Professional Documents
Culture Documents
Setup and Administration For SAP Cloud ALM
Setup and Administration For SAP Cloud ALM
2023-07-04
2 Availability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3 Fair Use. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
4 Supported Solutions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
5 Video-Guided Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
12 Finding Help. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
15 Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
15.1 Security Configuration Recommendations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Explanations of Table Properties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
16 Account Termination. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
SAP Cloud ALM is a cloud-based application lifecycle management offering that allows you to implement and
operate your cloud solutions.
This guide describes the steps you need to perform to set up, configure, and administer SAP Cloud ALM, and
provides important information about data protection and privacy and security topics. The guide addresses
system administrators and key users as a target audience.
Tip
The English version of this guide is open for contributions and feedback using GitHub. This allows you
to get in contact with responsible authors of SAP Help Portal pages and the development team to
discuss documentation-related issues. To contribute to this guide, or to provide feedback, choose the
corresponding option on SAP Help Portal:
• Edit: Contribute to a documentation page. This option opens a pull request on GitHub.
• Feedback: Provide feedback about a documentation page. This option opens an issue on GitHub.
More information:
• Contribution Guidelines
• Introduction Video: Open Documentation Initiative
• Blog Post: Introducing the Open Documentation Initiative
Make sure that you have the latest version of this guide, which can be found under SAP Cloud ALM.
SAP makes no warranty, either expressed or implied, for the information provided here. Due to short-term
software updates, completeness cannot be guaranteed and the information is subject to change. For the same
reasons, translations of this guide into languages other than English may not reflect the latest changes.
Languages
• English
• German
• French
• Spanish
• Portuguese
• Japanese
• Chinese
• Russian
The default display language of the solution is based on the language that is maintained in your browser
settings.
You can change the language either in your browser settings or in the SAP Cloud ALM launchpad by clicking on
your user profile in the top right corner and choosing Settings Language & Region .
Technical Prerequisites
The solution is designed for desktop use, and we currently don't support mobile devices.
SAP Cloud ALM supports the browsers listed in the Feature Scope Description for SAP BTP.
Tip
EU Access
EU access, which restricts the processing of personal data to EEA/Switzerland, isn’t available.
SAP Cloud ALM is included in cloud subscriptions with SAP Enterprise Support as described in the SAP usage
rights .
Additional memory usage, beyond the standard, requires the subscription of the microservice SAP Cloud ALM,
memory extension.
This service is available in blocks of 4 GB, with a fix price per month.
The following requirements can cause an extended SAP Cloud ALM usage, above the average usage:
• Extensive storing of data from monitoring activities on the SAP HANA database
• Storing large amounts of monitoring data for a large system landscape for a longer time period
(performance, business process monitoring, or integration monitoring)
• Building own UIs or dashboards
• Programming own enhancements
• Using additional monitoring platforms outside the SAP landscape and uploading monitoring data daily,
from a third-party system.
Be aware that any document uploads aren't stored in the SAP HANA memory. They require that you connect
an SAP or external DMS service and do therefore not affect the 8-GB limitation.
You can do the monitoring of the SAP HANA memory consumption in SAP Cloud ALM under Health
Monitoring "cloudalm" services SAP Cloud ALM HANA Memory .
You can configure the data and storage duration in SAP Cloud ALM for operations features. Find the guidelines
under Housekeeping in the expert portal.
Tip
The SAP Cloud ALM, memory extension service is available via a service subscription on CPEA: see SAP
Discovery Center .
There's no need to subscribe to the service before the limit reached. SAP also actively approaches you if
your memory usage is beyond the baseline memory (see also the usage rights ).
Charging of costs:
• When the service is activated, you're automatically charged for every month where you extend the memory
at least once.
• In months without a memory consumption beyond 8 GB, there's no charging.
• Metering starts at first day of the month and rests on the latest day of the month.
• The service is available in packages of 4-GB memory. If, for example, you need an extra of 6 GB in a month,
you're charged for two packages.
More
You can't extend the given limitation of 8-GB API outbound volume, until further notice. Check this document
for updates.
SAP actively approaches you if your API outbound volume is beyond the baseline memory (see also the SAP
usage rights ).
The following table shows in which way your SAP product is supported by SAP Cloud ALM.
You can find the latest additions to the scope in What's New for SAP Cloud ALM. For a complete list of SAP
Cloud ALM features, refer to SAP Cloud ALM Feature Scope Description.
SAP makes no warranty, either expressed or implied, for the information provided here. Due to short-term
software updates, completeness can't be guaranteed. The features in the list are subject to change.
SAP BTP, Cloud Foundry environment Operations Real User Monitor More under Real User Monitoring
ing (Expert Portal).
SAP Ariba Implementation Process Manage • SAP Ariba Buy & Receive
ment
• SAP Ariba Contract
• SAP Ariba Invoice
• SAP Ariba Sourcing
• SAP Ariba Spend Analysis
• SAP Ariba Supplier Management
• SAP Ariba Supply Chain Collabora
tion
SAP Sales Cloud Implementation Process Manage SAP Cloud for Customer
ment
SAP Service Cloud Implementation Process Manage SAP Cloud for Customer
ment
SAP Intelligent Robotic Process Auto Implementation Process Manage SAP Best Practices for SAP Intelligent
mation (iRPA) ment Robotic Process Automation integra
tion
SAP Integrated Business Planning for Implementation Process Manage SAP Best Practices for SAP Integrated
Supply Chain ment Business Planning for Supply Chain
SAP S/4HANA Cloud, private edition Implementation Task Management Task template available: SAP Activate
Methodology for SAP S/4HANA Cloud,
private edition (new implementation
and system conversion)
SAP S/4HANA Cloud Implementation Task Management Task template available: SAP Acti
vate Methodology for SAP S/4HANA
Cloud
SAP Sales Cloud Implementation Task Management SAP Cloud for Customer
SAP Service Cloud Implementation Task Management SAP Cloud for Customer
SAP Sales Cloud Implementation Requirement Man SAP Cloud for Customer
agement
SAP Service Cloud Implementation Requirement Man SAP Cloud for Customer
agement
SAP S/4HANA Cloud, private edition Implementation Deployment Man More under SAP S/4HANA Cloud, Pri
agement vate Edition and On-Premise Systems
[page 57].
SAP S/4HANA (on-premise) Implementation Deployment Man More under SAP S/4HANA Cloud, Pri
agement vate Edition and On-Premise Systems
[page 57].
SAP Integration Suite – Cloud Integra Implementation Deployment Man More under Supported Content Types.
tion agement
SAP Integration Suite – API Manage Implementation Deployment Man More under Supported Content Types.
ment agement
SAP BTP, Cloud Foundry environment Implementation Deployment Man Mainly development content and some
agement
selected services
SAP BTP, Neo environment Implementation Deployment Man Mainly development content and some
agement
selected services
SAP S/4HANA Cloud Implementation Test Management More under Integrating the Test Auto
mation Tool for SAP S/4HANA Cloud
[page 68].
SAP Sales Cloud Implementation Test Management SAP Cloud for Customer
SAP Service Cloud Implementation Test Management SAP Cloud for Customer
Tricentis Test Automation for SAP inte Implementation Test Management More under Setting Up Tricentis Test
grated with SAP Cloud ALM Automation for SAP Integrated with
SAP Cloud ALM [page 70].
SAP S/4HANA Cloud Operations Integration and Ex More under Integration and Exception
ception Monitoring Monitoring (Expert Portal).
SAP S/4HANA (on-premise) Operations Integration and Ex More under Integration and Exception
ception Monitoring Monitoring (Expert Portal).
SAP Logistic Business Network Operations Integration and Ex More under Integration and Exception
ception Monitoring Monitoring (Expert Portal).
SAP Information Collaboration Hub for Operations Integration and Ex More under Integration and Exception
Life Sciences ception Monitoring Monitoring (Expert Portal).
SAP Business Suite Operations Integration and Ex More under Integration and Exception
ception Monitoring Monitoring (Expert Portal).
SAP Cloud for Customer Operations Integration and Ex More under Integration and Exception
ception Monitoring Monitoring (Expert Portal).
SAP Marketing Cloud Operations Integration and Ex More under Integration and Exception
ception Monitoring Monitoring (Expert Portal).
SAP Concur Operations Integration and Ex More under Integration and Exception
ception Monitoring Monitoring (Expert Portal).
SAP Order Management foundation Operations Integration and Ex More under Integration and Exception
ception Monitoring Monitoring (Expert Portal).
SAP Fieldglass Operations Integration and Ex More under Integration and Exception
ception Monitoring Monitoring (Expert Portal).
SAP SuccessFactors Operations Integration and Ex More under Integration and Exception
ception Monitoring Monitoring (Expert Portal).
SAP Intelligent Asset Management Operations Integration and Ex More under Integration and Exception
ception Monitoring Monitoring (Expert Portal).
SAP Integration Suite – Cloud Integra Operations Integration and Ex More under Integration and Exception
tion ception Monitoring Monitoring (Expert Portal).
SAP BTP, Neo environment Operations Integration and Ex More under Integration and Exception
ception Monitoring Monitoring (Expert Portal).
SAP BTP, ABAP environment Operations Integration and Ex More under Integration and Exception
ception Monitoring Monitoring (Expert Portal).
SAP Mobile Services Operations Integration and Ex More under Integration and Exception
ception Monitoring Monitoring (Expert Portal).
SAP S/4HANA Cloud, private edition Operations Integration and Ex More under Integration and Exception
ception Monitoring Monitoring (Expert Portal).
SAP Field Service Management Operations Integration and Ex More under Integration and Exception
ception Monitoring Monitoring (Expert Portal).
SAP Ariba Operations Integration and Ex More under Integration and Exception
ception Monitoring Monitoring: SAP Ariba (Expert Por
tal).
SAP NetWeaver Application Server for Operations Integration and Ex More under Integration and Exception
ABAP (7.40 and higher) ception Monitoring Monitoring: SAP Ariba (Expert Por
tal).
SAP Master Data Integration Operations Integration and Ex More under Integration and Exception
ception Monitoring Monitoring (Expert Portal).
SAP Master Data Governance, cloud Operations Integration and Ex More under Integration and Exception
edition ception Monitoring Monitoring (Expert Portal).
