Prerequisites

The following are the prerequisites to use the SailPoint SAP BTP Cockpit Cloud Foundry SaaS connector for the desired BTP license types:

Note
The S-User associated with the SAP BTP Global account (with required permissions) should create credentials for individual target layers (Global account/ Directory/ Subaccounts) for further governance operations. For more information, refer to Required Permissions.

SailPoint supports identity governance for SAP BTP Cockpit using the XSUAA service of Cloud Foundry.

To access the XSUAA API service, you can choose one of the following methods:

Using BTP command line interface (CLI) (applicable for Global account/ Directories/ Subaccounts)
Using BTP user-interface (UI) (applicable for Subaccounts only)

Steps for creating credentials using BTP CLI for the targeted BTP account

Download BTP CLI from here, and extract the client file from the downloaded archive.
Copy the client executable from the unpacked folder to the designated directory as shown below:
- For Linux: /usr/local/bin
- For macOS: /usr/local/bin
- For Windows: C:/Users/<your-user>
Log in to the global account from a browser with S-User, who has Global Account Administrator Role collection entitlement.

Important
Ensure you clear the browser cache before logging in to avoid incorrect SSO login issues caused by a previous session with another user.
Run the command in the terminal using the sequence below:
1. Log in to BTP CLI via SSO using:
  
  btp login --sso
2. The above command prompts for the following inputs:
  
  CLI server URL [https://cli.btp.cloud.sap]>
  
  Make sure to enter https://cli.btp.cloud.sap string as a CLI server URL input. This should open a new browser tab for SSO approval.
  
  Select Yes to log in to SAP BTP.
  
  Screenshot
  
  After approval, you may be prompted to select a global account from multiple options. Select the appropriate global account.
3. Create credentials using the following command:
  
  btp create security/api-credential --name <desired_name>
  
  Use a name <desired_name> that can serve as user-friendly identifier to store the credentials - Client ID, Client Secret, Token URL, and API URL. These credentials are necessary for configuring the SailPoint source with the targeted BTP layer.

Steps for creating credentials for any targeted layer (Global account/ Directory/ Subaccount) within the BTP Cockpit is as follows:

Open CLI.
Use the following command to change the target layer:

btp target
Select the appropriate options to choose your desired target layer. For example, you can select ‘…’ to switch to the global account.

Screenshot
Once the target is changed, create new credentials using the command mentioned in previous step.

Steps for creating credentials using BTP subaccount UI for the targeted BTP account

Log in to BTP Cockpit and go to the desired subaccount:
1. Log in to the SAP Business Technology Platform (BTP) Cockpit.
2. Go to the subaccount (with ‘Subaccount Administrator’ rights) for which you want to manage identities.
Create the authorization and trust management service:
1. In the left navigation pane, go to Services and search for Authorization and Trust Management Service.
2. Select Create to create a service with the following settings:
  - Plan: apiaccess
  - Runtime Environment: Cloud Foundry
  - Space: ABAP_space (or your desired space)
  - Instance Name: <desired_Instance_name>
3. Select Next.
Configure Service Parameters. On the Parameters screen, select Next.
Review and Confirm page :
1. On the Review screen, select Create.
  
  Note
  Ensure that under the Instances & Subscriptions tab, the Authorization and Trust Management Service is listed.
Create a Service Key:
1. Select the ellipses(...) next to the listed service.
2. Select Create Service Key.
3. Enter an appropriate Service Key Name and select Create to create a new service key.
Retrieve Credentials:
1. Once the service key is created, select the ellipses (...) again.
2. Select either View or Download to retrieve the following credentials:
  - Client ID
  - Client Secret
  - Token URL
  - API URL
  These credentials are necessary for configuring the SailPoint source with the targeted BTP layer.
  
  Note
  Here, the url corresponds to the Token URL, and apiurl corresponds to the API URL.

Important
The individual set of credentials generated using either of the methods mentioned above applies to each SailPoint BTP Cockpit Cloud Foundry connector. The mapping of these credentials for setting up the connection is as follows:

Token URL corresponds to the Token URL.
API URL corresponds to the Host URL.
Client ID corresponds to the Client ID.
Client Secret corresponds to the Client Secret.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Prerequisites

Documentation Feedback