SAP-docs
diff --git a/‎docs/Development/change-tenant-texts-rest-api-66ad80a.md‎
Lines changed: 47 additions & 57 deletions b/‎docs/Development/change-tenant-texts-rest-api-66ad80a.md‎
Lines changed: 47 additions & 57 deletions
diff --git a/‎docs/Development/single-logout-flows-0584b5f.md‎
Lines changed: 2 additions & 2 deletions b/‎docs/Development/single-logout-flows-0584b5f.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/Monitoring-and-Reporting/accessing-the-administration-console-6187940.md‎
Lines changed: 304 additions & 0 deletions b/‎docs/Monitoring-and-Reporting/accessing-the-administration-console-6187940.md‎
Lines changed: 304 additions & 0 deletions
@@ -13,8 +13,8 @@ The service supports SAML 2.0 and OIDC logout flows. No matter which protocol yo
 
 -   SAML applications: [Service Provider Initiated Logout with Corporate Identity Providers](../Operation-Guide/service-provider-initiated-logout-with-corporate-identity-providers-3841580.md#loio3841580082cb4af6a13289e98a0cce12)
 
--   OIDC applications: [Call Identity Authentication End Session Endpoint](../Operation-Guide/call-identity-authentication-end-session-endpoint-ec674f4.md)
+-   OIDC applications: [Single Logout](../Operation-Guide/single-logout-1eecf35.md)
 
--   Identity-provider-initiated: [Use IdP-Initiated Single Logout \(SLO\)](../Operation-Guide/use-idp-initiated-single-logout-slo-da2e4f9.md)
+-   Cloud Identity Services-initiated SLO: [Use IdP-Initiated Single Logout \(SLO\)](../Operation-Guide/use-idp-initiated-single-logout-slo-da2e4f9.md)
 
 
@@ -0,0 +1,304 @@
+<!-- loio61879409f6024c5cad78d5e36ce3657c -->
+
+# Accessing the Administration Console
+
+Problems with the signing in to the administration console for SAP Cloud Identity Services.
+
+You can reach the tenant administration console via the URL https://<tenant ID\>.accounts.ondemand.com/admin pattern.
+
+You must be an administrator user.
+
+The Sign In screen appears correctly
+
+![](images/Admin_Console_Sign_in_3c9ad87.png)
+
+but you face one of the following problems:
+
+
+
+<a name="loio61879409f6024c5cad78d5e36ce3657c__section_xrm_yhl_ndc"/>
+
+## I don't know who the tenant administrator is?
+
+**Symptom:**
+
+You don't know who is the tenant administrator?
+
+**Solution:**
+
+See KBA 3035908 - [https://launchpad.support.sap.com/\#/notes/3035908](https://launchpad.support.sap.com/#/notes/3035908)
+
+
+
+### Contact an existing administrator for the tenant.
+
+Cloud Identity Services does not use for authentication the users registered in the SAP Service Marketplace, but maintains an own user store for administrators and users.
+
+Once you purchase a customer or partner account in SAP BTP, a user account for Identity Authentication is created for the contact person specified in the Order Form. The contact person is the first **tenant administrator** in the administration console for Cloud Identity Services. He or she receives an activation e-mail for the administration console account. The subject of the e-mail is: **Activate Your Account for Administration Console**. The **first**administrator activates the account and continues to the administration console for Identity Authentication via the console's URL.
+
+The first administrator can add new tenant administrators.
+
+See also: **KBA 2774108**- [Identity Authentication Service tenant specific request only possible for customer owning the tenant](https://launchpad.support.sap.com/#/notes/2774108)
+
+**Useful Links**
+
+-   [Access Admin Console](../access-admin-console-2609e81.md)
+-   [Reset Password](../User-Guide/reset-password-c821f3f.md)
+-   [Activate Your Account](../activate-your-account-cc03ecc.md)
+-   [Access Admin Console](../access-admin-console-2609e81.md)
+-   [Manage Administrators](../manage-administrators-3bddea4.md)
+
+
+
+<a name="loio61879409f6024c5cad78d5e36ce3657c__section_m3j_43l_ndc"/>
+
+## I can't login to Administration Console of custom Cloud Identity Services tenant with S-user
+
+**Symptom:**
+
+Logging into the Administration Console of an Identity Authentication tenant with an S-user is unsuccessful.