SAP SuccessFactors Employee Central Operations Integration and Ex More under Integration and Exception
Payroll ception Monitoring Monitoring (Expert Portal).
SAP Integrated Business Planning for Operations Integration and Ex More under Integration and Exception
Supply Chain (SAP IBP) ception Monitoring Monitoring (Expert Portal).
SAP Batch Release Hub for Life Scien Operations Integration and Ex More under Integration and Exception
ces ception Monitoring Monitoring (Expert Portal).
Integration Hub for Life Sciences Operations Integration and Ex More under Integration and Exception
ception Monitoring Monitoring (Expert Portal).
SAP Business ByDesign Operations Integration and Ex More under Integration and Exception
ception Monitoring Monitoring (Expert Portal).
SAP Omnichannel Promotion Pricing Operations Integration and Ex More under Integration and Exception
ception Monitoring Monitoring (Expert Portal).
SAP Process Integration (Java) Operations Integration and Ex More under Integration and Exception
ception Monitoring Monitoring (Expert Portal).
Data ingestion for industry cloud solu Operations Integration and Ex More under Integration and Exception
tions ception Monitoring Monitoring (Expert Portal).
SAP Subscription Billing Operations Integration and Ex More under Integration and Exception
ception Monitoring Monitoring (Expert Portal).
SAP Data Intelligence Operations Integration and Ex More under Integration and Exception
ception Monitoring Monitoring (Expert Portal).
SAP S/4HANA Cloud Operations Business Process Supported KPIs for the business sce
Monitoring
narios:
SAP S/4HANA (on-premise) Operations Business Process Supported KPIs for the business sce
Monitoring
narios:
SAP Business Suite Operations Business Process Supported KPIs for the business sce
Monitoring
narios:
SAP SuccessFactors Operations Business Process Supported KPIs for the business sce
Monitoring
nario:
Recruit-to-Retire
SAP S/4HANA Cloud, private edition Operations Business Process Supported KPIs for the business sce
Monitoring
narios:
SAP Cloud for Customer Operations Business Process Supported KPIs for the business sce
Monitoring
narios:
Lead-to-Cash
SAP S/4HANA Cloud, private edition Operations Health Monitoring More under Health Monitoring (Ex
pert Portal).
SAP S/4HANA (on-premise) Operations Health Monitoring More under Health Monitoring (Ex
pert Portal).
SAP Business Suite Operations Health Monitoring More under Health Monitoring (Ex
pert Portal).
SAP SuccessFactors Employee Central Operations Health Monitoring More under Health Monitoring (Ex
Payroll pert Portal).
SAP Cloud ALM Operations Health Monitoring More under Health Monitoring (Ex
pert Portal).
SAP Intelligent Robotic Process Auto Operations Health Monitoring More under Health Monitoring (Ex
mation (iRPA) pert Portal).
SAP Integration Suite – API Manage Operations Health Monitoring More under Health Monitoring (Ex
ment pert Portal).
SAP Integration Suite – Cloud Integra Operations Health Monitoring More under Health Monitoring (Ex
tion pert Portal).
SAP BTP, ABAP environment Operations Health Monitoring More under Health Monitoring (Ex
pert Portal).
SAP BTP, Neo environment Operations Health Monitoring More under Health Monitoring (Ex
pert Portal).
SAP BTP, Cloud Foundry environment Operations Health Monitoring More under Health Monitoring (Ex
pert Portal).
SAP NetWeaver Application Server for Operations Health Monitoring More under Health Monitoring (Ex
ABAP (7.40 and higher) pert Portal).
SAP HANA Cloud Operations Health Monitoring More under Setup for SAP HANA
Cloud (Expert Portal).
SAP Build Process Automation Operations Health Monitoring More under Setup for SAP HANA
Cloud (Expert Portal).
SAP S/4HANA Cloud Operations Health Monitoring More under Health Monitoring (Ex
pert Portal).
SAP Integrated Business Planning for Operations Health Monitoring More under Health Monitoring (Ex
Supply Chain (SAP IBP) pert Portal).
SAP Marketing Cloud Operations Health Monitoring More under Health Monitoring (Ex
pert Portal).
SAP Cloud Connector Operations Health Monitoring More under Health Monitoring (Ex
pert Portal).
SAP Business Suite Operations Job and Automa More under Job and Automation Moni
tion Monitoring toring (Expert Portal).
SAP S/4HANA Cloud Operations Job and Automa More under Job and Automation Moni
tion Monitoring toring (Expert Portal).
SAP S/4HANA Cloud, private edition Operations Job and Automa More under Job and Automation Moni
tion Monitoring toring (Expert Portal).
SAP S/4HANA (on-premise) Operations Job and Automa More under Job and Automation Moni
tion Monitoring toring (Expert Portal).
SAP SuccessFactors Employee Central Operations Job and Automa More under Job and Automation Moni
Payroll tion Monitoring toring (Expert Portal).
SAP Marketing Cloud Operations Job and Automa More under Job and Automation Moni
tion Monitoring toring (Expert Portal).
SAP Intelligent Robotic Process Auto Operations Job and Automa More under Job and Automation Moni
mation (iRPA) tion Monitoring toring (Expert Portal).
SAP Integrated Business Planning for Operations Job and Automa More under Job and Automation Moni
Supply Chain (SAP IBP) tion Monitoring toring (Expert Portal).
SAP NetWeaver Application Server for Operations Job and Automa More under Job and Automation Moni
ABAP (7.40 and higher) tion Monitoring toring (Expert Portal).
SAP BTP, ABAP environment Operations Job and Automa More under Job and Automation Moni
tion Monitoring toring (Expert Portal).
SAP Build Process Automation Operations Job and Automa More under Setup for SAP HANA
tion Monitoring Cloud (Expert Portal).
SAP BTP, Neo environment Operations Real User Monitor More under Real User Monitoring
ing (Expert Portal).
SAP Business Suite Operations Real User Monitor More under Real User Monitoring
ing (Expert Portal).
SAP S/4HANA Cloud, private edition Operations Real User Monitor More under Real User Monitoring
ing (Expert Portal).
SAP S/4HANA Cloud Operations Real User Monitor More under Real User Monitoring
ing (Expert Portal).
SAP S/4HANA (on-premise) Operations Real User Monitor More under Real User Monitoring
ing (Expert Portal).
SAP Marketing Cloud Operations Real User Monitor More under Real User Monitoring
ing (Expert Portal).
SAP Cloud for Customer Operations Real User Monitor More under Real User Monitoring
ing (Expert Portal).
SAP BTP, ABAP environment Operations Real User Monitor More under Real User Monitoring
ing (Expert Portal).
SAP SuccessFactors Employee Central Operations Real User Monitor More under Real User Monitoring
Payroll ing (Expert Portal).
SAP Integrated Business Planning for Operations Real User Monitor More under Real User Monitoring
Supply Chain ing (Expert Portal).
SAP NetWeaver Application Server for Operations Real User Monitor More under Real User Monitoring
ABAP (7.40 and higher) ing (Expert Portal).
Data Quality Management, Microservi Operations Real User Monitor More under Real User Monitoring
ces for Location Data (DQM Microservi ing (Expert Portal).
ces)
SAP Business Suite Operations Configuration & More under Expert Portal (Expert
Security Analysis Portal).
SAP S/4HANA (on-premise) Operations Configuration & More under Expert Portal (Expert
Security Analysis Portal).
SAP S/4HANA Cloud, private edition Operations Configuration & More under Expert Portal (Expert
Security Analysis Portal).
SAP NetWeaver Application Server for Operations Configuration & More under Expert Portal (Expert
ABAP (7.40 and higher) Security Analysis Portal).
To learn how to set up SAP Cloud ALM for productive use, you can watch the following step-by-step how-to
videos.
For more detailed information, refer to the corresponding documentation under Required Setup for SAP Cloud
ALM [page 26] and Integration and Configuration Options [page 42].
Find out how to request SAP Cloud ALM on SAP for Me.
Find out how to activate your account in the Identity Authentication service, how to create users in your Identity
Authentication tenant, and how to add them to SAP Cloud ALM.
Corresponding documentation: Step 1: Onboard Users in Your Identity Authentication Service [page 28]
Find out how to assign roles to users in the User Management app in SAP Cloud ALM and in the SAP BTP
cockpit.
Corresponding documentation: Step 2: Assign Roles to Users in SAP Cloud ALM [page 31]
Find out how to enable the monitoring of your cloud services by enabling SAP Cloud ALM API in the SAP BTP
cockpit.
You can request SAP Cloud ALM on SAP for Me for all entitled customers you have sufficient permissions for.
Caution
The S-user who requests SAP Cloud ALM receives permissions that are required for administrative tasks in
the SAP BTP cockpit and in SAP Cloud ALM. In addition, the S-user is added to the Identity Authentication
service (IAS) tenant.
Therefore, to avoid authorization issues during the configuration of SAP Cloud ALM, only carry out the
following steps if you will later perform the configuration described in Required Setup for SAP Cloud ALM
[page 26].
If you request SAP Cloud ALM and then want to assign additional administrators who can perform the
initial setup, refer to KBA 3248116 .
Prerequisites
• You have an S-user with the role Edit Cloud Data on SAP for Me.
You can manage your users and authorizations by following the steps described in Manage User
Authorizations.
• You're assigned to the respective customer.
Procedure
Caution
The subdomain name can't be changed after the system has been provisioned.
Tip
If you have multiple Identity Authentication tenants and you're unsure about which one to select,
look up the administrators of the Identity Authentication tenants that are assigned to your
customer ID at https://iamtenants.accounts.cloud.sap . The administrators can give you more
guidance on what to consider when selecting an Identity Authentication tenant.
If you've already been working with an Identity Authentication tenant but it isn't listed here, it may not
be a productive tenant or it may be assigned to a different customer ID.
If you later want to use a different Identity Authentication tenant for SAP Cloud ALM, you can change
the assignment by following SAP Note 3020352 .
7. If you agree to the terms and conditions stated in the linked order document, mark the checkbox.
Caution
You can't subscribe to any additional applications in the subaccount containing your SAP Cloud
ALM subscription. The subaccount is set up exclusively for SAP Cloud ALM.
