Merge pull request #249335 from ArvindHarinder1/ArvindHarinder1-patch-1-9

Jill Grant · web-flow · commit 9164a3cc2f12 · 2023-08-25T17:39:14.000-06:00
Update on-premises-sap-connector-configure.md
diff --git a/articles/active-directory/app-provisioning/on-premises-sap-connector-configure.md b/articles/active-directory/app-provisioning/on-premises-sap-connector-configure.md
@@ -1,20 +1,20 @@
 ---
-title: Azure AD Provisioning to SAP ERP Central Component (SAP ECC) 7.0
-description: This document describes how to configure Azure AD to provision users into SAP ECC 7.
+title: Azure AD Provisioning into SAP ERP Central Component (SAP ECC, formerly SAP R/3) with NetWeaver AS ABAP 7.0 or later.
+description: This document describes how to configure Azure AD to provision users into SAP ERP Central Component (SAP ECC, formerly SAP R/3) with NetWeaver AS ABAP 7.0 or later.
 services: active-directory
 author: billmath
 manager: amycolannino
 ms.service: active-directory
 ms.subservice: app-provisioning
 ms.topic: how-to
 ms.workload: identity
-ms.date: 06/30/2023
+ms.date: 08/25/2023
 ms.author: billmath
 ms.reviewer: arvinh
 ---
 
-# Configuring Azure AD to provision users into SAP ECC 7.0
-The following documentation provides configuration and tutorial information demonstrating how to provision users from Azure AD into SAP ERP Central Component (SAP ECC) 7.0. If you are using other versions such as SAP R/3, you can still use the guides provided in the [download center](https://www.microsoft.com/download/details.aspx?id=51495) as a reference to build your own template and configure provisioning.   
+# Configuring Azure AD to provision users into SAP ECC with NetWeaver AS ABAP 7.0 or later
+The following documentation provides configuration and tutorial information demonstrating how to provision users from Azure AD into SAP ERP Central Component (SAP ECC, formerly SAP R/3) with NetWeaver 7.0 or later. If you are using other versions such as SAP R/3, you can still use the guides provided in the [download center](https://www.microsoft.com/download/details.aspx?id=51495) as a reference to build your own template and configure provisioning.   
 
 
 [!INCLUDE [app-provisioning-sap.md](../../../includes/app-provisioning-sap.md)]
diff --git a/includes/app-provisioning-sap.md b/includes/app-provisioning-sap.md
@@ -5,39 +5,39 @@ The following video provides an overview of on-premises provisioning.
 ## Capabilities supported
 
 > [!div class="checklist"]
-> - Create users in SAP ECC 7.0
-> - Remove users in SAP ECC 7.0 when they don't need access anymore.
-> - Keep user attributes synchronized between Azure AD and SAP ECC 7.0.
-> - Discover the schema for SAP ECC 7.0.
+> - Create users in SAP ECC. 
+> - Remove users in SAP ECC when they don't need access anymore.
+> - Keep user attributes synchronized between Azure AD and SAP ECC.
+> - Discover the schema for SAP ECC.
 
 ## Out of scope
 * Other object types including local activity groups, roles, and profiles are not supported. Please use the Microsoft Identity Manager if these objects are required. 
 * Password operations are not supported. Please use the Microsoft Identity Manager if password management is required.
 
-## Prerequisites for provisioning to SAP ECC 7.0
+## Prerequisites for provisioning to SAP ECC with NetWeaver AS ABAP 7.51
 
 ### On-premises prerequisites
 
 The computer that runs the provisioning agent should have:
 
-- Connectivity to SAP ECC 7.0 with outbound connectivity to login.microsoftonline.com, [other Microsoft Online Services](/microsoft-365/enterprise/urls-and-ip-address-ranges) and [Azure](../articles/azure-portal/azure-portal-safelist-urls.md) domains. An example is a Windows Server 2016 virtual machine hosted in Azure IaaS or behind a proxy. 
+- Connectivity to SAP ECC NetWeaver AS ABAP 7.51 with outbound connectivity to login.microsoftonline.com, [other Microsoft Online Services](/microsoft-365/enterprise/urls-and-ip-address-ranges) and [Azure](../articles/azure-portal/azure-portal-safelist-urls.md) domains. An example is a Windows Server 2016 virtual machine hosted in Azure IaaS or behind a proxy. 
 - At least 3 GB of RAM, to host a provisioning agent. 
 - .NET Framework 4.7.2 
 - A Windows Server 2016 or a later version. 
 