+
+**Solution:**
+
+See KBA **2424064**- [Cannot login to Administration Console of custom Identity Authentication tenant with S-user](https://launchpad.support.sap.com/#/notes/2424064).
+
+
+
+<a name="loio61879409f6024c5cad78d5e36ce3657c__section_uxn_2ll_ndc"/>
+
+## Admin console is not accessible due to network problem
+
+**Symptom:**
+
+The administration console can't be accessed - the browser throws `ERR_EMPTY_RESPONSE`, or similar error message \(`ERR_TIMED_OUT`, `took too long to respond`, etc\).
+
+Timeout-related errors can also be seen on the browser.
+
+**Solution:**
+
+See KBA 2918278 - [IAS tenant is not accessible due to network problem](https://launchpad.support.sap.com/#/notes/2918278).
+
+This KBA provides some hints on how to investigate further.
+
+
+
+<a name="loio61879409f6024c5cad78d5e36ce3657c__section_q3m_tll_ndc"/>
+
+## Email activation problem
+
+As a tenant administrator you can reach the administrator console via the URL https://<tenant ID\>.accounts.ondemand.com/admin or https://<tenant ID\>.accounts.cloud.sap/admin pattern.
+
+`Tenant ID` is an automatically generated ID by the system. The URL is in the activation e-mail received by you.
+
+Check your inbox for an e-mail from **notification@sapnetworkmail.com**.
+
+**Useful Links**
+
+[Activate Your Account](../activate-your-account-cc03ecc.md)
+
+
+
+### I have activated my account but still face problems
+
+You see the following error after you’ve clicked the activation email link:
+
+![](images/Activate_Email_Error_bab562b.png)
+
+This message means that Cloud Identity Services is already activated.
+
+Use the "Forgot Password" functionality to gain access to your tenant. For more information, see [Reset Password](../User-Guide/reset-password-c821f3f.md).
+
+
+
+### I haven't activated my account or didn't receive any email
+
+**Open your inbox and search for an email from *notification@sapnetworkmail.com***. The email contains the URL to activate your account.
+
+-   **If the URL is expired**
+    -   The system sends you a new activation e-mail. Follow the procedure to activate your account.
+
+-   **If the link is invalid or already used, or you haven't received an e-mail**
+    -   Check your spam folder
+    -   Contact an existing administrator for the tenant to ask the following
+
+        -   Whether an activation email was sent \(or if only an initial password was set, since in this case no email is sent\).
+        -   To resend the activation e-mail \(*Admin Console* \> *User Management* \> *select the user* \> *Authentication* \> *Password Details* \> *Password Details* \> *Send Email*. See also [Send Reset Password Email](../Operation-Guide/send-reset-password-email-da55abf.md).
+
+
+
+See also: **KBA 2517844** - [How to get the activation e-mail of an Identity Authentication tenant](https://launchpad.support.sap.com/#/notes/2517844).
+
+
+
+<a name="loio61879409f6024c5cad78d5e36ce3657c__section_vkp_zpl_ndc"/>
+
+## Error "Sorry, we could not authenticate you. Try again."
+
+This is a general error, and it can be the symptom of many different situations. You try to sign in:
+
+
+
+### .. after an LDAP user store is configured.
+
+The user is locked when configuring LDAP user store on SAP BTP
+
+You have configured an LDAP scenario based on the [Configure SAP BTP When Connecting to an LDAP User Store documentation](https://help.sap.com/viewer/6d6d63354d1242d185ab4830fc04feb1/Cloud/en-US/461d71c148594608b9c8b6d016e0a0c5.html#loiof48d4ea4ec4747ac8425385ded5d1e25).