Don't delete this subaccount or your SAP Cloud ALM subscription if you've already started using
SAP Cloud ALM productively. Deleting your SAP Cloud ALM subscription causes all created
artifacts, stored data, and current configurations to be deleted as well.
If you want to know more about the role of SAP Cloud ALM and your Identity Authentication tenant in the
context of SAP S/4HANA Cloud in the 3-system landscape, refer to User Onboarding for SAP S/4HANA
Cloud with SAP Central Business Configuration.
11. You receive emails containing logon information, configuration guidance, and links to support resources.
If you've requested SAP Cloud ALM, you've been automatically signed up for cloud email notifications. This
way, you can remain informed and receive timely updates regarding SAP Cloud ALM.
You can manage your notification settings in the Cloud System Notification Subscriptions application, as
described in KBA 2900069 .
Related Information
After you've requested SAP Cloud ALM, there are additional mandatory configuration steps that are required to
set up SAP Cloud ALM for productive use.
SAP Cloud ALM is included in your cloud subscription and helps you to implement and operate intelligent cloud
and hybrid business solutions. By following steps 1-3 in the next chapters, you can start to use SAP Cloud ALM
immediately.
Need Support?
Caution
It's currently not possible to move your SAP Cloud ALM application from the data center in which it was
originally provisioned to a different data center.
Required Authorizations
If you requested SAP Cloud ALM, your user has received all authorizations required to perform the initial setup.
However, we recommend also manually assigning these authorizations to at least one more user.
The following authorizations are required to perform the initial setup of SAP Cloud ALM:
Environment Role
If a new Identity Authentication tenant was created for you when you
requested SAP Cloud ALM, you've automatically received the required
roles in the Identity Authentication tenant.
SAP BTP cockpit • Global Account Administrator in the global account that contains
your SAP Cloud ALM entitlement
If you don't have this authorization, the global account administrator
can assign it to you by following the steps described in Add Mem
bers to Your Global Account.
• Subaccount Administrator in the subaccount that contains your SAP
Cloud ALM subscription
If you don't have this authorization, the subaccount administrator
can assign the role to you by following the steps described in Add
Members to Your Subaccount.
• Org Manager for the Cloud Foundry organization in your SAP Cloud
ALM subaccount
If you don't have this role, the org manager can assign it to you
by following the steps described in Add Org Members Using the
Cockpit.
If you don't have these authorization, the Global Administrator can assign
one of the required roles to you by following the steps described in Assign
Roles to Users in SAP Cloud ALM.
On this interactive image, you can see all mandatory setup steps for SAP Cloud ALM at a glance. For detailed
guidance, click on the respective sections.
For more detailed background information and general explanations of SAP BTP concepts, refer to Basic
Platform Concepts.
To give further users access to SAP Cloud ALM, you need to create or import users in the Identity
Authentication tenant.
Context
In SAP Cloud ALM, the Identity Authentication service assumes the role of the identity provider. This means
that business users log on to SAP Cloud ALM with the mechanisms and credentials defined in the Identity
Authentication tenant.
You can also use an already existing corporate identity provider (LDAP), in which case we strongly
recommend using Identity Authentication as a proxy. Changing to a corporate identity provider while
already using SAP Cloud ALM productively can result in invalidated user IDs and can cause users in SAP
Cloud ALM to be deactivated.
When you requested SAP Cloud ALM, you either selected a pre-existing Identity Authentication tenant or
requested a new one:
Prerequisites
Procedure
1. In the administration console of the SAP Cloud Identity Services, open the User Management app.
Tip
The first administrator that was created for the Identity Authentication tenant received an activation
email containing a direct link to the administration console.
The new user now receives an activation email and can set a password.
Note
If you've already defined users elsewhere in your landscape, you can also import them to the Identity
Authentication service by using various tools, such as SAP Identity Management and the Identity
Provisioning service.
For more information, refer to Import or Update Users for a Specific Application in the documentation for
the Identity Authentication service.
Related Information
After onboarding your users to the Identity Authentication tenant, you need to add them to SAP Cloud ALM
and assign roles to them.
You can assign roles to users directly in the SAP Cloud ALM User Management app (recommended) or as
corresponding role collections in the SAP BTP cockpit.
Note
If you're working with role mapping to user groups in your identity provider, you must assign role collections
in the SAP BTP cockpit. In this case, you can't view or change roles in the User Management app. You
also can't use the role request and assignment features in SAP Cloud ALM, so we don't recommend this
method.
Prerequisites
Procedure
1. Access SAP Cloud ALM. A link is included in the email Welcome to SAP Cloud ALM.
Sign in with the email address and password you've defined when activating your account in the Identity
Authentication service. Do not sign in with your S-user.
2. Open the User Management app, which is located in the Administration section.
3. To go to the user list, choose (Users).
4. Choose Add User.
5. Enter the User ID and/or Email as you've defined them in the settings of your identity provider. If, as per our
recommendations, you've selected your email address as your user ID in your identity provider, you only
need to enter the email address.
6. Select a type for your user. Possible types are:
Type Description
The user will now also receive a welcome email from SAP Cloud ALM.
For more information on how to use the User Management app to view, add, and change roles, refer to the
in-app help.
Note
The roles in SAP Cloud ALM are available as role collections in your subaccount in the SAP BTP cockpit.
Prerequisites
• Your user has the role Subaccount Administrator in the subaccount that contains your SAP Cloud ALM
subscription.
If you have requested SAP Cloud ALM, your user has automatically received this authorization during the
creation of the subaccount. If you don't have this authorization, the subaccount administrator can assign
the role to you by following the steps described in Add Members to Your Subaccount.
• The identities of the users to whom you want to assign roles already exist in the identity provider, as
described in Step 1: Onboard Users in Your Identity Authentication Service [page 28].
Procedure
1. Open the SAP BTP cockpit.
2. Select the global account that contains your SAP Cloud ALM entitlement, which was created when you
requested SAP Cloud ALM.
3. Under Subaccounts, select the subaccount that contains your SAP Cloud ALM subscription.
4. Navigate to Security Role Collections .
5. Select the role collection to which you want to add users.
6. Choose Edit.
7. Add users to this role collection as follows:
• If you’re using the standard configuration in trust settings and identity provider that were set when you
requested SAP Cloud ALM, enter the email address of the user into the fields ID and E-Mail. Select
Custom IAS Tenant as identity provider.
Role collections in SAP Cloud ALM are delivered predefined and ready to use.
Each application role in SAP Cloud ALM represents a role collection in your SAP BTP subaccount, which in
turn corresponds 1:1 to the respective role template. This means that you don't have to configure any role
collections yourself. Instead, you can simply assign the relevant role collections to the users based on their
tasks and requirements.
Caution
The Cross Global Administrator and the User & Access Management Administrator role collections consist
of more than one role template.
If you want to create your own role collections by bundling several predefined role collections
together, don't forget to add the role template FlexOperator whenever you include the role templates
x_calm_GlobalAdministrator or x_uam_UserAdministrator.
Cross Global Create and manage all SAP Cloud ALM Cross x_calm_GlobalAdmi
Administrator objects, except for personal or sensitive Global Ad nistrator
data. ministrator
FlexOperator
Caution
This role provides the complete set
of authorizations. We recommend
assigning suitable roles to your
users.
Cross Global Auditor View all SAP Cloud ALM objects, except Cross x_calm_GlobalAudi
personal or sensitive data Global Au tor
ditor
This role is to be used for general audit
purposes.
User & Access Man User Create and manage users, assign and User & Ac x_uam_UserAdminis
agement Administrator approve authorizations cess Man trator
agement
FlexOperator
Adminis
trator
User & Access Man User Viewer View users and authorization assign User & Ac x_uam_UserViewer
agement ments cess Man
agement
Viewer
Project Management Project Manage projects, deployment plans, Project & imp_pjm_ProjectAd
Administrator tasks, scopes, requirements, features, Task Man ministrator
notes, test cases, defects, and tags agement
Adminis
Your permissions within implementa
trator
tion projects additionally depend on the
access level of the project and your
team assignment in the project. For
more information, refer to Configuring
Project User Permissions [page 53].
Project Management Project Lead Manage projects, deployment plans, Project & imp_pjm_ProjectLe
tasks, scopes, requirements, features, Task Man ad
notes, test cases, and defects agement
Project
Your permissions within implementa
Lead
tion projects additionally depend on the
access level of the project and your
team assignment in the project. For
more information, refer to Configuring
Project User Permissions [page 53].
Project Management Project Member View projects and deployment plans. Project & imp_pjm_ProjectMe
Manage tasks, scopes, requirements, Task Man mber
features (with restrictions ), notes, agement
test cases, and defects Project
Member
Your permissions within implementa
tion projects additionally depend on the
access level of the project and your
team assignment in the project. For
more information, refer to Configuring
Project User Permissions [page 53].
Project Management Project Viewer View projects, deployment plans, tasks, Project & imp_pjm_ProjectVi
scopes, requirements, features, notes, Task Man ewer
test cases, and defects agement
Project
Your permissions within implementa
Viewer
tion projects additionally depend on the
access level of the project and your
team assignment in the project. For
more information, refer to Configuring
Project User Permissions [page 53].