 Prior to configuring provisioning, ensure that you:
-- Expose the necessary APIs in SAP ECC 7.0 to create, update, and delete users. The [guide](https://www.microsoft.com/download/details.aspx?id=51495) `Deploying SAP NetWeaver AS ABAP 7.pdf` walks through how you can expose the necessary APIs.
+- Expose the necessary APIs in SAP ECC NetWeaver 7.51 to create, update, and delete users. The [guide](https://www.microsoft.com/download/details.aspx?id=51495) `Deploying SAP NetWeaver AS ABAP 7.pdf` walks through how you can expose the necessary APIs.
 - Create a web services connector template for the ECMA host. You can use the [guide](https://www.microsoft.com/download/details.aspx?id=51495) `Authoring SAP ECC 7 Template for ECMA2Host.pdf` as a reference to build your template. The download center provides a template `sapecc.wsconfig` as a reference. Before deploying in production, you will need to customize the template to meet the needs of your specific environment. Make sure that the ServiceName, EndpointName, and the OperationName are correct. 
 
-Configuration of the connection to SAP ECC 7.0 is done using a wizard. Depending on the options you select, some of the wizard screens might not be available and the information might be slightly different. Use the following information to guide you in your configuration.
+Configuration of the connection to SAP ECC is done using a wizard. Depending on the options you select, some of the wizard screens might not be available and the information might be slightly different. Use the following information to guide you in your configuration.
 
 ### Cloud requirements
 
  - An Azure AD tenant with Azure AD Premium P1 or Premium P2 (or EMS E3 or E5). 
  
     [!INCLUDE [active-directory-p1-license.md](active-directory-p1-license.md)]
  - The Hybrid Identity Administrator role for configuring the provisioning agent and the Application Administrator or Cloud Application Administrator roles for configuring provisioning in the Azure portal.
- - The Azure AD users to be provisioned to SAP ECC 7.0 must already be populated with any attributes that will be required by SAP ECC 7.0. 
+ - The Azure AD users to be provisioned to SAP ECC must already be populated with any attributes that will be required by SAP ECC. 
 
 ## 1. Install and configure the Azure AD Connect Provisioning Agent
 
@@ -85,11 +85,11 @@ If you have already downloaded the provisioning agent and configured it for anot
 
 ## 5. Configure the generic web services connector
 
-In this section, you will create the connector configuration for SAP ECC 7.0.
+In this section, you will create the connector configuration for SAP ECC.
 
-### 5.1 Connect the provisioning agent to SAP ECC 7.0
+### 5.1 Connect the provisioning agent to SAP ECC
 
-To connect the Azure AD provisioning agent with SAP ECC 7.0, follow these steps:
+To connect the Azure AD provisioning agent with SAP ECC, follow these steps:
 
 1. Copy your web service connector [template](https://www.microsoft.com/download/details.aspx?id=51495) sapecc.wsconfig into `C:\Program Files\Microsoft ECMA2Host\Service\ECMA` folder. 
 1. Generate a secret token that will be used for authenticating Azure AD to the connector. It should be 12 characters minimum and unique for each application.
@@ -153,7 +153,7 @@ To connect the Azure AD provisioning agent with SAP ECC 7.0, follow these steps:
 
 1. On the **Partitions** page, select **Next**.
 
-1. On the **Run Profiles** page, keep the **Export** checkbox selected. Select the **Full import** checkbox and select **Next**. The **Export** run profile will be used when the ECMA Connector host needs to send changes from Azure AD to SAP ECC 7, to insert, update and delete records.  The **Full Import** run profile will be used when the ECMA Connector host service starts, to read in the current content of SAP ECC 7.  
+1. On the **Run Profiles** page, keep the **Export** checkbox selected. Select the **Full import** checkbox and select **Next**. The **Export** run profile will be used when the ECMA Connector host needs to send changes from Azure AD to SAP ECC, to insert, update and delete records.  The **Full Import** run profile will be used when the ECMA Connector host service starts, to read in the current content of SAP ECC.  
 
     
     | Property | Value |
@@ -176,7 +176,7 @@ To connect the Azure AD provisioning agent with SAP ECC 7.0, follow these steps:
         | Autogenerated | Checked |
    
 
- 1. The ECMA connector host discovers the attributes supported by SAP ECC 7.0. You can then choose which of the discovered attributes you want to expose to Azure AD. These attributes can then be configured in the Azure portal for provisioning. On the **Select Attributes** page, add all the attributes in the dropdown list one at a time. The **Attribute** dropdown list shows any attribute that was discovered in SAP ECC 7.0 and *wasn't* chosen on the previous **Select Attributes** page. Once all the relevant attributes have been added, select **Next**.
+ 1. The ECMA connector host discovers the attributes supported by SAP ECC. You can then choose which of the discovered attributes you want to expose to Azure AD. These attributes can then be configured in the Azure portal for provisioning. On the **Select Attributes** page, add all the attributes in the dropdown list one at a time. The **Attribute** dropdown list shows any attribute that was discovered in SAP ECC and *wasn't* chosen on the previous **Select Attributes** page. Once all the relevant attributes have been added, select **Next**.
  
