Creating and Managing Account and User Administration

Objective

After completing this lesson, you will be able to outline the account creation process, user management, and security settings configuration.

Account Creation and Setup

Before creating and setting up an SAP Emarsys account, customers need to offer some configuration details as the first step.

Note

  • The account configuration methods differ depending on the contract with SAP Emarsys.

  • Customers can share the needed information through either forms or the SAP for Me portal.

  • Visit the new account setup and the first steps to onboard the project.

Account Owner Roles and Responsibilities

Every SAP Emarsys account needs at least one Account Owner. The Account Owner is a super user or super admin who manages users, security settings, and single sign-on (SSO) configurations. Only Account Owners have access to the User Management and Security Settings pages. Existing Account Owners appoint new ones, or they're named during account creation.

Account Owners set the security levels for account access and data management, and handle user roles and permissions. Their responsibilities include:

  • Activating the Account Owner role.

  • Configuring the account security settings.

  • Setting up user roles and permissions.

  • Creating, editing, re-activating, deactivating, verifying, and deleting users and assigning roles to users in the account.

  • Enabling and setting up single sign-on (SSO).

Account Owner Role Activation

To activate the Accounts Owner role, customers follow these steps:

  1. Open the activation email and follow the instructions:

    The first Account Owner assignment is part of the account creation process. Once the account is ready, the defined Account Owner gets an activation email to complete the user creation.

    The email's style and needed steps slightly differ based on the SAP Emarsys contract type and access settings (SSO enabled).

  2. Click on the ‘ACTIVATE YOUR ACCOUNT OWNER ROLE’ link in the activation email.

    Activation email from SAP Emarsys for an Account Owner role. It teaches the recipient to click a link labeled ‘ACTIVATE YOUR ACCOUNT OWNER ROLE’ to activate their role. The message highlights that the link is valid for 30 days and offers contact information for support.

  3. Confirm the user profile and set up the account:

    The ‘Activate Your Account Owner Role’ link directs to the activation form. Give the necessary information to confirm and create the profile.

    To validate the SAP Emarsys profiles, give the following details:

    • Login details

    • Profile details

    • Multi-factor Authentication*

    • Regional details

    *Users with admin roles can complete their activation without this authentication.

    SAP Emarsys account activation page with sections for login details, profile details, multi-factor authentication, and regional settings. The fields include username, password, first and last name, email, phone number, language, time zone, and date format.

    Note

    • For SSO accounts, SAP Emarsys users must connect to their Identity Provider (IDP) instead of using SAP Emarsys passwords.

    • Multi-factor authentication is needed for Account Owners; other users can continue without it.

  4. Account Owner Role activation:

    To complete the Account Owner role activation, enable the multi-factor authentication by entering the phone number. Then, click on ‘Verify Phone Number.’​

    SAP Emarsys sends the verification, but there's an option to ask for a callback to receive the code. After verifying the phone number, click ‘Verify’ at the bottom of the page.

    Account Owner role activation with multi-factor authentication. Users enter a phone number, verify it via SMS, or ask for a callback with the code. After inputting the code, they click ‘Verify,’ or ‘Cancel.’

    After the user is active, log in to the account to access the SAP Emarsys user interface. To do so, click on the ‘Go to Login’ button on the success page or use the link in the confirmation email sent upon activation.

    The page displays a welcome message from SAP Emarsys. It says, ‘User has been activated.’ The user ‘my user’ for the account ‘my_company’ is now active. The message encourages and notes that the system sends an email with login details. There's a blue button labeled ‘Go to Login.’

  5. Account Login:

    Log in to the SAP Emarsys user interface by typing the account name. When the Account Owner enables and configures the SSO, the system auto-detects it, and the user can log in using the Identity Provider's credentials. Enter the username and password for regular accounts.

    The SAP Emarsys login page for ‘Login with SSO,’ when enabling the feature. Log in to the page with the Account Name and click ’Continue.’
Log in page for SAP Emarsys with Account Name, Username and Password. This is the login page for regular accounts without SSO.