Process Management Process Author Create, edit, and delete custom solution Process imp_pm_ProcessAut
processes Manage hor
ment Proc
ess Author
Business Process Process Maintain global and specific configura- Business ops_bm_ProcessMon
Monitoring Monitoring tions, consume KPIs and the respec Process itoringAdministra
Administrator tive process content (including sensitive Monitoring tor
data), and process alerts Adminis
trator
Business Process Process Manager Consume KPIs and the respective proc Business ops_bm_ProcessMan
Monitoring ess content (including sensitive data), Process ager
process alerts, and maintain specific Monitoring
configurations Process
Manager
Business Process Process Executor Consume KPIs and the respective proc Business ops_bm_ProcessExe
Monitoring ess content (including sensitive data), Process cutor
and process alerts Monitoring
Process
Executor
Business Process Process Consume KPIs and the respective proc Business ops_bm_ProcessMon
Monitoring Monitoring ess content (including sensitive data), Process itoringConsumer
Consumer and view alerts Monitoring
Consumer
Business Process Process Consume KPIs and non-sensitive proc Business ops_bm_ProcessMon
Monitoring Monitoring Viewer ess content, without access to alert in Process itoringViewer
formation Monitoring
Viewer
Integration & Excep Integration Owner View the messages in integration moni Integration ops_im_Integratio
tion Monitoring toring Monitoring nOwner
Integration
Owner
Integration & Excep Integration Owner View the messages in integration mon Integration ops_im_Integratio
tion Monitoring Sensitive itoring, including data defined as sensi Monitoring nOwnerSensitive
tive Integration
Owner
Sensitive
Job & Automation Job Monitoring Create, edit, delete, and manage config- Job Moni ops_jm_JobMonitor
Monitoring Administrator uration settings, including the display of toring Ad ingAdministrator
monitoring data ministrator
Job & Automation Job Monitoring View the job monitoring application for Job Moni ops_jm_JobMonitor
Monitoring Consumer the maintained global configurations toring ingConsumer
Consumer
Real User Monitoring Real User Analyst View utilization and performance of re Real User ops_rum_RealUserA
Administrator quests, including sensitive data like the Monitoring nalystAdministrat
user ID, and configure the real user Analyst or
monitoring app Adminis
trator
Real User Monitoring Real User Analyst View utilization and performance of re Real User ops_rum_RealUserA
quests Monitoring nalyst
Analyst
Real User Monitoring Real User Analyst View utilization and performance of re Real User ops_rum_RealUserA
Sensitive quests, including sensitive data like the Monitoring nalystSensitive
user ID Analyst
Sensitive
Synthetic User Moni Scenario Create, edit, delete, manage configura- Synthetic ops_sum_Synthetic
toring Administrator tions and manage global application User Moni UserMonitoringAdm
settings. View performance and availa toring Ad inistrator
bility of scenario executions ministrator
Synthetic User Moni Scenario Expert Create, edit, delete, and manage config- Synthetic ops_sum_Synthetic
toring uration settings. View performance and User Moni UserMonitoringExp
availability of scenario executions toring Sce ert
nario Ex
pert
Synthetic User Moni Scenario Viewer View performance and availability of Synthetic ops_sum_Synthetic
toring scenario executions User Moni UserMonitoringVie
toring Sce wer
nario
Viewer
Health Monitoring Health Monitoring Create, edit, delete, and manage config- Health ops_hm_HealthMoni
Administrator uration settings, including the display of Monitoring toringAdministrat
monitoring data Adminis or
trator
Health Monitoring Health Monitoring View health overview and metrics of Health ops_hm_HealthMoni
Viewer cloud services Monitoring toringViewer
Viewer
Business Service Man Business Service Create and manage business services, Business ops_bsm_BusinessS
agement Management and plan events Service erviceManagementA
Administrator Manage dministrator
ment Ad
ministrator
Business Service Man Business Service View business services, their configura- Business ops_bsm_BusinessS
agement Management tion, and the event calendar Service erviceManagementV
Viewer Manage iewer
ment
Viewer
Configuration & Secur Configuration Administrate managed objects, configu- Configura- ops_csa_Configura
ity Analysis Monitoring ration settings, and display application tion Moni tionMonitoringAdm
Administrator data toring Ad inistrator
ministrator
Configuration & Secur Configuration Display application configuration data Configura- ops_csa_Configura
ity Analysis Monitoring tion Moni tionMonitoringAna
Analyst toring An lyst
alyst
Service Collaboration Services Expert Configure and execute services, and Service sdc_sc_ServicesEx
view own and shared service execution Collabora pert
results tion Expert
Service Collaboration Services Viewer Browse through the service explorer Service sdc_sc_ServicesVi
and view the shared service execution Collabora ewer
results tion Viewer
Scoping Digital Blueprint Create and edit digital blueprints and all Digital btc_bdts_DigitalB
Administrator associated tasks, company code scop Blueprint lueprintAdministr
ing, and transformation object scoping Adminis ator
trator
SAP Readiness Check Readiness Check View all SAP Readiness Check analyses Readiness imp_rc_AnalysisVi
Analysis Viewer Check ewer
Analysis
Viewer
SAP Readiness Check Readiness Create, edit, and delete SAP Readiness Readiness imp_rc_AnalysisAd
Check Analysis Check analyses Check ministrator
Administrator Analysis
Adminis
trator
As the last step of the required setup, services and systems (technical systems) need to be set up in the
Landscape Management app in SAP Cloud ALM.
Landscape management in SAP Cloud ALM helps you manage information on your managed cloud, on-
premise, and business services. This information is the basis for all SAP Cloud ALM apps.
To import your services or register your systems in SAP Cloud ALM, follow the steps described in the
respective subchapters:
For use-case specific setup guidance for your solution, refer to Set Up Managed Services / Systems in the
SAP Cloud ALM for Operations Expert Portal.
7.3.1 Services
Depending on your subscribed service, there are different ways of importing or creating service information in
the Landscape Management app.
For many subscribed services, related service information is imported automatically on a daily basis by the
System Landscape Information service.
To display the current status in the Landscape Management app, open the Configuration ( ), expand the
section Import of Subscribed SAP Services, and click on the first icon after Status of imports. If you don't want
to wait for the daily import, you can import your services on demand in the Status of Imports popover by
choosing Import My Subscribed SAP Services.
If your service hasn't been imported automatically, you may need to create the service information manually by
following the steps described in the section Manual Creation (Only If Required).
Note
As a global ultimate customer (that is, a customer managing SAP cloud products that are subscribed
under multiple customer accounts, for example after an acquisition) you need to enter an S-user that
has the authorizations to access the system data for all subsidiary customer accounts to ensure that the
Landscape Management app has access to the data.
The S-user must not be a technical S-user but a standard dialog S-user with CCC Group authorizations.
For more information on how to create such an S-user, refer to SAP Note 3070306 .
To add the S-user, open the Landscape Management app and choose (Configuration). Under Import of
Subscribed SAP Services, choose (Add S-User) and enter the credentials of the S-user.
There are push-enabled services that register themselves in SAP Cloud ALM (for example, SAP SuccessFactors
and SAP S/4HANA Cloud). These services are created automatically in the Landscape Management app as
part of the communication arrangement or registration. If the services already exist in the app, the technical
details are updated automatically.
The automatic import by SAP is the preferred way to import service information for services. However, you can
also manually add any additional services if necessary (for example, services of the type Unspecific Cloud
Service (HTTP) or SAP Ariba Cloud Integration Gateway).
After adding your service to the Landscape Management app, you need to establish a connection between the
service and SAP Cloud ALM to collect monitoring data. How this connection is established depends on the
individual service type. For detailed, service type-specific information on the managed services setup, refer to
Setup Managed Services / Systems in the SAP Cloud ALM for Operations Expert Portal.
7.3.2 Systems
To register on-premise systems, run the ABAP report program /SDF/ALM_SETUP as described in Setup Steps
in the SAP ABAP On-Premise System on the SAP Cloud ALM for Operations Expert Portal.
When the registration in the system has been completed, the registered system is automatically displayed on
the Systems page. Once a technical system has been registered, a default logical system (client) is created and
displayed in the System Details.
Note
If you want to create a logical system for two clients, run the ABAP report program from both clients.
The Service Delivery Center in SAP Cloud ALM is a collaborative application. SAP exchanges service-related
information with your SAP Cloud ALM account, such as:
• SAP pushes relevant service orders and service results to your SAP Cloud ALM tenant.
• SAP and your SAP Cloud ALM tenant exchange preparation tasks, issues, and actions that are created for
your services.
• You can upload service-related documents and access uploaded documents for your service. Documents
are stored centrally within the SAP space.
To be able to use the service delivery applications, you need to give you consent to this data exchange.
When you open the Service Delivery Center application, you're prompted with a dialog that asks for your
confirmation.
For more information see SAP Cloud ALM for Service (SAP Support Portal).
There are additional integration and configuration options that help you take advantage of the full set of
capabilities of SAP Cloud ALM.
On this interactive image, you can see all optional setup steps for SAP Cloud ALM at a glance. For detailed
guidance, click on the respective sections.
To set up the connection between your managed systems and individual SAP Cloud ALM applications, you
need to retrieve your service key and connect your SAP services and systems to your SAP Cloud ALM instance.
Note
If you've requested SAP Cloud ALM on or after 2023-06-12, a service key that can be used to connect
managed services to SAP Cloud ALM for Operations monitoring applications was generated automatically.
You can skip these steps and access the service key in the SAP BTP cockpit or in the Landscape
Management app, as described in Managing Your Service Key [page 50].
If you want to set up transport management, you still need to carry out the following instructions to
create another service key, but you can reuse the created space and no longer have to configure your
entitlements.
Prerequisites
• Your user has the role Global Account Administrator in the global account that was created when
you requested SAP Cloud ALM, and is a member of the subaccount containing your SAP Cloud ALM
subscription.
If you don't have this role, the global account administrator can assign it to you by following the steps
described in Add Members to Your Global Account.
• Your user has the role Org Manager in your Cloud Foundry organization.
If you don't have this role, the org manager can assign it to you by following the steps described in Add Org
Members Using the Cockpit. If Cloud Foundry is not available in the menu, you can enable it by following
the steps described in Create Orgs.
If you've requested SAP Cloud ALM, your user has automatically received the required authorizations
during the creation of the global account and the subaccount.
Procedure
Carry out the following steps to enable SAP Cloud ALM API:
Create a Space
1. Open the SAP BTP cockpit.
2. Select the global account that contains your SAP Cloud ALM entitlement, which was created when you
requested SAP Cloud ALM.
3. Under Subaccounts, select the subaccount that contains your SAP Cloud ALM subscription.
4. Choose Cloud Foundry Spaces .
5. If you already have a space with the required authorizations, proceed to the Configure Entitlements
section.
If you don't have a space yet, choose Create Space.
6. Enter a space name and select the roles that you want to assign to your user for this space. To perform the
following steps, your user needs at least Space Developer authorizations.
7. Choose Create.
Configure Entitlements
An entitlement is your right to provision and consume a resource.
