Before you start setting up and configuring SAP Cloud ALM, familiarize yourself with the following basic concepts.
When your SAP Cloud ALM tenant is provisioned, a global account and a subaccount are set up on SAP BTP. These accounts are set up exclusively for SAP Cloud ALM.
Therefore, don't use them for any other products, applications, or services.
A global account is the realization of a contract you made with SAP. It's region-independent and is used to manage subaccounts, members, entitlements, and quotas.
In the case of SAP Cloud ALM, your entitlement is based on the existence of other contracts or purchased solutions that are connected to your customer number. The entitlement also comes with other parameters, such as fair use rights for memory, which are provided free of charge. These unique factors require a separate "contract" to be established specifically for SAP Cloud ALM, which is separated from the other contracts that you pay for. To achieve this, we provide you with a separate global account for SAP Cloud ALM.
In subaccounts, you deploy applications, use services, and manage your subscriptions. Your SAP Cloud ALM subaccount contains your SAP Cloud ALM subscription and a subscription to the Cloud Integration Automation service.
Each subaccount is associated with a region, which corresponds to the data center where your SAP Cloud ALM tenant is operated.
For more information on account administration topics in the SAP BTP cockpit, see Account Model.
The region that you select when requesting SAP Cloud ALM corresponds to the physical location of the data center where your SAP Cloud ALM tenant will be operated.
For an overview of the data centers that are currently available and those that are planned in the future, see SAP Cloud ALM Data Centers on SAP Support Portal. The page Data Center Locations under SAP Security and Trust contains a full list of all live data centers, even ones that are no longer supported for new SAP Cloud ALM tenants (for example, the Netherlands | Amsterdam region).
It's currently not possible to move your SAP Cloud ALM tenant from the data center in which it was originally provisioned to a different data center. However, if you're willing to accept loss of data, you can dismantle and resubscribe SAP Cloud ALM in a different data center by following the steps described in KBA 3352417.
To give users access to SAP Cloud ALM, they need to be maintained in two places:
-
The identity provider that is connected to SAP Cloud ALM
-
The User Management app in SAP Cloud ALM
Only when users are maintained both in the identity provider and in SAP Cloud ALM, they can log on.
With identity providers, you can manage user identities for multiple applications in one central place.
In SAP Cloud ALM, the Identity Authentication service (IAS), which is one component of the SAP Cloud Identity Services, typically assumes the role of the identity provider. Business users sign in to SAP Cloud ALM with the mechanisms and credentials defined there.
If you don't have an Identity Authentication tenant when you request SAP Cloud ALM, a new one will be created for you. If you already have a productive Identity Authentication tenant from another SAP solution, we recommend reusing it for SAP Cloud ALM to simplify your identity management.
For more information about the Identity Authentication service, see What are Cloud Identity Services?. To learn more about how they're used in SAP Cloud ALM, see Step 1: Onboard Users in the Identity Authentication Service.
Roles in SAP Cloud ALM are delivered predefined and ready to use.
In general, each application role in SAP Cloud ALM represents a role collection in your SAP BTP subaccount. This means that most SAP Cloud ALM role collections correspond 1:1 to the respective role template and can be assigned to users without any further configuration.
Some SAP Cloud ALM areas also offer single role templates. Before you can use these role templates, you need to assign them to a role collection. For more information, see Role Templates.
Each application role contains all the necessary authorizations that are required for all tasks that belong to a certain business role, rather than being confined to a single task. For example, the role Health Monitoring Administrator also contains authorizations in apps other than Health Monitoring because someone in that role also needs to be able to configure events and set up notifications.
For a full list of all SAP Cloud ALM roles and their corresponding role collections, see Role Collections.
In SAP Cloud ALM, services are understood as subscribed cloud services, that is, solutions and applications that are offered on-demand from the servers of a cloud provider (SaaS).
Systems are defined as on-premise systems, that is, solutions and applications that are provided by SAP but installed and run on the premises of the company or organization using them, or in a private cloud solution.
To work with your services and systems in SAP Cloud ALM, they need to be set up in the Landscape Management app in SAP Cloud ALM. For more information, see Step 3: Set Up Landscape Management and Setup Managed Components.
However, you have full control over which data is transferred from your services and systems to SAP Cloud ALM. When you activate your SAP Cloud ALM tenant and register your systems and services in the Landscape Management app of SAP Cloud ALM, the collection of observability data is not started automatically. SAP Cloud ALM follows a central configuration approach: You need to explicitly configure the data collection processes.