Users and Security Settings Management

Let’s discover how the Account Owner manages:

  • Users, roles, and permissions

  • Security settings

  • Single sign-on (SSO) configurations

Administrators with Specific Roles and Permissions

Roles and permissions define what features the user can safely access and use.

The account has four preset roles with set permissions to accommodate user needs, located in ‘Management > User Management > Roles.’

These default user roles are available:

Account Owner: This role has Account Owner capabilities, including managing users and security settings, and can be combined with others to offer wider access.

Administrator: This role gives full access to all SAP Emarsys features, except those features limited to Account Owners and Smart Insight.

Operator: Users in this role have access to essential features for daily marketing tasks, such as email campaigns, segments, and automation programs.

Restricted: This onboarding role has minimal access to features and products.

BI (Business Intelligence) Administrator: Users in this role have access to Smart Insight, which is relevant for accounts with this feature activated.

The default roles aren't modifiable, however, click the edit icon to view them. If they don't meet the wanted needs, duplicate and change one of them or create a new ‘empty’ role and activate all relevant permissions.

The user management screen lists roles, such as Account Owner, Operator, BI Administrator, Administrator, and Restricted. The system highlights the Administrator role, with a description showing it has full access except for certain Account Owner features. You have the option to edit, which takes you to a zoomed view of the Edit Role section with details and permissions tabs. Default roles can't be changed directly.

Creation of new user roles:

Users need tailored roles based on their responsibilities. For example, an Email Campaign Manager needs full control over the email campaigns and templates, while an Analyst needs dashboard and reporting access. An Intern or Junior Marketer can view and edit campaigns. These permissions follow the SAP Emarsys platform's menu layout and related functionalities, such as editing.

The Create Role page in SAP Emarsys lets users enter role details such as name and description. The Permissions tab outlines roles' email campaign access: Basic Permissions allow viewing templates; Editor Permissions enable editing campaigns and sending testmails; Manager Permissions allow launching campaigns and previewing contacts. Menu options include Analytics, Content, and Channels.

Edit and assign roles:

  • Edit role and modify role permissions to control access to specific pages and features (except the four default roles). These changes affect all users assigned to that role.

  • Assign roles to users through their profiles or the ‘Edit role’ page.

Remove assigned roles:

Revoke access by removing roles from users.

Duplicate and delete roles:

  • Duplicate any role, including default ones.

  • Delete custom-created roles (not default ones).

Assign multiple users to one role.

The Edit Role Operator page shows tabs such as Role Details and Assigned users. The Assigned users tab is open and lists users for role assignment. Options include admin, account_owner, user1, and user2. The dropdown menu shows 'No users assigned.' Select All option is available. Icons for other settings are on the left panel.

Assign multiple roles to one user.

The login page has fields for 'User name' and 'Password' options for the authenticator app. The Roles section lists assigned roles to the user in the account. It includes 'Administrator' and 'Account Owner,' with checkboxes for selection.

Detailed permissions on the user profile.

The user profile page lists roles and detailed permissions such as Add-ons, Admin, access to dashboards, and email analysis.

New Users Setup and Activation

Creating a new user involves setting up and activating the user profile.

Set up a user profile:

  1. Click on ‘Create new user.’

  2. Enter the first and last name, and select the access role and email. Optionally, include a mobile number, which is necessary only for Account Owners, not regular users.​

  3. Select the interface language, distance unit, and preferred date/time format.

  4. Assign roles to the user.

After confirming the user creation and the Account Owner's identity by offering the password, SAP Emarsys sends the activation email to the user.

Steps to create a new user in SAP Emarsys. Fields include: First Name, Last Name, Email Address, optional Mobile phone number for Two-step login authentication, Interface language, Distance Unit, Preferred date and time format, and Roles. Buttons are 'Cancel' and 'Next.'