4. Choose Save.
Maintain an Instance
{
"xs-security": {
"xsappname": "<Your Instance Name>",
"authorities": [
"$XSMASTERAPPNAME.imp-cdm-feature-display-ui",
"$XSMASTERAPPNAME.imp-cdm-feature-manage-ui"
]
}
}
Service keys allow you to configure an external application so that it can connect to an SAP Cloud ALM API
service instance.
1. In the top right corner, choose (Actions) and select Create Service Key.
Outside of the SAP BTP cockpit, service keys must be stored securely. If you need a service key, create the
service key directly in the SAP BTP cockpit, and access it from there whenever you need it.
Related Information
Managing Spaces
Entitlements and Quotas
If you requested SAP Cloud ALM on or after 2023-06-14, an automatically generated SAP Cloud ALM service
key was uploaded to the Landscape Management app for you. This key can be used to connect managed
services to push monitoring data using OAuth 2.0.
Prerequisites
To access and upload your service key, you need the role Landscape Management Security Administrator.
You can access the service key in the Landscape Management app by opening the configuration ( ) and
expanding the section SAP Cloud ALM Service Key.
• (Display Service Key): Display the content of the uploaded service key.
• (Download Service Key): Download the service key as a TXT file. The content will be in JSON format.
• (Delete Service Key): Delete a service key from landscape management.
• (Test Service Key): Check if this key can be used to log on to the SAP Cloud ALM API.
If no service key has been uploaded yet, you can add it as follows:
Note
• You can only upload one service key for this SAP Cloud ALM tenant.
• We recommend that you upload the service key to landscape management that is used regularly to
connect managed services and systems to SAP Cloud ALM, for example, for monitoring setup or
transport management.
• You can use the same service key for all managed services and systems to connect them for the
same purpose, such as monitoring.
• If you use a different "one-use" service key for each managed service, don't upload this key to
landscape management. This functionality is intended for regularly used keys only.
• Don't upload service keys for API calls, such as the SAP Cloud ALM Analytics API, to landscape
management.
Caution
If you delete a service key or an SAP Cloud ALM API service instance in the BTP cockpit, the service key in
the Landscape Management app will not be deleted automatically. Please make sure to also delete it from
landscape management, as it can no longer be used for authentication.
By integrating the SAP Audit Log Viewer service for SAP BTP, you can view the audit logs for your SAP
Cloud ALM tenant to track the end user activity in SAP Cloud ALM. Audit logs represent security-relevant
chronological records that provide documentary evidence for an event or activity.
To display the audit logs in the Audit Log Viewer Service application on SAP BTP, subscribe to the SAP Audit
Log Viewer service in your subaccount as described in Audit Log Viewer for the Cloud Foundry Environment.
By integrating SAP Central Business Configuration with SAP Cloud ALM, you can import roadmap content into
the Tasks app. This helps you understand the order in which the tasks need to be executed, and allows you to
navigate directly to SAP Central Business Configuration as needed.
SAP Central Business Configuration is a solution that supports the configuration of SAP S/4HANA Cloud.
While an SAP Cloud ALM project applies the SAP Activate methodology to provide end-to-end procedural
guidance on how to start and execute an implementation project, an SAP Central Business Configuration
project shows the project and configuration activities focused on your specific business configuration.
To use SAP Central Business Configuration in SAP Cloud ALM, you first need to carry out the following setup
procedure.
Procedure
Technical Setup
Create an endpoint for SAP Central Business Configuration by carrying out the following steps:
1. In the SAP Cloud ALM launchpad, open the Landscape Management app.
2. In the Select a Scope dialog, make sure that the service SAP Central Business Configuration is selected.
3. On the Services & Systems page, use the search or filter options to find your SAP Central Business
Configuration service and open it.
4. Under Endpoints, choose Create Endpoint Automatically.
Please note that you can maintain only one service and one endpoint for the integration of SAP Central
Business Configuration.
After you've completed the technical setup, select SAP Central Business Configuration as an integration
scenario by carrying out the following steps:
1. In the SAP Cloud ALM launchpad, open the Projects and Setup app.
2. To create a new project, choose Create.
3. Enter the following parameters:
• Project: Enter a project name of your choosing, such as Implementation Project.
• SAP Activate Roadmap: Select the desired roadmap.
• Access Level: Select an access level for your project.
• Status: Select On Track.
• Current Phase: Select Prepare.
• Scenario: Select SAP Central Business Configuration.
After saving the new project, you can navigate to your SAP Central Business Configuration project with the
direct links in the table or via the respective tasks.
Related Information
Project user authorizations are defined by the project access levels, the roles users are assigned to in the user
management, and the roles users are assigned to in project management.
In the Projects and Setup app, three access levels can be determined in a project:
• Public: This project is publicly accessible by all users with project management authorizations.
• Restricted: This project is restricted and only project members can make changes within the project
(display for non-project-members allowed).
• Private: This project is private and can only be accessed by project members (display for non-project-
members not allowed).
When a project is created, the access level is set to Restricted by default. This can be changed later.
Within each access level, the combination of role assignments in User Management and the team assignment
in a project defines the project permissions for a user.
• Project Administrator: Manage projects, deployment plans, tasks, scopes, requirements, features, notes,
test cases, defects, and tags
• Project Lead: Manage projects, deployment plans, tasks, scopes, requirements, features, notes, test cases,
and defects
• Project Member: View projects and deployment plans. Manage tasks, scopes, requirements, features (with
restrictions ), notes, test cases, and defects
• Project Viewer: View projects, deployment plans, tasks, scopes, requirements, features, notes, test cases,
and defects
In the Projects and Setup app, users can be assigned to teams based on numerous roles, such as Project
Lead, Analytics Expert, Business Process Expert. As soon as a user is assigned, a request is triggered in User
Management to assign the user to the respective role collection.
The first column of the table shows the three access levels that can be determined during project setup in
the Projects and Setup app. The second column shows the team assignment type. The rest of the columns
shows the different roles a user can be assigned to in the User Management app. In the table legend, the
When you set the access level for a project to Public, user authorizations are only affected by the roles that
are assigned in User Management. This is not the case for the access levels Restricted and Private. Here, user
authorizations are both affected by the roles that are assigned in User Management and the team assignments
made in the Projects and Setup app.
Note
Any authorization changes to projects or assignments to projects or teams only apply to the individual
users after they have logged out of SAP Cloud ALM.
The Cloud Integration Automation service (CIAS) provides you with a guided workflow to integrate SAP cloud
solutions to on-premise and other SAP cloud solutions. The guided workflow contains instructions for manual
and automated tasks to enable an easy and quick integration configuration setup.
Prerequisites
Procedure
1. From the SAP Cloud ALM launchpad, open the User Management app.
2. To go to the user list, choose (Users).
3. Select the user to whom you want to assign the Cloud Integration Automation roles.
4. Choose Edit.
5. Under Cloud Integration Automation Service, select one of the following roles:
• Cloud Integration Administrator
• Cloud Integration Expert
• Cloud Integration Viewer
Related Information
You can enable transport management of different transport environments for SAP Cloud ALM.
In this section, you can find the setup steps for the enablement of the transport management for different
transport environments in SAP Cloud ALM.
By enabling the transport management for SAP S/4HANA Cloud, private edition, and SAP NetWeaver
Application Server for ABAP on-premise, you can orchestrate the deployment of transport requests through
your implementation landscape.
In order to use the Change and Transport System (CTS) for SAP S/4HANA Cloud, private edition, and
SAP NetWeaver Application Server for ABAP on-premise in an SAP Cloud ALM environment, you have to
establish a connection between SAP Cloud ALM and the Change and Transport System (CTS). This
guide explains all steps that are needed to set up this connection.
SAP Cloud ALM supports the integration of Change and Transport System (CTS) for SAP S/4HANA
Cloud, private edition, and SAP NetWeaver Application Server for ABAP on-premise.
Caution
Transport-related data is pushed to SAP Cloud ALM from your managed systems by setting up the
integration. This includes data of the transport owner.
Before you can start enabling the transport management for SAP S/4HANA Cloud, private edition or SAP
NetWeaver Application Server for ABAP on-premise, you need to fulfill the following prerequisites:
Note
• For ST-PI 740 SP 21 install corrections 3240966 and follow SAP Note 3322679 .
• For ST-PI 740 SP 20 install corrections 3240966 and follow SAP Note 3322679 .
• For ST-PI 740 SP 19 install corrections 3196078 and follow SAP Note 3322679 .
• For ST-PI 740 SP 18 install corrections 3196078 and follow SAP Note 3322679 .
Note
Check that the profile parameter icm/HTTPS/client_sni_enabled is set to TRUE, as described in SAP
Note510007 .
Note
For the profile parameter check, you can use the transaction RZ11 in the managed system
Required Authorizations
You need to consider two users in the managed ABAP system for the setup.
Note that the authorization steps are only needed for system client 000. For other clients, these steps can't be
performed.
• To run transaction /SDF/ALM_SETUP, the user needs the PFCG role SAP_SDF_ALM_SETUP.
Note
In this role, you need to maintain the authorization field S_BTCH_NAM > BTCUNAME either with '*' or
with the user name of the user you plan to use as data collection background job user.
• The user you specify as background user requires the PFCG role SAP_SDF_ALM_METRIC_PUSH_FND and
the role SAP_BC_TRANSPORT_ADMINISTRATOR.
Note
Download the latest version of the role SAP_SDF_ALM_METRIC_PUSH_FND from SAP Note 3104662 .
Procedure
Note
Note
Alternatively, you can enter the required fields for SAP Cloud ALM manually:
1. Token Endpoint: Enter the SAP Cloud ALM OAuth URL, following the pattern url + /oauth/
token.
Example: calm-tenant.authentication.eu10.hana.ondemand.com/oauth/token
2. Client ID: Enter SAP Cloud ALM client ID.
3. Client Secret: Enter SAP Cloud ALM client secret.
4. Proxy User (if necessary)
5. Proxy Password (if necessary)
6. Proxy Host (if required by your network infrastructure. For SAP S/4HANA Cloud, private
edition, enter value: proxy)
7. Proxy Port (if required by your network infrastructure. For SAP S/4HANA Cloud, private
edition, enter value: 3128)
Note
6. Select the use cases that you want to collect and push data for. The push mechanism supports the
following use cases:
• For development systems: Feature Deployment: Manage Transports
• For a domain controller system: Feature Deployment: Read Landscape
• All other systems (test or production): Feature Deployment: Import Transports
Tip
Note
Commonly, authorization-checks are performed in the system in which a change happens. In case of
the Features app, this app takes over the authorization check for importing transports in the SAP Cloud
ALM environment instead of the managed system. In the managed system, the user you specified as
background user for the data collection performs the transport actions. Since this background user
has transport authorization by definition, the distinct check whether a specific end user is allowed to
perform a transport operation is done in SAP Cloud ALM.
