User provisioning is the automated process of creating users, that are later granted permissions to access business services and applications, to allow system to system communication, or to perform troubleshooting.
Please make sure that employee and business user data is maintained in accordance with the
login_attributesystem provisioning parameter (see Creating ABAP System) and the subject name identifier configured in the Identity Authentication application (see Configure the Subject Name Identifier Sent to the Application): Iflogin_attribute = emailis used, the email address at employee level needs to be maintained for identity federation to work, if login_attribute = user_name is configured, the username on business user level needs to match the login name provided in the identity authentication user.
Each business user created in the ABAP environment system has a unique and stable employee ID. Employees are maintained in the SAP Fiori app Maintain Employees. See Maintain Employees.
We recommend setting the employee ID by an HR system, which allows you to update master data in the Maintain Employees app, for example, when a business user has a new email address because of a name change, or if you want to edit the user information of the initial admin of an ABAP environment service instance.
The following provisioning methods to automate identity lifecycle processes for business users are available:
- SAP Fiori app Maintain Employees with CSV file upload. See Maintain Employees.
- SOAP service using communication scenario Identity Management Integration
SAP_COM_0093. See Inbound Service: Business User and Inbound Service: Business User - Read. - Identity Provisioning service using communication scenario SAP Cloud Identity Services - Identity Provisioning
SAP_COM_0193. See Identity Provisioning - SAP BTP ABAP Environment as a Target System.
To create new business users in the ABAP environment, we recommend using the Identity Provisioning service.
This requires setting up the Identity Authentication service as a source system for identity provisioning and managing employee information in the user store. The Identity Provisioning service can then read this information and map the Identity Authentication logon name to the ABAP environment employee ID. See Identity Authentication as a Source System and Tutorial: Provision Users into your SAP BTP ABAP Environment.
To create communication users, see How to Create Communication Users.
SAP support users are owned and created by SAP. However, in the Display Technical Users SAP Fiori app, you can check when and why SAP support users accessed your customer system in the past 12 months. See SAP Support User Request Log.
To create platform users and space members, see User and Member Management and Creating New Space Members and Assigning Space Developer Roles to Them.
Related Information