Activate the user profile:

  1. Click on the link in the activation email to complete the profile.

  2. Set a login username and password.

  3. Optionally, verify the mobile number and set up two-step authentication.

  4. Users cannot change their email addresses or access levels; only the Account Owner can do that.

  5. After saving the profile, the user can log in to SAP Emarsys.

The Account Owner can do these actions:

Edit user profiles:

Select the edit icon to change login details, regions, and personal information. Account Owners can adjust specific user properties and roles.​

SAP Emarsys user profile setup page showing sections for login details, personal details, regional details, and roles. Fields include: username, password, first name, last name, email, mobile number, interface language, time zone, and role assignment.

Activate and deactivate users:

  1. Click on the deactivate icon to cancel temporarily a user’s log-in access without affecting SAP Emarsys assets.

  2. To reactivate the user’s profile, click the activate icon. This triggers an activation email and prompts a password reset, allowing the user to reactivate the profile and log in to the platform as before.

Verify users:

  1. Click the verify user icon to deactivate the profile until the user confirms the email. If the user doesn't verify this email within 30 days, the system deactivates the profile.

  2. The user must reset the password in the link and log in.

Delete users:

Click the delete icon to remove users and reassign their assets to another user. If the delete icon isn't visible, the user's profile is protected. To change the protection status, contact SAP Emarsys support.

SAP Emarsys user management dashboard with the user list. It includes full name, email, username, status, role, and last login details. Icons above the user list allow editing, verifying, deactivating, and deleting users.

Multi-account permissions:

Multi-account permissions allow centralized user management so users can easily navigate between different regional or brand accounts. This feature needs extra backend configuration. Contact SAP Emarsys for help with the setup.

Modify other user's assets:

If the original creator is unavailable, another user can change Link categories, standard segments, Campaigns, Automation Center programs, and VCE campaigns. Changes to Voucher pools, Mailboxes, Exports, or Forms aren't allowed, and Link categories can't be deleted.

SAP Emarsys System Notification Emails

Notification emails from SAP Emarsys keep users informed about important actions and updates such as reports and data management updates. Using these notifications helps maximize timely awareness and efficient management of platform activities.

Inform Account Owners of changes such as:

  • API or WebDav creation/deletion

  • Changes to Security Settings

  • Changes to users or Account Owners

Inform other users of:

  • Password resets

  • Failed data import/export

  • Critical changes or errors with automation programs and email campaigns

  • Voucher pool expiry warnings

  • Smart Insight issues

Note

To learn more about SAP Emarsys system notification emails, visit the Help Portal.

SAP Emarsys Notification Center

The Notification Center allows users to receive email alerts about critical business events. These notifications include automation failures, campaign errors, data import issues, and other system notifications.​

The SAP Emarsys interface shows the 'Notification Settings' page on the left, which includes categories such as Automation, Content, and System Notifications. On the right, a popup shows two 'Account Owner Added' notifications marked as critical.

Security Settings

The Security Settings page allows Account Owners to set security levels for account access and data management. The settings include:

Permitted email domains:

The Account Owner adds these email domains to enable users to receive activation and account-related emails, ensuring safe access. Each account needs at least one domain.

IP access control:

  • IP address restrictions and two-step authentication offer improved security measures to prevent illegal access even if login credentials are compromised. This restriction helps implement strong security protocols to protect sensitive information and keep system integrity.

  • Two-step authentication needs IP access control. Add IPs to the allowlist for letting users log in with a username and password. Users from unrecognized IPs must use two-step authentication. SAP Emarsys recommends enabling this feature and denies responsibility for illegal access.

The Security Settings page includes two sections. In the Permitted Email Domains section, users add email domains to create profiles. 'SAP.com' serves as an example domain with a save button. The IP Access Control section shows messages about needing two-step authentication when accessing from unrecognized IP addresses. Users trying to access with the IP address 90.89.127.3 need two-step authentication. Since no IPs have approval, all users must use this authentication method.

