Provisioning Systems and Initial Setup

After signing the SAP S/4HANA Cloud contract, the signer (CTO, CIO, or similar) will receive a purchase order confirmation email with the purchase details and next steps. On the contract start date, the signer will receive a separate "Welcome" email with detailed information about beginning the implementation project. If an IT Contact (customer system admin) was not specified at the time the contract was signed, only the signer receives this "Welcome" email, however the person who will be the system admin should also be aware of the information in this email. Because this email is only sent once and can't be resent, we have documented all the information from the welcome email in a website called the Customer Onboarding Resource Center. We strongly recommend the core members of the customer project team attend one of the onboarding webinars to get an overview of the resources available to help them succeed and what the next steps are.

If the IT Contact role was not assigned to the correct person, this can be resolved by creating a support case in SAP for Me → Services & Support dashboard with the following information:

• Subject: Request update to the Contact Person IT
• Description: Please change the IT Contact to <NAME>, <EMAIL ADDRESS>
• Component: XX-S4C-OPR-SRV

The customer IT Contact triggers provisioning of the SAP S/4ANA Cloud Landscape systems from SAP for Me → Systems & Provisioning dashboard. The following systems are provisioned in the bundle:

• SAP Cloud Identity (if the customer doesn't already have an account)
• SAP Cloud ALM
• SAP Central Business Configuration
• SAP S/4HANA Cloud Starter System (both customizing and development tenants)

At a future point in time, the following systems should be provisioned:

• SAP S/4HANA Cloud Development System (both customizing and development tenants)
• SAP S/4HANA Cloud Test System
• SAP S/4HANA Cloud Production System
  Note

  Provisioning the Production System starts a "count down" where the Starter System will be automatically decommissioned after 30 days. Do not provision the Production System unless all Fit-to-Standard workshops have completed, or the customer can subscribe to the optional Sandbox system (for a fee) to use for future Fit-to-Standard workshops. More information on the optional Sandbox System here.

The IT Contact will receive several email notifications with login information for each system. Regardless of the order in which the email notifications are received, the SAP Cloud Identity Authentication Service (IAS) must be activated first. From within the IAS, users can be created and assigned permission to access each of the provisioned systems.

Learn how to request SAP Central Business Configuration via SAP for Me in this tutorial.

The customer IT Contact needs to create users and assign permission to the following members of the partner implementation team:

• Lead configuration expert access to SAP Central Business Configuration - after receiving access, the partner lead configuration expert will use SAP Central Business Configuration to deploy the business content in the SAP S/4HANA Cloud Starter System tenants. The partner line of business (LoB) configuration experts will eventually need access to SAP Central Business Configuration, but this can be assigned at a later point in time.
• Project manager access to SAP Cloud ALM - after receiving access, the partner project manager will use SAP Cloud ALM to set up the implementation project so tasks can be assigned to the relevant project team members and the project progress can be documented and tracked. The customer project manager should be included in this task so they can become familiar with how to use SAP Cloud ALM for project management. All project team members (partner and customer) should then be provided access to SAP Cloud ALM so they can see tasks assigned to them and use the tool to document task completion.
• LoB configuration expert access to the SAP S/4HANA Cloud Starter System - after the business content has been deployed in the starter system by the lead configuration expert, the partner LoB configuration experts should be provided access so they can immediately begin preparing to deliver their Fit-to-Standard Analysis workshops. The partner lead configuration expert should also be given access, as this role also needs to run Fit-to-Standard workshops either in an LoB, or to address the non-LoB topics including, Organizational Structure, Two-Tier ERP, and Human Resources.

Even though SAP Cloud Identity Services sounds like one system, it's a collection of systems including both the Identity Authentication Service (IAS) and Identity Provisioning Service (IPS). This means the IT Contact navigates back and forth between two different websites to complete the steps to provide users access to SAP Central Business Configuration.

The IT Contact first activates the SAP Cloud Identity Authentication Service (IAS) via the link provided in the system provisioning email.

Now it's time to create users and grant permission to access SAP Central Business Configuration. The IT Contact should ask for a list of the partner project team members who need access to SAP Central Business Configuration, with their first name, last name, and email addresses. In the Identity Authentication Service (IAS), you can create users one at a time in the User Management tile, or mass-import a CSV file of users with the Import Users tile. Because mass-importing a file is more efficient for creating many users and assigning permissions at once, this is the method we will cover. First, we need to create our own CSV (comma separated value) template in Microsoft Excel. The column names (attributes) in the CSV file must follow the naming structure defined in the SAP Help Portal documentation. You do not need to include all attributes listed in the documentation - only the attributes that are mandatory for the file and the additional attributes you intend to use.

1. Create a new Microsoft Excel spreadsheet and Save As → Comma Separated Value (.CSV).
2. In the first row, enter the attributes: status, loginName, mail, firstName, lastName, and groups.
3. The status should be active for all users
4. Enter the information for each project team mmeber in the loginName, mail, firstName, and lastName fields. The IT Contact should add the information for their own user in a row, too.
5. In the groups column, first check the latest roles that can be assigned in SAP Central Business Configuration and their authorized task activities.

   Role Assignments

   The partner lead configuration expert should be assigned the program manager role (SAP_CBC_CONSUMPTION_PROGRAM_LEAD), which provides the permission to create a new project and activate business content in the SAP S/4HANA Cloud starter system, in addition to the development system at a future point in time.

   The IT Contact should assign themselves and the partner and customer project managers the auditor role (SAP_CBC_CONSUMPTION_AUDITOR), so they have visibility into the activities being completed in the system.

   The partner LoB configuration experts should be assigned the key user role (SAP_CBC_CONSUMPTION_KEY_USER), so they have the ability to enter configuration values for the SAP S/4HANA Cloud development system when it eventually needs to be configured with the customer's data. It's not necessary to enter configuration values for the starter system, because this data is already delivered, however the LoB experts may still want to take a look at the configuration values set up in the starter system in preparation for their Fit-to-Standard workshops.

Now it's time to create users and grant permission to access SAP Central Business Configuration. You can create users one at a time in the User Management tile, or mass-import a CSV file of users with the Import Users tile. We will mass-import because it's more efficient for multiple users and we can both create a user and assign permission in the same file.

1. Log into the Identity Authentication Service (IAS) and select the Import Users tile.
2. Choose the SAP Central Business Configuration system from the list.
3. Select the Browse… button, upload the CSV file of users created in the previous step and choose Import.
4. Select Send to send email notifications to the users.

Last, the IT Contact needs to run another job in the Identity Provisioning Service (IPS) to replicate the users and their assigned permissions to the SAP Central Business Configuration system. This needs to happen immediately, because the activation emails have already been sent.

1. Log into the IPS
2. Select the Source Systems tile, then choose the Identity Authentication Service (IAS) from the list.
3. Select the Jobs tab and click the Run Now button ONCE for the Read Job.

Each project team member will receive an activation email for their account and the link to the SAP Central Business Configuration system. The partner lead configuration expert can now begin activating content in the SAP S/4HANA Cloud starter system. This will be covered in detail later in the course.

Learn how to manage create users and provide access to SAP Central Business Configuration via SAP Cloud Identity Services in this tutorial.