![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 5%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBB%3C/text%3E%3C/svg%3E)
Community Center | Not monitored
Tag not monitored by Microsoft.
Access to SAP work orders can be enabled by integrating SAP with Microsoft Entra ID and, if needed, Microsoft Entra Private Access, depending on how SAP is deployed.
Key options:
- Enable single sign-on (SSO) to SAP
- Configure Microsoft Entra ID as the identity provider for SAP so that users sign in with their Entra credentials and then access SAP applications (for example, SAP Fiori or SAP GUI-based front ends) to work on work orders.
- For SAP NetWeaver-based systems, SSO can be set up using SAML or OAuth as described in the SAP NetWeaver integration guidance.
- For SAP SaaS and modern apps, configure Microsoft Entra ID as the corporate identity provider via SAP Cloud Identity Services so that SAP applications trust Microsoft Entra for authentication.
- Provide access to SAP applications via SAP Cloud Identity Services
- Provision users and groups from Microsoft Entra ID into SAP Cloud Identity Services using the SAP Cloud Identity Services enterprise application.
- From SAP Cloud Identity Services, provision accounts into the downstream SAP applications (for example, SAP S/4HANA or other SAP apps where work orders are managed) so that users can log in and perform their work.
- Provide access to on-premises SAP systems
- For on-premises SAP ECC or S/4HANA systems, provision users from Microsoft Entra ID either:
- Via SAP Cloud Identity Services to SAP S/4HANA On-Premise through the SAP cloud connector, or
- Via the Microsoft Entra provisioning service and on-premises web services connector to SAP ECC/R/3, exposing the required BAPIs for user creation and updates.
- Once provisioned and SSO is configured, users can access the on-premises SAP system (potentially via Microsoft Entra Private Access if remote/private network access is required) to execute work orders.
- Control and secure access
- Use Microsoft Entra ID to manage who is assigned to SAP applications and roles (for example, via groups and entitlement management), ensuring only authorized users can access work-order-related functionality.
- Optionally integrate Microsoft Entra entitlement management with SAP Cloud Identity Access Governance (IAG) so SAP business roles (including work-order roles) can be granted through Microsoft Entra access packages.
To gain access, contact the Microsoft Entra or SAP administrator in the organization and request assignment to the relevant SAP application and role. They will:
- Ensure the user account is provisioned from Microsoft Entra ID into the appropriate SAP system via SAP Cloud Identity Services or the on-premises connector.
- Configure or confirm SSO from Microsoft Entra ID to the SAP application.
- Grant the SAP role(s) that allow work-order creation and processing.
References: