logo

Are you need IT Support Engineer? Free Consultant

User Provisioning for SAP Fieldglass

  • By sujay
  • 20/05/2026
  • 19 Views

User Provisioning from SAP Cloud Identity Services (CIS) to SAP Fieldglass using Identity Provisioning Services (IPS)

 

Introduction

SAP Cloud Identity Services (CIS) is SAP's identity management platform comprising four key components:

  1. Identity Authentication Service (IAS) – Handles user authentication, identity storage, and user management.
  2. Identity Provisioning Service (IPS) – Automates user provisioning and synchronization across connected systems.
  3. Identity Directory – Acts as the central user directory for storing and managing identities and groups.
  4. Authorization and Trust Management Service – Manages application authorizations, role collections, and trust configurations across SAP solutions.

For this scenario, we will primarily focus on:

  • IAS for user creation and management
  • IPS for provisioning users into SAP Fieldglass

SAP Fieldglass is SAP's cloud-based Vendor Management System (VMS) used to manage external workforce, contractors, and services procurement.

Note: SAP Fieldglass comes with a preconfigured source and target systems. You can use them as-is and run provisioning jobs.

Problem Statement –

Organizations managing users centrally in SAP Cloud Identity Services (CIS/IAS) often face provisioning failures while provisioning users to SAP Fieldglass due to missing mandatory fields, incorrect Business Unit mappings, and IPS transformation issues.

Proposed Solution –

This blog provides a step-by-step guide for provisioning users from SAP Cloud Identity Services (CIS/IAS) to SAP Fieldglass using SAP Identity Provisioning Service (IPS). It covers system configuration, attribute and Business Unit mapping validation, provisioning job execution, and troubleshooting common provisioning issues to ensure successful user synchronization.

Note: In this blog, CIS (Cloud Identity Services) and IAS (Identity Authentication Service) may be used interchangeably, as IAS is rebranded as SAP CIS (Cloud Identity Services).

In many SAP landscapes, users are created and managed centrally in CIS and then provisioned to downstream systems such as SAP Fieldglass. This blog walks through the end-to-end process of provisioning users from CIS to SAP Fieldglass using Identity Provisioning Service (IPS).

Provisioning Architecture

The user provisioning flow in this scenario is:

CIS (Source System) → IPS (Provisioning Service) → SAP Fieldglass (Target System)

Flow Overview:

  • Users are created in CIS/IAS
  • IPS reads users from CIS/IAS
  • IPS applies transformations and attribute mappings
  • Users are provisioned into SAP Fieldglass

This setup enables centralized identity management across the SAP landscape.

Step 1: Understand the Mandatory Field Requirement

Before creating users or running provisioning jobs, it is important to understand one of the most common causes of provisioning failures in SAP Fieldglass.

The following fields are mandatory for successful user provisioning:

  1. First Name
  2. Login Name
  3. Primary Business Unit

NOTE: If these fields are not populated correctly, user provisioning to Fieldglass will fail.

In many implementations, the Primary Business Unit is mapped from another CIS attribute through IPS transformations.

For example, in below case:

CIS – ‘Division’ → Fieldglass Primary Business Unit

This means the CIS Division field will act as the Primary Business Unit during provisioning.

Step 2: Verify the Primary Business Unit Mapping

To identify which CIS field is mapped to the Primary Business Unit in Fieldglass, navigate to:

Identity Provisioning → Target System → Transformations

Review the transformation mappings and check which fields are marked as mandatory or non-optional.

In this example: CIS – ‘Division’ is mapped to the Fieldglass Primary Business Unit

This step is extremely important while troubleshooting provisioning failures.

Step 3: Verify Valid Business Unit Codes in Fieldglass

The Primary Business Unit value used during provisioning must already exist in SAP Fieldglass. The Business Unit Code from Fieldglass is the exact value that must be populated in the CIS/IAS field mapped to the Primary Business Unit.

To verify the available Business Unit codes:

  1. Log in to the SAP Fieldglass landscape with admin access
  2. Open the Admin Console (bottom-left tab)
  3. Navigate to: Company Structure → Business Unit
  4. Refer to the Code column

The values under the Code column represent the valid Business Unit codes configured in Fieldglass.

Example: FINANCE

Navendu_Dubey_10-1779276176578.Png

Below image shows the ‘Code’ column:

Navendu_Dubey_11-1779276261197.Png

The value entered in the CIS/IAS – ‘Division’ field must exactly match one of these codes:

Example – CIS/IAS Division = FINANCE

IMPORTANT: The value is case-sensitive and must match exactly with the Business Unit code configured in Fieldglass.