7. Choose Continue.
8. If everything is set up correctly, it looks like this:
Caution
If you want to change the transport configuration in the Transport Management system, make sure that all
current changes are completed and deployed to the production system. Additionally, the transport buffers
should be empty. Otherwise, you need to adjust the respective transport buffers manually.
To enable the release of transports within an SAP Cloud ALM feature, you have to execute the following setup in
each development client you're using:
1. Log on to the respective ABAP system client and start transaction /n/SDF/ALM_SETUP.
2. You can reuse the SAP Cloud ALM destination from your PUSH data configuration.
3. Under Maintain HTTP Destination, choose Update Destination and paste the JSON file you've already
created in the Configuration of the PUSH Data Provider section of this guide.
4. Under Enter Background User and Register System, choose Unregister.
5. Enter the background user you've created to perform the data collection.
6. Choose Register to call SAP Cloud ALM and register the system. Confirm the scheduling of the respective
jobs.
By enabling the transport management for the SAP Cloud Transport Management service, you can orchestrate
the deployment of transport requests through your implementation landscape.
To use the transport capabilities of SAP Cloud ALM in conjunction with the SAP Cloud Transport Management
service, you first have to establish a connection between them.
Note
SAP Cloud ALM supports the parallel delivery of several nodes at once.
Before you can use the deployment functionality in SAP Cloud ALM, you have to configure the nodes in the
SAP Cloud Transport Management service.
Prerequisites
• You've set up the product (for example, SAP Integration Suite) with which you want to integrate the SAP
Cloud Transport Management service for SAP Cloud ALM.
For more information about the general setup, refer to Initial Setup of SAP Cloud Integration in the Cloud
Foundry Environment.
• You've familiarized yourself with how to use the SAP Business Technology Platform (SAP BTP) cockpit, in
particular Account Administration concepts.
• You're subscribed to the SAP Cloud Transport Management service and your user has the required
transport management roles Transport Management Viewer and Transport Management Operator.
5. Search for the Cloud Transport Management service in the search bar. If no results are shown in the
service list, choose Add Service Plans.
6. Select Standard (Application) Standard Plan and choose Add 1 Service Plan.
8. Go to Instances and Subscriptions and select the Cloud Transport Management service.
9. Choose Create.
For more information, refer to Assign Roles to Users in SAP Cloud ALM.
With these roles, you can access the Cloud Transport Management service from within your
subaccount in the SAP BTP cockpit by choosing Go to Application.
Note
You have to use auto forward and upload application content to dev node manually.
Procedure
Note
The following steps apply only to the SAP Integration Suite. For other integrations, refer to the relevant
documentation.
The product requires a destination to the SAP Cloud Transport Management service. In the SAP BTP
subaccount where your source product tenant is hosted, create a destination targeted at the SAP Cloud
Transport Management service.
To set up the HTTP destination, refer to Creating HTTP Destinations and Transport Route. Go to the Cloud
Transport Management tab.
In the URL section for the endpoint, enter the URL of your SAP Cloud ALM API instance that follows the
pattern https://eu10.alm.cloud.sap/api/imp-cdm-transport-management-api/v1. The first
part of the URL until /api depends on your company account and is variable.
In addition to manual testing, which is performed directly in SAP Cloud ALM, you can also integrate SAP and
third-party test automation providers with SAP Cloud ALM.
By integrating automation providers with SAP Cloud ALM, you can reduce your manual testing efforts and take
advantage of its test orchestration, execution monitoring, and reporting capabilities.
You can integrate automated test cases from the test automation tool for SAP S/4HANA Cloud for use in test
orchestration in SAP Cloud ALM.
The test automation tool for SAP S/4HANA Cloud is a free automation provider delivered as part of the guided
configuration tools for SAP S/4HANA in SAP Activate. It enables you to test SAP Best Practice processes after
implementation or upgrade of SAP S/4HANA Cloud.
To use this integration in your project, you need to configure a service and an endpoint in the Landscape
Management app in SAP Cloud ALM.
Prerequisites
• You have a Test system for the test automation tool for SAP S/4HANA Cloud.
Note
Don't connect your SAP S/4HANA Cloud Production system to SAP Cloud ALM. Test cases shouldn't
be tested in production.
Procedure
Caution
SAP recently revisited the way test automation providers are modeled in the Landscape Management app.
If you've already created a test automation endpoint for the test automation tool for SAP S/4HANA Cloud,
do not change or delete it. It will continue to work. If you delete it and re-create it, it might impact the
existing automated test cases that have been already synchronized with SAP Cloud ALM.
If you want to add a new automation provider, follow the new procedure described below.
1. To communicate with the test automation tool for SAP S/4HANA Cloud, a communication user is
required. If you need to create the communication user, follow the procedure described in Communication
Management. The communication scenario is COM0620.
2. In the SAP Cloud ALM launchpad, open the Landscape Management app.
3. In the Select a Scope dialog, make sure that the service SAP S/4HANA Cloud is selected.
4. On the Services & Systems page, choose (Cloud Service Filter) and filter by the service type SAP
S/4HANA Cloud and by the tenant role Test.
The list now displays all SAP S/4HANA Cloud tenants that are currently connected to your SAP Cloud ALM
tenant.
5. Check whether there's an existing service for which the root URL matches the root URL of your test SAP
S/4HANA Cloud system. If so, proceed directly to step 7.
6. If no service exists for your SAP S/4HANA Cloud system, choose Add New Cloud Service and enter
the following parameters:
• Name: Enter a name that follows a naming convention that fits your organization, for example
<Root_URL_S/4> or <S/4_System_SID>.
Please note that spaces and special characters other than hyphens and underscores aren't allowed.
• Description: Enter a short description, such as Test SAP S/4HANA Cloud for <Department, if
relevant>.
• Tenant ID: Enter a meaningful tenant ID for the test automation tool for SAP S/4HANA Cloud that
uniquely identifies the service in the Landscape Management app. This ID can be freely chosen.
• Service Type: Select SAP S/4HANA Cloud.
• Tenant Type: Select Test.
• Root URL: Enter the root URL of your SAP S/4HANA Cloud launchpad, starting with https and ending
with .com or .sap.
• External ID: Leave empty.
• Customer Number: Enter your customer number.
• Customer Name: Enter your customer name.
7. Save the new service.
You can now see it in the list.
8. To create an endpoint, select the service.
9. Under Endpoints, check whether there's an existing endpoint with the use case Test Automation or Test
Management. If so, you can update it by choosing (Edit).
Note
You can maintain multiple endpoints for test automation. However, we strongly recommend only
maintaining one endpoint per SAP S/4HANA Cloud tenant.
You should maintain two test automation endpoints if you're working with a 3-system landscape setup for
SAP S/4HANA Cloud with two test automation tenants (one for the main line and one for the project line).
Once you've established the connection between SAP Cloud ALM and the test automation tool for SAP S/
4HANA Cloud, a synchronization with the SAP S/4HANA Cloud system takes place to retrieve the existing
automated test cases whenever new processes are scoped in your SAP Cloud ALM projects.
Related Information
Tricentis Test Automation for SAP integrated with SAP Cloud ALM is a continuous testing platform that allows
you to design automated, functional, end-to-end software tests across all layers of your enterprise architecture.
By using this integration in your project, you can take advantage of the test orchestration, execution
monitoring, and reporting capabilities of SAP Cloud ALM.
• Your user in SAP Cloud ALM has the role Global Administrator.
• You have an S-user with the role Edit Cloud Data and an email address that corresponds to the email
address used in SAP Cloud ALM.
You can evaluate valid S-users for your organization in SAP for Me, under Important Contacts .
If you requested SAP Cloud ALM, you've received the authorizations required to set up this integration.
Procedure
1. In the SAP Cloud ALM launchpad, open the app Set Up Tricentis Test Automation for SAP.
You can now start using Tricentis Test Automation for SAP integrated with SAP Cloud ALM from the Test
Preparation app in SAP Cloud ALM.
The test cases will then be authored in Tricentis Test Automation for SAP, as described in the Tricentis
documentation.
Related Information
Tricentis Test Automation for SAP integrated with SAP Cloud ALM
Tricentis Test Automation for SAP online documentation
Tricentis Test Automation execution agents
Tricentis test automation for SAP usage rights
To adapt the solution to reflect your business processes and parameters, you can make various configuration
settings.
For several apps in SAP Cloud ALM, additional setup steps are required. You can find detailed guidance in the
SAP Cloud ALM for Implementation Expert Portal , the SAP Cloud ALM for Operations Expert Portal , and
the SAP Cloud ALM for Service Expert Portal on SAP Support Portal.
Once you've signed in to SAP Cloud ALM, you can also find application-specific personalization and
configuration options by choosing (Configuration) at the top-right corner of many apps.
The Systems & Provisioning dashboard on SAP for Me is your one-stop place for all your active public cloud
systems on SAP BTP.
From here, you can navigate to your global account on SAP BTP and to your SAP Cloud ALM tenant:
1. To find your system information for SAP Cloud ALM, open the Systems page on SAP for Me.
2. Under Public Cloud Systems on BTP, filter by cloud service SAP Cloud ALM. This lists two entries for SAP
Cloud ALM:
• Data Center Region: Global
• Data Center Region: <Region of the subaccount>
Note
If your company has multiple customer numbers, the entries related to SAP Cloud ALM may occur
for several of these customer numbers. Each customer number can have its own SAP Cloud ALM
installation.
Related Information
SAP Cloud ALM offers different types of assistance to guide you through additional configuration activities and
to help you understand the capabilities of SAP Cloud ALM apps.
In-App Help
Each app in SAP Cloud ALM provides on-screen explanations of key features and user interface elements.
