In this blog post, we discuss how to activate the SAP Build Workzone:Advanced edition.

The SAP BTP Customer Onboarding Series includes this blog, and we strive to maintain the onboarding series of blogs current with any changes in the product setup procedures.

We will discuss as below:

1.Log into the global account and assign the Global admin roles

2.Create subaccount and activate the cloud identity service

3.Setup Trust between SAP Identity Service – Identity Authentication, and BTP Subaccount

4.SAP Build Workzone: Advanced edition: Boosters

5.Post Boost configuration

6.Run the SAP Build Workzone: Advanced Edition

 

Here is a step-by-step guide for activating SAP Build Work Zone Advanced Edition:

1.Log into the global account and assign the Global admin roles, verify that your account has a global admin role, if you have no contact with the internal team. You must have the SAP BTP Global Administrator role to complete the next task.

2.Create subaccount and activate the cloud identity service:

a. Create a subaccount :

Log into the SAP BTP Cockpit and create a new subaccount from Account Explorer page.

Click to create then select subaccount.

 

Subaccount will be created.

Now Enable the cloud foundry. click on enable cloud foundry.

 

 

Click on create then cloud foundry will be created.

Now create the space. Click on create space.

 

 

Click on create.

 

Created dev space successfully.

You have created the new subaccount, by default you will be assigned as the subaccount administrator. Click on the subaccount to open it.

b. Cloud Identity service:

SAP Cloud Identity Service is a service included as a part of your overall platform agreement with SAP and no additional charges will be incurred upon activation.

In your subaccount, Goto the Entitlements then select the Build work zone: advanced edition.

Select service –> Service Market –> Cloud Identity service –> Click on create.

 

Click on next.

Select service type TEST.

Cloud identity service is activated.

c. Access the Clod Identity Service:

Click on the services –>Instance and subscriptions –>Click on SAP Cloud identity service.

you need to find the IDP/IAS link to activate.  Get link in mail, click in click here to activate your account. Setup the password and save it.

Go to instance and subscriptions then click on Cloud identity services or click on action (…) button then click in goto applications.

3. Setup Trust between SAP Identity Service – Identity Authentication, and BTP Subaccount:

Goto your subaccount Advanced_Workzone, click on Security ->, and Click on Trust Configuration. This helps to establish trust between the identity services and the subaccount and it helps in using the existing user base for security.

 

Then click on next.

 

Now established the trust Subaccount to Identity Services.

To verify the trust set up in the IAS system, go to the IAS tenant URL, and click on Application and Resources -> Applications -> in Bundled Applications, you will be able to see the new entry with the subaccount name which confirms the Trust has been setup successfully.

Go to your SAP Cloud Identity Services, click on Applications and Resources -> Click on Applications –> in Bundled Applications click your application XSUAA_WorkZoneBlogSetup -> click on Assertion Attributes.

Modify the details and ensure to use capitals and lower letters  and Save. In case you have additional attributes, you can delete them.

Goto one step back, select Default Attributes.

Click on Add.

Groups : Workzone_User_Type_${type}

 

Add the required users to Identity Authentication service.

Click on Add.

 

Enter the required fields then select save.

 

Create the below groups in the Identity Authentication service and Assign Users.

Workzone_Admin

Workzone_Area_Admin

Workzone_Support_Admin

Workzone_Page_Content_Admin

Workzone_End_User

Workzone_User_Type_public

Workzone_Advanced_Theming

Goto user groups.

Click Create.

 

Click on add button, add the users and click on save.

Create above mentioned groups and add the users to groups.

4. SAP Build Workzone:Advanced edition: Boosters

SAP BTP Global Account -> Select Boosters -> Search for Getting Started with SAP Build Work Zone, Advanced Edition, and click on it.

 

Click on start.

In the Configure Subaccount step, please select the subaccount to run the Work Zone services and the Org and Space should be prefilled, you can leave the default values and click on Next.

Add users step, please ensure the Custom IDP URL matches the configurations and enter the additional Administrators and Developers who require access to the system as by default the logged user will be granted both Admin and Developer role.

Click on Next.

Verify the setting the click on Finish.

The Booster services are updated with SAP Cloud Identity Services activation and roles are created in your Trust Centre for the Identity Services.

5.Post Boost configuration:

Goto SAP subaccount, Click on your Services -> click on Instances and Subscriptions.

