Product Documentation PUBLIC

SAP Cloud for Customer

Provisioning Your SAP HANA Cloud Portal for SAP Cloud for
Customer Partner Channel Management
Table Of Contents

1 Provisioning Your SAP HANA Cloud Portal for SAP Cloud for Customer Partner
Channel Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

SAP Cloud for Customer

Table Of Contents P U B L I C • © 2015 SAP SE or an SAP affiliate company. All rights reserved. 3
1 Provisioning Your SAP HANA Cloud Portal for
SAP Cloud for Customer Partner Channel
Management

If your solution includes integration with the SAP HANA Cloud Portal, then you can provision it to interact with Partner
Channel Management (PCM) in your SAP Cloud for Customer solution.
For information related to administration of the portal itself, refer to the SAP HANA Cloud Portal Documentation .

All technical documentation to set up, configure, integrate, secure, and operate your solution is published in
English only. To ensure that you are reading the latest technical content, download it from SAP Service
Marketplace .

Prerequisites
SAP Cloud Services has set up and configured the integration between your SAP Cloud for Customer system and
the SAP HANA Cloud Portal, a separately licensed solution.
For information on integrating your SAP Cloud for Customer system with SAP HANA Cloud Portal, contact your SAP
Cloud Services representative.

Tasks

Create Trust Between the Customer Account and SCI

For the logon scenario, proceed as follows to create trust between the customer account and SCI.
1. In the SAP HANA Cloud Platform Cockpit, open the customer account.
a. Navigate to the Trust settings.
b. Edit the Local Service Provider settings.
c. Change the Configuration Type to Custom.
d. Choose Generate Key Pair to display the signing key and certificate.
e. Change the Principle Propagation to Enabled.
f. Save your settings, then choose the Get Metadata link to download the metadata.
g. Open the Trusted Identity Provider tab, then choose Add Trusted Identity Provider.
h. Browse to locate the IDP metadata file, then upload it.

To find this file, navigate to https://[your SCI account name].[account

domain].ondemand.com/saml2/metadata.

i. On the General tab, change the User ID Source to attribute and the Source Value to mail.
j. On the Attributes tab, choose Add Assertion-Based Attribute, then add the following attribute mapping.

SAP Cloud for Customer

4 © 2015 SAP SE or an SAP affiliate company. All rights Provisioning Your SAP HANA Cloud Portal for SAP Cloud for Customer Partner
reserved. • P U B L I C Channel Management
 Assertion Attribute Principle Attribute

first_name firstname

last_name lastname

mail email

k. Save your entries, then exit the customer account settings.

2. Open the administrator page of your SCI IDP account, located at https://[your SCI account name].
[account domain].ondemand.com/admin.
a. Choose Applications.
b. Add a new application, specifying the customer's name as the application name.
c. Open the SAML 2.0 Configuration and upload the customer's account SP metadata, which you
downloaded in step 1f. of the current task.
d. Save your entries, then exit the applications settings.

Upon completing this procedure, you should be able to log on to the SAP HANA Cloud Portal space with the user ID
(that is, e-mail) that was assigned to it when the customer's account was provisioned.

If you cannot log on with this user ID, ensure that it has been added to the SCI account by visiting the SCI
administrator page and uploading the user and user details in a .csv file format.

Create Trust Between the Customer Account and the SCI API
For the SAP ID invitation flow scenario, proceed as follows to create trust between the customer account and the
SCI API.
1. Create a signed certificate by a KeyStore Tool or by CA.
2. Open a KeyStore Explorer application, then proceed as follows.
a. Choose Create a new KeyStore.
b. Specify the JKS type.
c. Choose Tools Import Key Pair .
d. Choose PKCS #12.
e. In the Decryption Password field, specify the certificate password, then choose the certificate file.
f. Choose an alias, or accept the default setting.
g. When you are prompted to choose a new password, enter the original certificate password.
h. Save the .jks file with the file name sapid.jks.
i. When you are prompted to choose a new password, enter, again, the original certificate password.
3. In the SAP HANA Cloud Platform Cockpit, open the customer account.
a. Choose Destinations.
b. Upload the sapid.jks file.
4. Open your SCI IDP account.
a. Choose Certificate for API Authentication.
b. Upload the public part of the P12 certificate that you created, which is determined as follows:
● Open Microsoft Internet Explorer®.
● Choose Internet Options Content Certificates Import .

SAP Cloud for Customer

Provisioning Your SAP HANA Cloud Portal for SAP Cloud for Customer Partner P U B L I C • © 2015 SAP SE or an SAP affiliate company. All
Channel Management rights reserved. 5
 ● Choose the P12 file.
● Enter the password that you specified when you created the certificate.

Accept the default checkbox selections.

● Place the certificate in the Personal store, then choose Finish.

● Find the certificate that you uploaded into the Personal store, then choose Export.
● Choose Next until you view the file format options.
● Select the Base-64 encoded X.509 (.cer) format.
● Enter a file name for the exported file, then choose Finish.
● Using Notepad, open the exported file and copy the entire text, including the header and footer.

