Required Permissions

Settings Required for IPS Proxy System Connection

  • Configuration required from the IBP system.

    Following are the steps for creating a communication user, including communication system and communication arrangement to be used in IPS proxy system:

    Following are the steps to create a communication user from the SAP IBP system: 

    1. Search and select the Maintain Communication Users tile on the homepage.

    2. Select New to create a new communication user.

    3. Enter a unique User Name and relative Description.

    4. Either provide a password (basic authentication) or upload certificates for certificate-based authentication.

      • For basic authentication, provide a password for the user.

      • For certificate-based authentication, upload the certificate you have generated in the Identity Provisioning UI.

      In your newly added SAP Integrated Business Planning for Supply Chain proxy system, select the Certificate tab and choose Generate Download, as described in Generate and Manage Certificates for Outbound Connection. For more information, refer to SAP Integrated Business Planning for Supply Chain.

    5. Select Save.

    Following are the steps to create a communication system from the SAP IBP system: 

    1. Search and select the Communication System tile on the homepage.

    2. Select New to create a new communication system.

    3. Enter the System ID and System Name (Provide any system relative name).

    4. Enter the Host Name (Host Name of the IPS system).

    5. Go to Users for Inbound Communication.

    6. Select the + (plus) button.

    7. Select the Authentication Method as User Name and Password or SSL Client Certificate.

    8. Enter the User Name or the Client ID by selecting a communication user created in the Steps for creating a communication user.

    9. Select OK and then Save.

    Following are the steps to create a communication arrangement from the SAP IBP system: 

    1. Search and select the Communication Arrangements tile on the homepage.

    2. Select New to create new communication arrangements.

    3. Select communication scenario SAP_COM_0193 (Identity Provisioning Integration).

    4. Select Create and update the arrangements as per your choice.

    5. Select the Communication System created in the Steps for creating a communication system.

    6. Select Save.

  • Configuration required from the IPS system.

    Following are the steps for creating a technical user including the proxy system.

    Following are the steps to create the technical user from the SAP IPS system: 

    1. To enable basic authentication, sign in to the SAP Cloud Identity Services admin console, and go to Users and Authorizations > Administrators.

    2. Add an administrator user of the type System, and then provide the name of the user.

    3. In the Configure Authorizations, select Access Proxy System API permission, and then select Save.

    4. Go to Configure System Authentication > Secrets > Add, provide Description and expires in, and then select Save.

    5. Copy and save the Client Secret and Client ID. These are the technical user credentials that you will use to communicate with SAP.

    Important
    SailPoint recommends using the import file for creating the proxy system from the SAP IBP system.

    You can create the proxy system from the SAP IPS system in two ways: 

      1. Sign in to the SAP Cloud Identity Services admin console. Go to Identity Provisioning > Proxy Systems, and then select +Add.

      2. Go to Define from File section, select Browse to upload the SAP IBP Proxy System JSON file.

      3. Provide the System Name as per your preference, go to Properties tab and update the properties from the SAP IBP Proxy System Properties table containing properties of the SAP IBP proxy system.

      4. Select Save.

      1. Sign in to the SAP Cloud Identity Services admin console. Go to Identity Provisioning > Proxy Systems, and then select +Add.

      2. Enter the following values on the configuration details page.

        • Type: SAP Integrated Business Planning for Supply Chain

        • System Name: User defined name

        • Description: User defined description

      3. Select Save.

      4. Set the Read Transform to exchange data within the target system in the SCIM2 compliant format.

        1. Select Read Transformation, and switch to the JSON editor.

        2. Select Edit, and replace the transformation content with the provided read transform JSON file.

        3. Select Save.

      5. Set the Write Transform to exchange data within the target system in the SCIM2 compliant format.

        1. Select Write Transformation, and switch to the JSON editor.

        2. Select Edit, and replace the transformation content with the provided write transform JSON file.

        3. Select Save.

      6. Select Properties. It is mandatory to set properties to configure the proxy connection to target systems. Enter the values from the SAP IBP Proxy System Properties table containing properties of the SAP IBP proxy system and then, select Save.

    SAP IBP Proxy System Properties

    The table below outlines the properties of the SAP IBP proxy system with required description and values:

    Property Name

    Description and Values

    Type

    Enter HTTP

    URL

    Enter the URL to your SAP IBP system. For example, https://<tenant_id>-api.scimbp1.ondemand.com

    ProxyType

    Enter Internet

    Authentication

    Enter your authentication method: 

    • BasicAuthentication

    • ClientCertificateAuthentication

    User

    Valid if using the basic authentication method.

    Enter the user name from the communication arrangement. This is the user name created in the Steps for creating a communication user section.

    Warning
    Do not use commas (,) as they are not supported.

    Password

    Valid if using the basic authentication method.

    Enter the password for the communication user.

    Warning
    Do not use commas (,) as they are not supported.

    ibp.skip.read.archived

    In the event of archived (disabled) entities in your SAP IBP system, choose whether the provisioning jobs continue reading those entities or skip them.

    By default, this is enabled. If you want to always read disabled identities, set the property to false or delete it.

    ibp.user.roles.overwrite

    This property defines whether the current roles of a user are preserved or overwritten by the identity provisioning service within the SAP IBP proxy system in a hybrid scenario.

    • If set to true, the current user roles will be deleted in the proxy system, and the user will be updated only with the roles provisioned by the service.

    • If set to false, the current user roles will be preserved and the new roles (if any) will be added for the relevant user in the proxy system.

    ips.date.variable.format

    yyyy-MM-dd

    For more information, refer to the SAP IBP documentation.