Connecting SAP Analytitics Cloud to OneIdentity using SCIM Connector

Hi David,

I'm not sure if it's the same thing as 'SAP Analytics Cloud' but I have recently connected to SAP IPS using the SCIM connector.

SAP IPS does NOT expose any endpoints so you have to leave them blank - which means the connector will use the builtin defaults.

If you need a custom schema then you will have to provide a schema JSON and a resourcetypes JSON to override the builtin defaults.

HTH, Barry.

Hi Barry,

Hope everything is good!

We are still setting up the SCIM connector to connect SAC with OneIdentiy.

We have already tested the connection with SAC using Postman as the client. We have managed to get the token and then users and groups. The problem now is that when we try to create the SCIM connector with the same data, when we click on the test button the wizard ends up with the error "401 invalid basic authentication token"

The configuration is as follow (The same in Postman):

- Authentication type: OAuth authentication

- Grant type: Client credentials

Any idea?

Kind regards ;)

Hi,

Without screenshots of your config (Edit connection wizard) it's hard to know where you are going wrong ...... but ...... if you are using OAuth authentication ..... you should set:

If you're lucky ;-)

Endpoints all empty!

Your choice.

Leave blank if using default schema (only shows up in Expert mode)

Next next next ..... to end.

The authentication endpoint url is usually different to the server url.

Hope it helps, B.

Hi Barry,

I would like to attach some screenshots of my configuration, but it seems that this option is not enabled in the forum... Related to this I found this thread -> link

Anyway, my configuration seems the same as yours, only in the field URI of service I used api/v1/scim.

The SAC tenant is hosted in AWS, I don't know if this could be a problem... But as I said from Postman I have managed to get the groups and users.

Kind regards.

Hi,

We have had configurations that work from Postman but not from OI .... so the two don't always match.

The only thing I can suggest now is that you enable trace logging on the SynchronizationEditor.exe to see if that shows anything and/or use Fiddler and/or WireShark to see what is happening at the network level.

Either that or it's a support case.

Cheers, B.

Hi Barry,

thank you very much, we will give it a try ;)

Kind regards.

Hi David,

did you ever get this working? We are struggling at the same issue. We only get a successful test connection, when we use the generated bearer token. This we get through postman. Same here, no issues connecting to SAC using postman. But also even after successfully test connection using the bearer token, we are unable to read data using the target system browser. The bearer token is also not really an option just a test to see if we can get the user and group data. Bearer token expires after a certain time. If you got this working, can you share it with us? Would be very much appreciated.

Best regards, Andy

Hi Andy,

sorry to disappoint you but I didn't get this working. Finally we decided to do the integration using the SAC API.

Kind regards,

David.

Hi David

Thanks for the information. We have also decided to integrate it through the SAP API and One Identity's Powershell Connector.

Best regards,

Andy

Hi David

Thanks for the information. We have also decided to integrate it through the SAP API and One Identity's Powershell Connector.

Best regards,

Andy