+
+However, when you attempt to log on, you see "Sorry, we could not authenticate you. Try again."
+
+There is an issue in the connection between the SAP Cloud Connector and the corporate user store due to an issue with the system user which is used to access the corporate user store.
+
+See KBA: [2680867](https://i7p.wdf.sap.corp/sap/support/notes/2680867)- Check if the system user is locked when configuring and LDAP user store on SAP BTP
+
+
+
+### … with S-user credentials
+
+You are trying, without success, to login to the admin console as an S-user.
+
+There are no S-users used in custom tenants. S-users can only log on to `accounts.sap.com`, which belongs to SAP.
+
+In a custom own tenant, you can sign in using your **email** address and password.
+
+See KBA, [2424064](https://i7p.wdf.sap.corp/sap/support/notes/2424064) - Cannot login to admin console of custom Identity Authentication tenant with S-user
+
+
+
+### Sign in fails after successful activation with error: "Sorry, we could not authenticate you. Try again."
+
+**Symptom:**
+
+The user login fails after the activation link is called and the password update was successful.
+
+The user receives the following message:
+
+***Sorry, we could not authenticate you. Try again.***
+
+In the [Troubleshooting log](https://launchpad.support.sap.com/#/notes/2942816), the following error is displayed:
+
+***Identity Provider could not process the authentication request received due to error on its own side. The SP user \[<user\_uuid\>\] is with status inactive for Service Provider \[<service\_provider\_url\>\] Caused by: javax.security.auth.login.AccountException: The SP user \[<user\_uuid\>\] is with status inactive for Service Provider \[<service\_provider\_url\>\] Caused by: The SP user \[<user\_uuid\>\] is with status inactive for Service Provider \[<service\_provider\_url\>\]***
+
+**Solution:**
+
+See KBA 2770797 - [The IAS tenant user login fails after successful activation: Sorry, we could not authenticate you. Try again.](https://launchpad.support.sap.com/#/notes/2770797)
+
+
+
+### You forgot your assword
+
+Use the "Forgot Password" functionality to gain access to your tenant. For more information, see [Reset Password](../User-Guide/reset-password-c821f3f.md).
+
+If you have an account as administrator in Cloud Identity Services, an email with a link to a page where you can reset your password will be sent. Note that the email might take a few minutes to reach your inbox. If you don't have an account as administrator, you won't receive an e-mail. In this case ontact an existing administrator for the tenant.
+
+See also KBA 2517844 - [How to get the activation e-mail of an Identity Authentication tenant](https://launchpad.support.sap.com/#/notes/2517844).
+
+
+
+### You are not an administrator
+
+Cloud Identity Services does not use for authentication the users registered in the SAP Service Marketplace, but maintains an own user store for administrators and users. Only administrators can access the admin console.
+
+Ask an existing administrator to add new tenant administrators. See [Manage Administrators](../manage-administrators-3bddea4.md) and [2570572](https://i7p.wdf.sap.corp/sap/support/notes/2570572) - How to add Administrators to Identity Authentication tenants
+
+
+
+### Error "Used logon identifier is not allowed"
+
+**Symptom**
+
+Logon to the Identity Authentication Administration Console is failing with error: **Sorry, we could not authenticate you. Try again.** Using the forgot password link allows you to reset the password and log in. However, logging off and trying to login again the same error is shown as previously. Only a password reset allows login again for just one user session.
+
+The [Troubleshooting log](https://launchpad.support.sap.com/#/notes/2942816) is showing the following error:
+
+**User authentication failed. Reason: Used logon identifier is not allowed; Identifier: \[ <logon\_identifier\> \]**
+
+**Solution:**
+
+See KBA 2895349 - [Cannot logon to Identity Authentication Administration Console with valid logon identifier and password](https://launchpad.support.sap.com/#/notes/2895349).
