SAP BTP Subaccount

A SAP BTP (Business Technology Platform) Subaccount managed object is created by the discovery phase of a SAP BTP Global Account, and will be linked to it.

During detection, the Subaccount will display the SAP BTP CF Applications tab, where the SAP BTP Cloud Foundry Application applications will be listed. The tab Cloud Services lists any cloud services that are discovered. Both the Cloud Foundry Applications and Cloud Services will be grouped by the Subaccount they are associated with.

Cloud Foundry Credentials

In order for Cloud Foundry to be detected, an account is needed with access to the Cloud Foundry APIs. This account must be an Org Member with the Org Manager role.

The recommended method for this is to use a user from your SAP Cloud Identity Service.

If you have added a Custom Identity Provider for Platform Users under Security > Trust Configuration in the BTP Cockpit, you can select users from origins.

The password is set in SAP Cloud Identity Services. Log in as the user and set it at https://<unique>.accounts.ondemand.com/ui/protected/profilemanagement.

If not already done, for information on adding your SAP Cloud Identity Services instance, see SAP Documentation - Establish Trust and Federation of Custom Identity Providers for Platform Users.

With that completed, you will need to provide the credentials in Avantra. To do this:

  1. In Avantra, open the SAP BTP Subaccount managed object.

  2. Click the Credentials tab.

  3. Enter a Name - the email address of the Org Member.

  4. Enter a Password.

  5. Enter the Origin associated with the Org Member.

    Origins left blank will use the default origin sap.ids

The following is not recommended for setting up Cloud Foundry Credentials. However, if no Cloud Identity Service is present, it is possible to use an SAP S-number user from the SAP Identity Service. This is one that may be used to log into the SAP BTP Cockpit or SAP for Me. It is not recommended to use an S-user for Cloud Foundry observability in Avantra, as SAP intend S-users to be single named humans and the credentials should not be shared. This method has been tested and known to work.

To use an S-user, their password must be set at https://accounts.sap.com/ui/protected/profilemanagement. This password must not be the same as any Universal ID password associated with the account. Store the username (email address) and password into the avantra.btp.cloudFoundry credential and leave the Origin field blank. If the SAP Identity Service is not the default origin, set the origin to sap.ids.