Create Trust Between the Customer Account and SAP Cloud for Customer
For the SAP Cloud for Customer invitation flow scenario, proceed as follows to create trust between the customer
account and SAP Cloud for Customer.
1. Open the trust management settings of the SAP HANA Cloud Platform customer account.
a. Copy the entry in the Local Provider Name field.
b. Copy the entry in the Signing Certificate field, and save it in .cer format.
2. Within a separate browser window, log on to SAP Cloud for Customer in the Microsoft Silverlight® client with
administrator authorizations.
a. In the Administrator work center, under Common Tasks, choose Configure OAuth 2.0 Identity Provider.
● Choose New OAuth 2.0 Provider .
● In the Issuing Entity Name field, paste the entry that you copied in step 1a. of the current task.
● From the Primary Signing Certificate field, choose Browse to locate the file in .cer format that you
saved in step 1b. of the current task.
● Select the E-Mail Address checkbox.
● Choose Submit .
b. Choose Administrator OAuth 2.0 Client Registration .
● Choose New .
● Specify the client secret, client description, and token lifetime (in seconds).
● In the Issuer Name field, use the dropdown list to specify the identity provider that you created in
step 2a. of the current task.
● Choose Save and Close .

Upload Destinations to the Customer Account

1. In the SAP HANA Cloud Platform Cockpit, open the customer account.
2. Upload the following destinations, along with the associated parameters.
a. SAPID
This destination is used for the SAP ID invitation flow scenario, and consists of the following parameters.

Replace any text denoted in red with the information that pertains to your solution.

SAP Cloud for Customer

6 © 2015 SAP SE or an SAP affiliate company. All rights Provisioning Your SAP HANA Cloud Portal for SAP Cloud for Customer Partner
reserved. • P U B L I C Channel Management
 Name=sapid
Type=HTTP
URL=https://[your SCI account name].[account domain].ondemand.com
ProxyType=Internet
Cloud Connector Version=2
Authentication=ClientCertificateAuthentication
KeyStore Location=sapid.jks
KeyStore Password=[password specified when you created the certificate]
TrustAll=true

b. C4C
This destination is used for connecting to SAP Cloud for Customer during its invitation flow scenario,
and consists of the following parameters.

Replace any text denoted in red with the information that pertains to your solution.
Replace NNNNNN with the numbers that are associated with the URL of your SAP Cloud for
Customer tenant.

Name=C4C
Type=HTTP
URL=https://myNNNNNN.crm.ondemand.com
ProxyType=Internet
Cloud Connector Version=2
Authentication=OAuth2SAMLBearerAssertion
Audience=myNNNNNN.crm.ondemand.com
Client Key=[OAuth client ID from SAP Cloud for Customer]
Token Service URL=https://myNNNNNN.crm.ondemand.com/sap/bc/sec/oauth2/token?
sap-client=[client number]
Token Service User=[OAuth client ID from SAP Cloud for Customer]
Token Service Password=[password specified in Client Key field during SAML
client configuration]
authnContextClassRef=urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession
nameIdFormat=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
scope=UIWC:CC_HOME

c. C4C Public
This destination is used for connecting to SAP Cloud for Customer during an anonymous scenario on a
public site, and consists of the following parameters.

Replace any text denoted in red with the information that pertains to your solution.
Replace NNNNNN with the numbers that are associated with the URL of your SAP Cloud for
Customer tenant.

SAP Cloud for Customer

Provisioning Your SAP HANA Cloud Portal for SAP Cloud for Customer Partner P U B L I C • © 2015 SAP SE or an SAP affiliate company. All
Channel Management rights reserved. 7
 Type=HTTP
authnContextClassRef=urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession
Authentication=BasicAuthentication
Name=C4C__public
Cloud Connector Version=2
ProxyType=Internet
URL=https://myNNNNNN.crm.ondemand.com
nameIdFormat=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
User=[Administrator User ID]
Password=[Administrator Password]
scope=UIWC:CC_HOME

d. c4c_pcmpublic
This destination is used for connecting the PCM public site with the relevant PCM HTML5 application.

Replace any text denoted in red with the information that pertains to your solution.

Name=c4c_pcmpublic
Description=destination to public self-registration widget
URL=[URL of the customer account subscription to the pcmpublic Helium
application]
ProxyType=Internet
Type=HTTP
Cloud Connector Version=2
Authentication=NoAuthentication

SAP Cloud for Customer

8 © 2015 SAP SE or an SAP affiliate company. All rights Provisioning Your SAP HANA Cloud Portal for SAP Cloud for Customer Partner
reserved. • P U B L I C Channel Management
www.sap.com/contactsap

© 2015 SAP SE or an SAP affiliate company. All rights

reserved.
No part of this publication may be reproduced or
transmitted in any form or for any purpose without the
express permission of SAP SE or an SAP affiliate
company.
The information contained herein may be changed
without prior notice. Some software products
marketed by SAP SE and its distributors contain
proprietary software components of other software
vendors. National product specifications may vary.
These materials are provided by SAP SE or an SAP
affiliate company for informational purposes only,
without representation or warranty of any kind, and
SAP or its affiliated companies shall not be liable for
errors or omissions with respect to the materials. The
only warranties for SAP or SAP affiliate company
products and services are those that are set forth in
the express warranty statements accompanying such
products and services, if any. Nothing herein should be
construed as constituting an additional warranty.
SAP and other SAP products and services mentioned
herein as well as their respective logos are trademarks
or registered trademarks of SAP SE (or an SAP affiliate
company) in Germany and other countries. All other
product and service names mentioned are the
trademarks of their respective companies. Please see
http://www.sap.com/corporate-en/legal/copyright/
index.epx for additional trademark information and
notices.

icon courtesy of W3C, see http://

creativecommons.org/licenses/by/3.0/ .