  
      [![Screenshot that shows the Select Attributes page.](.\media\app-provisioning-SAP\sap-select-attributes-1.png)](.\media\app-provisioning-SAP\sap-select-attributes-1.png#lightbox)
@@ -198,7 +198,7 @@ To connect the Azure AD provisioning agent with SAP ECC 7.0, follow these steps:
 
 
 
- 1. If you have recently started the service, and have many user objects in the SAP ECC 7.0, then wait several minutes for the connector to establish a connection with SAP ECC 7.0.
+ 1. If you have recently started the service, and have many user objects in the SAP ECC, then wait several minutes for the connector to establish a connection with SAP ECC.
 
 ## 7. Configure the application connection in the Azure portal
 
@@ -229,19 +229,19 @@ To connect the Azure AD provisioning agent with SAP ECC 7.0, follow these steps:
 
 ## 8. Configure attribute mappings
 
-Now you will map attributes between the representation of the user in Azure AD and the representation of the user in SAP ECC 7.0.
+Now you will map attributes between the representation of the user in Azure AD and the representation of the user in SAP ECC.
 
 You'll use the Azure portal to configure the mapping between the Azure AD user's attributes and the attributes that you previously selected in the ECMA Host configuration wizard.
 
- 1. Ensure that the Azure AD schema includes the attributes that are required by SAP ECC 7.0. If it requires users to have an attribute, and that attribute is not already part of your Azure AD schema for a user, then you will need to use the [directory extension feature](../articles/active-directory/app-provisioning/user-provisioning-sync-attributes-for-mapping.md) to add that attribute as an extension.
+ 1. Ensure that the Azure AD schema includes the attributes that are required by SAP ECC. If it requires users to have an attribute, and that attribute is not already part of your Azure AD schema for a user, then you will need to use the [directory extension feature](../articles/active-directory/app-provisioning/user-provisioning-sync-attributes-for-mapping.md) to add that attribute as an extension.
  1. In the Azure AD portal, under **Enterprise applications**, select the **On-premises ECMA app** application, and then the **Provisioning** page.
  1. Select **Edit provisioning**, and wait 10 seconds.
  1. Expand **Mappings** and select **Provision Azure Active Directory Users**. If this is the first time you've configured the attribute mappings for this application, there will be only one mapping present, for a placeholder.
 
 
      ![Screenshot that shows provisioning a user.](.\\media\app-provisioning-sql\configure-10.png)
 
- 5. To confirm that the schema of SAP ECC 7.0 is available in Azure AD, select the **Show advanced options** checkbox and select **Edit attribute list for ScimOnPremises**. Ensure that all the attributes selected in the configuration wizard are listed.  If not, then wait several minutes for the schema to refresh, and then reload the page.  Once you see the attributes listed, then cancel from this page to return to the mappings list.
+ 5. To confirm that the schema of SAP ECC is available in Azure AD, select the **Show advanced options** checkbox and select **Edit attribute list for ScimOnPremises**. Ensure that all the attributes selected in the configuration wizard are listed.  If not, then wait several minutes for the schema to refresh, and then reload the page.  Once you see the attributes listed, then cancel from this page to return to the mappings list.
  6. Now, click on the **userPrincipalName** PLACEHOLDER mapping.  This mapping is added by default when you first configure on-premises provisioning.  
  
 :::image type="content" source="./media/app-provisioning-sql/configure-11.png" alt-text="Screenshot of placeholder." lightbox="./media/app-provisioning-sql/configure-11.png":::
@@ -294,11 +294,11 @@ Now that you have the Azure AD ECMA Connector Host talking with Azure AD, and th
 >If you were signed in using a Hybrid Identity Administrator role, you need to sign-out and sign-in with an account that has the Application Administrator, Cloud Application Administrator or Global Administrator role, for this section.  The Hybrid Identity Administrator role does not have permissions to assign users to applications.
 
 
-If there are existing users in the SAP ECC 7.0, then you should create application role assignments for those existing users. To learn more about how to create application role assignments in bulk, see [governing an application's existing users in Azure AD](../articles/active-directory/governance/identity-governance-applications-existing-users.md).
+If there are existing users in the SAP ECC, then you should create application role assignments for those existing users. To learn more about how to create application role assignments in bulk, see [governing an application's existing users in Azure AD](../articles/active-directory/governance/identity-governance-applications-existing-users.md).
 
 Otherwise, if there are no current users of the application, then select a test user from Azure AD who will be provisioned to the application.
 
- 1. Ensure that the user you will select has all the properties that will be mapped to the required attributes of SAP ECC 7.0.
+ 1. Ensure that the user you will select has all the properties that will be mapped to the required attributes of SAP ECC.
  1. In the Azure portal, select **Enterprise applications**.
  2. Select the **On-premises ECMA app** application.
  3. On the left, under **Manage**, select **Users and groups**.