+
+
+
+<a name="loio61879409f6024c5cad78d5e36ce3657c__section_s31_fzl_ndc"/>
+
+## Access denied. Sorry... You entered a valid URL, but you are not authorized to view the content.
+
+Immediately after you've logged on to administration console of Cloud Identity Services, you see the message:
+
+"Access Denied
+
+Sorry... You entered a valid URL, but you are not authorized to view the content, contact your system administrator"
+
+![](images/Access_Denied_4962379.png)
+
+Ask an administrator to configure required authorization, as explained in the following KBA:
+
+[2579343](https://i7p.wdf.sap.corp/sap/support/notes/2579343) - Accessing /admin of custom Identity Authentication tenant ends with "you are not authorized to view the content"
+
+
+
+<a name="loio61879409f6024c5cad78d5e36ce3657c__section_mx1_dcm_ndc"/>
+
+## The identity provider could not process the authentication request received
+
+Cloud Identity Services using the Security Assertion Markup Language \(SAML\) 2.0 as identity provider \(IdP\) fails to process the authentication request.
+
+![](images/Error_Authentcation_Request_8ad43ab.png)
+
+Make sure the service provider's name is the same as configured in Cloud Identity Services, acting as IdP:
+
+[2260000](https://i7p.wdf.sap.corp/sap/support/notes/2260000) - Identity provider could not process the authentication request received.
+
+If this does not solve your problem, please open a ticket on BC-IAM-IDS component, and provide the following information:
+
+-   -   Your tenant ID from https://tenant ID\>.accounts.ondemand.com/admin
+-   Your email address
+-   The error message you see
+-   Attachments of screenshot that show the reproduced error, including the exact timestamp
+-   If you solved your issue, a description of the steps you took
+-   List of KBAs and SAP Notes, you have used to solve the issue
+-   Attachments of SAML traces as per KBA: [2461862](https://launchpad.support.sap.com/#/notes/2461862) - Collecting SAML traces with Chrome or Firefox
+
+
+
+
+<a name="loio61879409f6024c5cad78d5e36ce3657c__section_qhr_hgm_ndc"/>
+
+## Error "Access to this Identity Authentication tenant is blocked, please contact your administrator"
+
+**Symptom:**
+
+Accessing the SAP Cloud Platform Identity Authentication Service \(IAS\) tenant fails with the below error:
+
+***"HTTP Status 403 – Access to this Identity Authentication tenant is blocked, please contact your administrator."***
+
+**Solution:**
+
+See**KBA** - [https://launchpad.support.sap.com/\#/notes/2909142](https://launchpad.support.sap.com/#/notes/2909142)
+
+**Related Information**  
+
+
+[User Import](user-import-6a46913.md "Problems with the user import in the administration console for SAP Cloud Identity Services.")
+
+[Emails](emails-7bde0d5.md "Problems with emails sent for the different application processes.")
+
+[Authentication](authentication-84f28fb.md "Problems with the authentication of the end user and administrator.")
+
+[Application Integration](application-integration-8acf508.md "Problems that different applications integrated with Cloud Identity Services might face.")
+
+[Request, Create and Delete Identity Authentication Tenant](request-create-and-delete-identity-authentication-tenant-b442658.md "Problems related to requesting, creating or deleting a tenant.")
+
+[End user screens](end-user-screens-a3864b5.md "Problems that you might face when working with the end user screen.")
+
+[APIs](apis-29ffc6b.md "Problems that you might face when using the REST APIs of Cloud Identity Services.")
+
+[Corporate Identity Providers](corporate-identity-providers-16ab7db.md "")
+
+[Corporate User Store](corporate-user-store-3ade241.md "")
+
+[Kerberos Authentication](kerberos-authentication-4bb4b24.md "")
+
+[Risk-Based Authentication](risk-based-authentication-bc7de4d.md "")
+
+[Custom Domains](custom-domains-7cb2ea5.md "")
+