Step 4: Create the User in CIS/IAS=

Navigate to your SAP Cloud Identity Services tenant:

User & Authorizations → User Management → Add 

Navendu_Dubey_12-1779276344533.Png

Below you can find the mandatory fields highlighted.

Navendu_Dubey_13-1779276382773.Png

While creating the user, fill in as many fields as possible. Most importantly ensure:

  • First Name is populated
  • Login Name is populated
  • The mapped Business Unit field is populated with the exact Fieldglass Business Unit code

In this example:

Division = FINANCE

IMPORTANT: The value must match exactly with the Business Unit code configured in Fieldglass.

Step 5: Run the Identity Provisioning Job

Navigate to:

Identity Provisioning → Source System → Jobs

You may see multiple provisioning job options depending on your IPS configuration and system type:

Job Type

Description

Read Job

Processes only newly changed or updated records from the source system

Resync Job               

Processes all record again to fully synchronize the target system with the source

Simulate Job             

Simulates the provisioning process without writing data to the target system

Validate Job

Used for testing attribute mappings, filters, and custom logic.

 

Navendu_Dubey_14-1779276482073.Png

When to Use Each Job:

  • Use a Read Job for incremental updates or newly added users
  • Use a Resync Job during initial migrations, mapping corrections, or troubleshooting scenarios
  • Use a Simulate Job to validate mappings and transformations before actual provisioning
  • Use a Validate Job to verify attribute mappings, filters, and transformation logic before running actual provisioning or synchronization jobs

For this migration scenario, provisioning is typically performed using either a ‘Read Job’ or a ‘Resync Job’ depending on the requirement. Select Run Job.

Step 6: Verify Provisioning Logs

Once the provisioning job is completed, navigate to:

Identity Provisioning → Provisioning Logs

Here you can verify:

  • Successful user transfers
  • Failed provisioning attempts
  • Missing mandatory attributes
  • Mapping issues
  • Synchronization errors
Navendu_Dubey_15-1779276539149.Png

Provisioning Logs are the primary troubleshooting area for IPS migrations.

Step 7: Verify Users in SAP Fieldglass

As a final validation step, log in to SAP Fieldglass with admin access and navigate to:

Admin Console → User → Under ‘User List’ you can see all the users.

You should now be able to see all successfully provisioned users listed.

Navendu_Dubey_16-1779276567983.Png

 

Navendu_Dubey_17-1779276627646.Png

 

This confirms that the provisioning process has completed successfully.

Common Issues and Troubleshooting

 

1. Missing First Name or Login Name

Issue: Provisioning fails because the First Name or Login Name field is empty.

Resolution: Populate both fields in CIS/IAS before running the provisioning job.

 

2. Invalid Business Unit

Issue: The Business Unit value provided in CIS/IAS does not exist in Fieldglass.

Resolution: Verify valid Business Unit codes under:

Admin Console → Company Structure → Business Unit

Use the exact value from the Code column.

 

3. Incorrect Attribute Mapping

Issue: The wrong CIS/IAS attribute is mapped to the Fieldglass Primary Business Unit.

Resolution: Review the IPS transformation mappings under:

Target System → Transformations

 

4. Provisioning Job Completes Successfully but User Is Not Visible

Possible Causes: Missing mandatory fields, invalid Business Unit code, incorrect transformation mapping, or IPS filtering configuration issues.

Resolution: Review the Provisioning Logs carefully and validate all mandatory attributes and mappings.

Key Takeaways

  • Always populate First Name, Login Name, and Primary Business Unit before provisioning users
  • Verify which CIS attribute maps to the Fieldglass Primary Business Unit
  • Use valid Business Unit codes from the Fieldglass Admin Console
  • Review IPS transformation mappings carefully
  • Monitor Provisioning Logs after every job execution

Conclusion

Provisioning users from SAP Cloud Identity Services (CIS/IAS) to SAP Fieldglass using Identity Provisioning Service (IPS) is a straightforward process when the mandatory field requirements and transformation mappings are configured correctly.

By validating Business Unit mappings, maintaining correct attribute values, and monitoring IPS provisioning logs, organizations can seamlessly synchronize users into SAP Fieldglass and streamline identity management across their SAP landscape.

Screenshot Disclaimer

Screenshots may vary depending on SAP version, configuration, roles, and UI updates; use the navigation paths and concepts.as the primary reference.

 

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

SAP DIGITALIZATION NEWS
Partner learning accelerator: SAP certified – Secu…
SAP DIGITALIZATION NEWS
Exploring the App “Origin of Goods” in SAP GTS
SAP DIGITALIZATION NEWS
From Form to Tile: Add an SAP BPA start form in SA…
SAP DIGITALIZATION NEWS
Troubleshooting the NACE/NAST Output Determination…