Follow this procedure to set up Sales Cloud – Analytics & AI as a source system.
This system is available for bundle tenants running on SAP Cloud Identity infrastructure and standalone tenants running on SAP Cloud Identity infrastructure and SAP BTP, Neo environment. Bundle tenants running on Neo environment can use it only through SAP Jam Collaboration and SAP Identity Access Governance bundle options.
You have technical user credentials for an Sales Cloud – Analytics & AI (in short, SCAAI) system with read and write access permissions.
After fulfilling the prerequisites, follow the procedure to add a source system for Sales Cloud – Analytics & AI to read users and user assignments to groups. This source system consumes SCIM 2.0 API provided by SCAAI.
-
Access the Identity Provisioning UI.
-
Sign in to the administration console of SAP Cloud Identity Services and navigate to Identity Provisioning > Source Systems.
-
Add Sales Cloud – Analytics & AI as a source system. For more information, see Add New Systems.
-
Choose the Properties tab to configure the connection settings for your system.
If your tenant is running on SAP BTP, Neo environment, you can create a connectivity destination in your subaccount in the SAP BTP cockpit, and then select it from the Destination Name combo box in your Identity Provisioning User Interface.
If one and the same property exists both in the cockpit and in the Properties tab, the value set in the Properties tab is considered with higher priority.
We recommend that you use the Properties tab. Use a connectivity destination only if you need to reuse one and the same configuration for multiple provisioning systems.
Mandatory Properties
Property Name
Value
TypeEnter: HTTP
URLSpecify the URL to the SCIM API portal of your SCAAI system.
ProxyTypeEnter: Internet
AuthenticationEnter: BasicAuthentication
UserEnter the user for your SCAAI system.
Password(Credential) Enter the password for your SCAAI user.
OAuth2TokenServiceURLEnter the URL to the OAuth2 token service.
If not sure about the exact URL, ask your SCAAI administrator.
(Optional)
sales.cloud.analytics_ai.group.filterEnter a group filter criteria, according to the API syntax of SCAAI.
For example: displayName eq "first_group"
(Optional)
sales.cloud.analytics_ai.user.filterEnter a user filter criteria, according to the API syntax of SCAAI.
For example: externalId eq "John123"
To learn what additional properties are relevant to this system, see List of Properties. You can use the main search, or filter properties by the Name or System Type columns.
Exemplary destination:
Type=HTTPAuthentication=BasicAuthenticationProxyType=InternetURL=http://myscaai:8080/scim\_servicesUser=MySCAAIUserPassword=************OAuth2TokenServiceURL=http://myscaai:8080/gateway\_services/api/auth/ips/token -
(Optional) Configure the transformations.
Transformations are used to map the user attributes from the data model of the source system to the data model of the target system, and the other way around. The Identity Provisioning offers a default transformation for the Sales Cloud – Analytics & AI source system, whose settings are displayed under the Transformations tab after saving its initial configuration.
You can change the default transformation mapping rules to reflect your current setup of entities in your SCAAI system. For more information, see Manage Transformations.
The behavior of the default transformation logic is to read all user attributes from the source SCAAI system, and then map them to the internal SCIM representation. It uses
entityIdSourceSystemto store the unique ID of the identity.Default transformation:
{ "user": { "mappings": [ { "sourcePath": "$.id", "targetVariable": "entityIdSourceSystem" }, { "sourcePath": "$.schemas", "preserveArrayWithSingleElement": true, "targetPath": "$.schemas" }, { "sourcePath": "$.userName", "targetPath": "$.userName", "correlationAttribute": true }, { "sourcePath": "$.groups", "targetPath": "$.groups", "preserveArrayWithSingleElement": true, "optional" : true }, { "type": "remove", "targetPath": "$.groups[*].display" }, { "type": "remove", "targetPath": "$.groups[*].ref" } ] }, "group": { "mappings": [ { "sourcePath": "$.id", "targetVariable": "entityIdSourceSystem" }, { "constant": "urn:ietf:params:scim:schemas:core:2.0:Group", "targetPath": "$.schemas[0]" }, { "sourcePath": "$.displayName", "targetPath": "$.displayName" }, { "optional": true, "preserveArrayWithSingleElement": true, "sourcePath": "$.members", "targetPath": "$.members" }, { "type": "remove", "targetPath": "$.members[*].$ref" }, { "type": "remove", "targetPath": "$.members[*].display" } ] } } -
Now, add a target system to provision users and their group assignments to it. Choose from: Target Systems
- Before starting a provisioning job, you can first subscribe for e-mail notifications from the source system you use in your scenario. This way, you will be notified by e-mail about eventual failed entities during the jobs. For more information, see Manage Job Notifications.
- Now, start an identity provisioning job. For more information, see Monitor Provisioning Job Logs.