ignore": true, "mappings": [ { "sourcePath": "$.schemas", "targetPath": "$.schemas", "preserveArrayWithSingleElement": true }, { "sourcePath": "$.id", "targetVariable": "entityIdSourceSystem" }, { "sourcePath": "$.displayName", "targetPath": "$.displayName", "functions": [ { "condition": "'%pdw.group.prefix%' !== 'null'", "function": "concatString", "prefix": "%pdw.group.prefix%" } ] }, { "sourcePath": "$.members", "targetPath": "$.members", "optional": true, "preserveArrayWithSingleElement": true }, { "sourcePath": "$['urn:ietf:params:scim:schemas:extension:sap:group-custom-parameters:1.0']", "targetPath": "$['urn:ietf:params:scim:schemas:extension:sap:group-custom-parameters:1.0']", "optional": true } ] } }
-
Now, add a target system to provision users and groups into it. Choose from: Target Systems
- Before starting a provisioning job, you can first subscribe for e-mail notifications from the source system you use in your scenario. This way, you will be notified by e-mail about eventual failed entities during the jobs. For more information, see Manage Job Notifications.
- Now, start an identity provisioning job. For more information, see Monitor Provisioning Job Logs.
Related Information