When you're signed in, you can switch on the help by choosing (Open Help) at the top right of the screen, or
by pressing F1 on your keyboard.
• (Help Topics): Quick reference information about specific user interface elements to help you perform
your tasks
• (Guided Tours): Guided tours of more complex procedures
You can find an overview of all related documentation at SAP Cloud ALM.
To optimize your experience of SAP Cloud ALM, we provide features and settings that help you use the software
efficiently. Learn more about these features and settings and find out how to use them.
Note
SAP Cloud ALM is based on SAPUI5. For this reason, accessibility features for SAPUI5 also apply. See the
accessibility documentation for SAPUI5 on SAP Help Portal at Accessibility for End Users.
For more information on screen reader support and keyboard shortcuts, see Screen-Reader Support for
SAPUI5 Controls and Keyboard Handling for SAPUI5 Elements.
Context
This feature is recommended for users with need for high contrast themes.
Steps
Data protection is associated with numerous legal requirements and privacy concerns.
In addition to compliance with general data protection and privacy acts, it’s necessary to consider compliance
with industry-specific legislation in different countries. SAP provides specific features and functions to support
compliance with regard to relevant legal requirements, including data protection. SAP doesn’t give any advice
on whether these features and functions are the best method to support company, industry, regional, or
country-specific requirements.
Furthermore, this information shouldn’t be taken as advice or a recommendation regarding additional features
that would be required in specific IT environments. Decisions related to data protection must be made on a
case-by-case basis, considering the given system landscape and the applicable legal requirements.
Note
SAP doesn’t provide legal advice in any form. SAP software supports data protection compliance by
providing security features and specific data protection-relevant functions, such as simplified blocking and
deletion of personal data. In many cases, compliance with applicable data protection and privacy laws
won’t be covered by a product feature. Definitions and other terms used in this document aren’t taken from
a particular legal source.
To support users in their job, the following types of personal data are stored in SAP Cloud ALM:
A user with the User Administrator role can find all user data in the User Management app in SAP Cloud ALM.
Apart from this user record, personal data in SAP Cloud ALM exists in form of personalization configuration
and in relation to application objects (such as projects, tasks, and alerts). These objects have their own lifetime
and retention periods, independent of the users.
To keep the link between application objects and users even after a user was offboarded, the user-related data
is kept for auditability purposes (for example, to see who performed a particular task, executed a test case, or
made a certain configuration).
To protect the personal data of offboarded users, the user administrator can deactivate the user record within
SAP Cloud ALM. If the SAP BTP account is integrated into a central identity management via the Identity
Provisioning service, this also happens automatically if the user is deleted from the Identity Authentication
tenant.
However, this automatic deactivation is done only after a grace period of 30 days. This prevents an accidental
automatic user deactivation while changing the settings in the Identity Authentication service. During this
period, deactivated users aren't authorized to use SAP Cloud ALM, but their personal settings and tasks
assignments are still valid after changing the settings in the Identity Authentication service.
When a user is deactivated in SAP Cloud ALM, all role assignments to the user are deleted and personalized
data is removed. The person-related data of deactivated users is only visible for users with the role User
Administrator or Global Auditor. To all other users, the deactivated user is anonymized.
The user's identity in the identity provider and a mapping of user groups to roles (if available) aren't affected
by this. Therefore, if the user is still active in the Identity Authentication tenant and still has authorizations, for
example, because of a group mapping, a deactivated user can still log on to SAP Cloud ALM. In this case, the
user is reactivated and the personal data becomes visible again to all users in the respective SAP Cloud ALM
applications.
User records can also be deleted by the user administrator after the deactivation. However, deletion isn’t
recommended when the user has worked in SAP Cloud ALM, since it’s more difficult to trace back actions to
the user. Dependent data, that is, business objects that the user has worked on, have their own lifetime and are
deleted according to their own deletion concept.
Only if the SAP Cloud ALM account is closed and deleted, all data is deleted as well.
If you've set up integrations with other SAP solutions or third-party applications, some user-related data from
the managed systems may be stored in SAP Cloud ALM.
Transport Management
Once you've enabled transport management, and transport data (transport request information) is pushed
from the managed system, the transport owner ID is stored in SAP Cloud ALM. No further data related to the
transport owner is stored.
The transport owner ID is usually not known in SAP Cloud ALM and therefore can't be found in the User
Management app. It's only displayed in the Features app.
Monitoring Applications
User-related data that is collected from managed systems as part of the monitoring data, for example in
Integration and Exception Monitoring, Business Process Monitoring, and Real User Monitoring, can only be
accessed by users with roles with a sensitive scope.
The Configuration & Security Analysis collects configuration data and a few config stores contain user IDs.
Within standard memory usage, this user-related monitoring data is considered transient data because it's only
visible in SAP Cloud ALM for the duration of the defined retention period. Once the retention period is over,
all user-related data from managed systems is deleted and not aggregated. For this reason, the retrieval and
manual deletion of user-related monitoring data is currently not supported.
Email notifications can be set up for named users (that is, users that are maintained in the Identity
Authentication tenant) and for unnamed users. Only the recipient email ID is stored as part of the Notification
Management app.
Giving Consent
As soon as new recipients are added to the notification management, they receive an email from cloudalm-
notification@sap.com, requesting them to verify their email ID and to offer consent to store their email ID and
receive notification emails from SAP Cloud ALM.
Once given, the consent is valid for 6 months. Shortly before their consent expires, recipients can renew their
own subscription.
Recipients can unsubscribe from notifications at any time by choosing Unsubscribe in the footer of any email
sent by the Notification Management app.
Housekeeping
Recipients who are not required are deleted once every 10 days. This includes:
Change Log
In SAP Cloud ALM, only the User Management app contains master data. This app uses change logging for all
changes to its data, such as changes of authorizations and user master data.
Change logging in SAP Cloud ALM is implemented on application level and reflects changes, such as the date
and time of the access and the change, and new and old values of the changed attributes.
The SAP Audit Log Viewer service records the following information:
Audit log entries are automatically deleted after a defined retention period. For information about audit log
retention, see Audit Log Retention for the Cloud Foundry Environment in the SAP BTP documentation.
You can access the audit log of SAP Cloud ALM with the SAP Audit Log Viewer service. For information about
subscribing to the viewer and authorizing your business users to access the log, refer to Audit Log Viewer for
the Cloud Foundry Environment in the SAP BTP documentation.
SAP Cloud ALM uses encrypted communication channels based on HTTPS/TLS, supporting TLS version 1.2 or
higher.
Use the information in this table to secure the configuration and operation of SAP Cloud ALM services in your
landscape.
Cross Critical Audit Log Audit By integrat Enable the Audit Log CALM-
Viewer for X-0001
ging ing the SAP SAP Audit
the Cloud
Audit Log Log Viewer
Foundry En
Viewer service for vironment
service for SAP BTP.
SAP BTP,
you can
view the au
dit logs for
your SAP
Cloud ALM
tenant to
track the
end user
activity in
SAP Cloud
ALM.
Cross Advanced Client Se External You can add To protect CALM-
X-0003
curity APIs and config- information
ure service about the
instances to service in
allow exter stance,
nal applica such as the
tions to ac OAuth se
cess the cret,
APIs pub choose cer
lished on tificate-
SAP Busi based au
ness Accel thentica
erator Hub tion.
.
To prevent
To do this, external ap
you need to plications
configure from per
authentica forming un
tion for the authorized
service in operations,
stances and assign the
set allowed minimal set
scopes in of scopes.
the service Create sep
instance. arate serv
ice instan
ces with in
dividual
scopes for
required
purposes
instead of
assigning
all scopes in
one in
stance and
using them
for all API
access.
External Advanced Authentica Secure Sys When con Use the au SAP BTP CALM-EX
tem-to-Sys
API Man tion and figuring a thentication Security TAPI-0001
tem Inte
agement Single Sign- webhook to method Recom
gration
On point to the that is rec mendations
target ex ommended
ternal serv by the
ice API, you Landscape
need to se Manageme
lect either nt app or
an SAP BTP SAP BTP.
destination
or an end
point in the
Landscape
Manageme
nt app.
User & Ac Critical Roles and Roles Roles in Assign suit Role Collec CALM-
tions [page UAM-0001
cess Man Authoriza SAP Cloud able roles
33]
agement tions ALM are de that give
livered as users only
predefined the authori
collections. zations they
need to per
The initial
form their
user re
tasks.
ceives the
role Global
Administrat
or, which
provides
the com
plete set of
authoriza
tions in SAP
Cloud ALM.
Landscape Critical Authentica Strong Au When add Choose one Step 3: Set CALM-
Up Land LM-0001
Manage tion and thentication ing a serv of the more
scape Man
ment Single Sign- ice man secure
agement –
On ually, you methods Services
can choose according [page 39]
between to the capa
several au bilities of
thentication the end
settings for point pro
new end viding cloud
points. The service:
available
• OAuth
options de
2Client
pend on the
Creden
cloud serv
tials
ice.
• ClientC
ertifica
teAuth
enticati
on
• Auth2S
AMLBe
arerAut
hentica
tion
Project Advanced Roles and Project Ac The access Select the Configuring CALM-
Project PTM-0001
Manage Authoriza cess Re level of the appropriate
User Per
ment tions strictions initial, auto access level
missions
matically for your [page 53]
created project:
project is
• Public
Public.
• Restric
Any addi ted
tional
• Private
projects
that you
create man
ually are set
to
Restricted
by default.
Business Recom Roles and KPI Access You can re Use access CALM-
Process mended Authoriza Control strict the groups to BM-0001
Monitoring tions data access grant users
of a defined access only
user group to data rele
to a particu vant to their
lar business tasks.
process
scope.
By default,
access con
trol is deac
tivated.
Table Headings
The name Defines the The Secure A topic is a Describes Defines our A link to Date of the A stable
of the criticality of Operations short de the usage recommen documen last signifi- unique ref
service or the recom Map is a ref scription or of the se dation for tation that cant erence to
area to mendation. erence a general curity set this config- explains change. identify the
which the model to heading to ting, includ uration. how you recommen
For an ex See also
setting structure find similar ing any con can achieve dation.
planation of What's New
belongs. the broad topics text, or de the recom
the priority for SAP
area of se across serv fault setting mendation.
levels, see Cloud ALM.
curity for ices. behavior (if
the follow
content, available).
ing Priori
discus Not
ties table.
sions, and e
as a basis
Please
for a 360°
expect
view on se
change
curity.
s here.