Click on the SAP Build Work Zone, Advanced Edition to navigate to the Application. It should open a new window with a popup “Getting Started with SAP Build Work Zone, Advanced Edition”.

Click on Configurator Wizard on the screen.

Goto Site Manager.

Click on Settings and Identity Provisioning and click on Connect.

 

6.Run the SAP Build Workzone : Advanced Edition

Navigate to the work zone subaccount -> click on Connectivity -> click on Destinations -> click on Download Trust, this will download the metadata file. Please store this metadata file as we need it in the next steps.

Navigate to the Site Manager URL, Click on the Configurator option -> select the options

Prerequisites (configure Identity Authentication and trust) and You have run the booster in SAP BTP cockpit to automatically configure settings.

Click on Next.

Select the Trigger setup, Upload the downloaded trust from SAP BTP cockpit Destination.

Download the metadata file.

Open the IAS service URL à click on Application and Resources à Select Applications à click on Create button à enter the Display Name as shown in the Image below and save the settings.

 

Select the newly created application Advanced_WorkZone and click on SAML 2.0 Configuration -> click on Browse and upload the metadata file which we downloaded as shown in Image 27. The details will be auto-populated, now click on Save.

 

 

Click on Advanced_WorkZone, In the Trust tab -> click on search for the option Subject Name Identifier and change the Select a basic attribute value to Global User ID/User UUID and Save the changes.

 

Save changes.

Select the newly created system user, Advanced_WorkZone_Sys_Admin -> click on Secrets -> click on Add -> enter a short description like System User for IAS and IPS Connection, and save it -> we should now be able to see the Client ID and the Client Secret values, please ensure save them as it will be required in the next step.

 

Goto the source system in Identity provisioning.

Open the IPS service  -> click on Source System -> Click on Add  ->  Select the Type as Identity Authentication -> enter the System Name (IAS/IPS URL) -> enter the Description and click on Save.

 

Once the details are saved, you will be able to see the entry under Customer Managed service, click on the connection which we created -> click on Transformation -> click on Edit. We need to change the default value, to copy the source code please visit the official documentation and look for “Identity Authentication service Source System Transformation (v2) – Code Sample” in option 2 of the setup process. Copy the source copy and paste it into the Transformations and save the new code.

Then save it.

Now click on the Properties tab on the same page -> click on Edit and Add type Standard, the following mandatory values which are case sensitive.

Name Value
Type HTTP
URL https://abcd.accounts.ondemand.com/ (where abcd is your IDP account ID)
ProxyType Internet
Authentication BasicAuthentication
User Enter Client ID – where we created a system user refers the step after image 33
Password Enter the Client Secret value

 

Completed the source system setup.

Goto the target system.

Add the target system.

Click on Save.

Goto the Transformations.

click on Edit -> Copy the new source code from the official documentation and search for “SAP Build Work Zone, advanced edition Target System Transformation – Code Sample” and paste it -> Save the settings.

Click on Add -> Select the Type as SAP Work Zone, Advanced Edition -> enter a valid System Name -> Enter Description -> select the Source System which we created in the previous step -> Click on Save.

 

Save it.

Goto the properties and add the below mentioned values.

 

IDP Property Name Value
Type HTTP
URL Copy this value from the wizard – SAP Jam URL field (New value is Integration Token – Image 26)
ProxyType Internet
Authentication BasicAuthentication
User Copy this value from the wizard – OAuth Client Key field
Password Copy this value from the wizard – OAuth Client Secret field
OAuth2TokenServiceURL Copy this value from the wizard – Token Service URL field
ips.failed.request.retry.attempts 3
ips.failed.request.retry.attempts.interval 60
ips.delete.existedbefore.entities true
ips.trace.failed.entity.content true

 

Now go back to your Source System in IPS Tenant -> click on your source system -> click on Jobs -> you will be able to see Read Job -> click on Run now.

 

Goto the Job logs.

Goto the Tenant settings.

Now go back to your IAS Tenent, we need to Add the Advanced_Workzone domain as trusted -> Application and Resources -> Select Tenant Settings -> enter *.ondemand.com -> Save the settings.

 

We are now ready to run the last step in the SAP Build Work Zone Site Manager. Go back to your Site Manager URL -> select all the checkboxes and click on Step 3.

 

 

SAP Build Workzone : Advanced setup is successfully configured.

Sara Sampaio

Sara Sampaio

Author Since: March 10, 2022

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x