API credentials:

  • It enables Account Owners to create, edit, delete, and individually activate or deactivate endpoint permissions for API users.

  • Independently of the API credential option, the secret is ONLY shown during API user creation, so users must note it down for future use.

  • API credential options can differ depending on the client's contract with SAP Emarsys.

    • OpenID Connect creates credentials using OAuth 2.0 and JSON Web Token (JWT) technologies. Copy the Client ID and Token Endpoint values to get the token (JWT) and allow API calls.

    • OpenID Connect (SAP Cloud Identity) creates API credentials using data available at SAP Cloud Identity (SCI).

    • WSSE only applies to customers with contracts signed before February 24, 2025.

Note

For more details, visit the OpenID Connect (SAP Cloud Identity) page in the Help Portal.

Security Settings window shows API Credentials. It lists one entry with ID ‘my_company001,’ type ‘OIDC,’ and creation date ‘26.03.2025 20:46:19.’ A section ‘Create API Credentials’ offers three options: ‘OpenID Connect (SAP Cloud Identity),’ ‘OpenID Connect,’ and ‘WSSE,’ with a description of each explaining different methods for API authentication.

Edit and enable the permissions for the chosen API endpoints. After making changes, click 'Save’ to apply them.

The API credentials window shows API settings. The API key activates within 5 minutes. The client's secret is only available on this page. The ‘Permissions’ section lists administrative actions such as categories, permissions, and current statuses. Users can enable or disable these actions and must click 'Save' after changes.

WebDAV users:

Most users prefer APIs or SFTP because they offer stronger security and greater flexibility, but WebDAV is a safe alternative. Keep in mind updating the WebDAV credentials regularly to improve security.

Three screenshots show the SAP Emarsys WebDAV user setup process. The first screenshot has a 'Create WebDAV User' button. The second screenshot shows a warning that the secret is only available while staying on the page, and shows user name and password fields. The third screenshot shows a user list with one entry named 'company_webdav' and a URL to access the WebDAV folder.

Keyring:

  • Key-based SFTP auto-imports make automatic data transfers from SFTP servers safe and simple. When using 4096-bit RSA keys, this feature improves security and simplifies data management processes.

  • Create and name the server authentication key and use the offered OpenSSH public key to configure the SFTP server. The key will then be available for auto-import setup, data transfer security, and remote source management.

Two screenshots show the key setup process in the SAP Emarsys Keyring. The first screenshot shows a 'Create Key' button on a page that says, ‘No keys have been defined.’ The second screenshot shows a popup saying, ‘A new key pair has been generated.’ It includes details such as key name, ‘company keyring,’ date creation, SSH fingerprint, and public key information.

Hint

Trying to access Security Settings without checking an email address can trigger a 'Forbidden' error. To resolve this problem, check the used email address in Management > User Management and follow the instructions in the confirmation email.

Lesson Summary

  • Account creation and setup: Customers need to offer configuration details before creating and setting up an SAP Emarsys account. The account configuration methods differ based on the contract. The SAP for Me portal or forms share the necessary information.

  • Account Owner roles and responsibilities: The Account Owner is a super user or super admin responsible for managing users, security settings, and Single Sign-On (SSO) configurations. Their responsibilities include activating the role, configuring security settings, and setting up user roles and permissions. It also manages users, enables, and sets up the SSO.

  • User management: This section covers creating new user roles, assigning roles to users, and managing user profiles. It also discusses the importance of tailored roles based on specific responsibilities and the ability to edit, duplicate, and delete roles.

  • Security settings: The Account Owner configures security settings, including multi-factor authentication and SSO. The lesson also highlights the importance of verifying user profiles and managing user access.

  • Notification emails: SAP Emarsys sends notification emails to keep users informed about important actions and updates, such as reports and data management updates. Notifications help maximize timely awareness and efficient management of platform activities.

Learning

SAP FacebookSAP YoutubeSAP LinkedIn