For more in
formation
about the
Secure Op
erations
Map, see
Security
Overview
as part
of the SAP
Security
Optimiza
tion Serv
ices Portfo
lio.
Priorities
Priority Description
Recommended Improves the security of the landscape and significantly reduces the attack sur
face.
When your SAP contracts expire, your SAP Cloud ALM tenant and all related data will be terminated after a
grace period has passed.
The termination process starts with a notice period. The requestor of the global account that contains your
SAP Cloud ALM entitlement receives an email about the expiring contract, and a warning banner is displayed
for the global account in the SAP BTP cockpit. If this happens, you can request an export of your data by
opening an incident on component SV-CLM-INF-ONB, if required.
30 days after your contracts with SAP end, the SAP BTP global account is closed and access to your SAP Cloud
ALM tenant is blocked. At this point, if you renew your SAP contracts, your account can still be restored to a
fully active state without data loss.
60 days after your contracts with SAP expire, your global account and your SAP Cloud ALM tenant are fully
decommissioned. All customer-related data for the account and for all associated services is deleted and
cannot be restored or recovered.
In this document, you can find answers to some of the most common questions and issues that may arise
while requesting and setting up SAP Cloud ALM.
To get started, find your current phase or the subject of your issue and jump to the corresponding section:
Issue Resolution
You want to request SAP Cloud ALM on SAP for Me, Make sure you fulfill the following prerequisites:
but you can't access the request dashboard.
• Your company number has sufficient product and support con
tracts.
• You're assigned to the respective customer.
• You have an S-user with the role Edit Cloud Data on SAP for
Me.
Issue Resolution
When requesting SAP Cloud ALM on SAP for Me, Your Identity Authentication tenant may not show up for the following
your Identity Authentication tenant isn't available reasons:
for selection.
• It may not be a productive tenant.
• It may be assigned to a different customer ID.
You can find all Identity Authentication tenants assigned to your cus
tomer ID and their type at https://iamtenants.accounts.cloud.sap .
Issue Resolution
You want to find the welcome emails and activation Welcome Emails from SAP Cloud ALM
emails that were sent to you when you requested
• If you requested SAP Cloud ALM, you've received a welcome
SAP Cloud ALM.
email with the subject Access information for SAP Cloud ALM.
• If someone else requested SAP Cloud ALM and added you to
the system, you've received a welcome email with the subject
Welcome to SAP Cloud ALM.
You can't find or didn't receive your activation email Search for an email with the subject Activate Your Account for...
for your Identity Authentication tenant. Don't forget to also check your spam folder.
You requested SAP Cloud ALM and want to assign Refer to 3248116 .
additional administrators who can complete the
setup of SAP Cloud ALM.
You're an Ultimate Global Customer with multiple Refer to SAP Note 3070306 .
customer numbers and want to import all your cus
tomer numbers for cloud subscriptions into one
SAP Cloud ALM system. You don't want to maintain
several SAP Cloud ALM systems.
Issue Resolution
You want to connect SAP Cloud ALM to a non-pro We don't recommend connecting SAP Cloud ALM to a non-produc
duction Identity Authentication tenant. tion Identity Authentication tenant because there's no way to migrate
users from a test Identity Authentication tenant to a production Iden
tity Authentication tenant. This could cause issues in your landscape
if you later decide to use SAP Cloud ALM in a productive manner.
You want to use a different Identity Authentication Creating multiple productive Identity Authentication tenants splits
in SAP Cloud ALM than the one you're using for the user base and requires an individual administrator for each ten
your managed system. ant. This means that users that are maintained in the Identity Authen
tication tenant of your managed system also need to be created in
the Identity Authentication tenant that is used for SAP Cloud ALM, if
they need to work in both solutions.
You want to use a corporate identity provider You can also use an already existing corporate identity provider
(LDAP) for SAP Cloud ALM. (LDAP), in which case we strongly recommend using Identity Authen
tication as a proxy. Changing to a corporate identity provider while
already using SAP Cloud ALM productively can result in invalidated
user IDs and can cause users in SAP Cloud ALM to be deactivated.
You want to find out which Identity Authentication Refer to Viewing Assigned Tenants and Administrators.
tenants are assigned to your customer ID and who
the administrator is.
You want to find out which Identity Authentication Follow the first 6 steps described in KBA 3020352 .
tenant is used for your SAP Cloud ALM tenant.
You're facing issues with your Identity Authentica Refer to KBA 3090756 .
tion tenant after requesting SAP Cloud ALM.
Your Identity Authentication tenant was created in a You can request it be moved by raising an incident on component
different data center than SAP Cloud ALM. BC-IAM-IDS.
You can't access your Identity Authentication ten Refer to KBA 2579343 .
ant. The following error message appears:
When you log on to SAP Cloud ALM, you can Refer to SAP Note 3086201 .
choose between multiple identity providers.
User Management
Issue Resolution
You want to create a large number of users for SAP There is no limit to the number of users that can be created for an
Cloud ALM. SAP Cloud ALM system.
You've added users in the User Management app The onboarding of users consists of two steps that take place in two
in SAP Cloud ALM, but they haven't received a wel different applications:
come email.
• User Management in your Identity Authentication (IAS) tenant
• User Management in SAP Cloud ALM
Before you can add users in SAP Cloud ALM and assign roles to them,
you need to create them in your Identity Authentication tenant.
You want to create a user in your SAP Cloud ALM Refer to KBA 3032960 .
tenant that SAP development can use for trouble
shooting and support purposes.
You have the role Project Administrator, but you The role Project Administrator only enables you to administer projects
don't have access to the User Management app to and assign users that have already been added to SAP Cloud ALM.
create business users in SAP Cloud ALM.
To add users to SAP Cloud ALM, you need the role Global
Administrator or User Administrator.
Users in SAP Cloud ALM have the status Expiring In SAP Cloud ALM, the Identity Authentication service (IAS) assumes
Soon. the role of an identity provider. If users are deleted in the Identity
Authentication tenant or if user IDs are changed due to changes in
the Identity Authentication configuration (for example, from email to
login name), the affected users are automatically deactivated in SAP
Cloud ALM after a grace period of 30 days.
Issue Resolution
You can't log on to SAP Cloud ALM. Verify that you've entered the correct credentials: You need to log on
with the email address and password defined in the Identity Authenti
cation tenant, not your S-user.
Make sure you've completed all steps in Required Setup for SAP
Cloud ALM [page 26] and that you've activated your user profile in
the Identity Authentication tenant.
You can find a link in the activation email that was sent to you when
you requested SAP Cloud ALM or when the tenant administrator
created a user for you. If you can't find the activation email, go to your
Identity Authentication tenant, enter your email address, and choose
Forgot password. You will receive a new activation email.
You can log on to SAP Cloud ALM but do not see Refer to KBA 2982909 .
any apps.
When you try to access SAP Cloud ALM via the Refer to SAP Note 3046343 .
tenant URL the following error messages appear:
When you try to access SAP Cloud ALM from the Check whether you have a firewall setting that prevents you from
SAP BTP cockpit, an HTTP 500 error occurs. But accessing the application. You may need to specify a port.
from outside the organization, for example SAP
support, you can access the application.
You want to set up a second SAP Cloud ALM tenant. Currently, it's possible to request only one SAP Cloud ALM tenant per
entitled customer number.
You can't find your subaccount for SAP Cloud ALM Refer to this question on SAP Community.
in the SAP BTP cockpit.
You want to subscribe to additional applications in You can't subscribe to any additional applications in the subaccount
the subaccount containing your SAP Cloud ALM containing your SAP Cloud ALM subscription. The subaccount is set
subscription. up exclusively for SAP Cloud ALM.
You want to move your SAP Cloud ALM application It's currently not possible to move your SAP Cloud ALM application
to a different data center. from the data center in which it was originally provisioned to a differ-
ent data center.
You want to delete your SAP Cloud ALM subscrip Refer to KBA 3247776 .
tion in your subaccount.
Caution
Deleting your SAP Cloud ALM subscription causes all created
artifacts, stored data, and current configurations to be deleted as
well. It will not re-enable you to request SAP Cloud ALM on SAP
for Me.
You want to decommission SAP Cloud ALM. Official decommission of SAP Cloud ALM isn't yet available. How
ever, you can use a housekeeping job to delete services from the
Landscape Management app.
Further Support
If you encounter issues that aren't listed here or if you're unable to perform the described resolutions yourself,
schedule an expert session or create a support ticket on the following components:
Area Component
Hyperlinks
Some links are classified by an icon and/or a mouseover text. These links provide additional information.
About the icons:
• Links with the icon : You are entering a Web site that is not hosted by SAP. By using such links, you agree (unless expressly stated otherwise in your
agreements with SAP) to this:
• The content of the linked-to site is not SAP documentation. You may not infer any product claims against SAP based on this information.
• SAP does not agree or disagree with the content on the linked-to site, nor does SAP warrant the availability and correctness. SAP shall not be liable for any
damages caused by the use of such content unless damages have been caused by SAP's gross negligence or willful misconduct.
• Links with the icon : You are leaving the documentation for that particular SAP product or service and are entering an SAP-hosted Web site. By using
such links, you agree that (unless expressly stated otherwise in your agreements with SAP) you may not infer any product claims against SAP based on this
information.
Example Code
Any software coding and/or code snippets are examples. They are not for productive use. The example code is only intended to better explain and visualize the syntax
and phrasing rules. SAP does not warrant the correctness and completeness of the example code. SAP shall not be liable for errors or damages caused by the use of
example code unless damages have been caused by SAP's gross negligence or willful misconduct.
Bias-Free Language
SAP supports a culture of diversity and inclusion. Whenever possible, we use unbiased language in our documentation to refer to people of all cultures, ethnicities,
genders, and abilities.
SAP and other SAP products and services mentioned herein as well as
their respective logos are trademarks or registered trademarks of SAP
SE (or an SAP affiliate company) in Germany and other countries. All
other product and service names mentioned are the trademarks of their
respective companies.