zhongwei/gh-secondsky-sap-skills-skills-sap-btp-cias
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
gh-secondsky-sap-skills-ski…/SKILL.md
Zhongwei Li d5f8dc087c Initial commit
2025-11-30 08:54:54 +08:00

11 KiB
Raw Permalink Blame History

name: sap-btp-cias description: | SAP BTP Cloud Integration Automation Service (CIAS) skill for guided integration workflows. Use when: setting up CIAS subscriptions, configuring destinations, assigning roles (CIASIntegrationAdministrator, CIASIntegrationExpert, CIASIntegrationMonitor), planning integration scenarios, working with My Inbox tasks, monitoring scenario execution, troubleshooting CIAS errors, creating OAuth2 instances, configuring identity providers for CIAS, understanding CIAS security architecture, or integrating SAP products (S/4HANA, SuccessFactors, BTP services, SAP Build, IBP). license: GPL-3.0 metadata: version: "1.0.1" last_verified: "2025-11-27" sap_product: "Cloud Integration Automation Service" source_docs: "https://github.com/SAP-docs/btp-cloud-integration-automation-service"

SAP BTP Cloud Integration Automation Service (CIAS)

Cloud Integration Automation Service provides guided workflows to integrate SAP cloud solutions with on-premise and other SAP cloud solutions. It offers both manual task instructions and automated configuration capabilities.

Quick Reference

Service Plans

Plan Type Purpose
Standard Application UI access for scenario planning, task monitoring, integration management
OAuth2 Service API access for programmatic operations (required for ABAP automation)

Role Collections

Role Collection Capabilities
Integration Administrator CIASIntegrationAdministrator Full access: Plan for Integration, My Inbox, Monitoring; terminate scenarios
Integration Expert CIASIntegrationExpert My Inbox access; work on assigned tasks
Integration Monitor CIASIntegrationMonitor Read-only access to Scenario Execution Monitoring

Supported Regions

AWS: EU10 (Frankfurt), EU11 (Frankfurt EU Access), US10 (Virginia), AP10 (Sydney), JP10 (Tokyo), CA10 (Montreal) Azure: EU20 (Netherlands), CN20 (China North 3) Alibaba: CN40 (Shanghai)

Core Workflows

1. Subscribe to CIAS (Standard Plan)

  1. Navigate to SAP BTP Cockpit → Global Account → Subaccount
  2. Go to ServicesService Marketplace
  3. Filter by "Cloud Integration Automation Service"
  4. Click tile → Create → Select Standard plan
  5. Confirm creation
  6. Access via Instances and Subscriptions → "Go to Application" icon

2. Assign Roles to Users

  1. Navigate to SecurityRole Collections in subaccount
  2. Select role collection (e.g., CIASIntegrationAdministrator)
  3. Click EditUsers tab
  4. Add users by email ID or login user ID
  5. Save changes

Multiple users can be assigned per role using comma-separated user IDs.

3. Plan Integration Scenario

  1. Access CIAS application from Instances and Subscriptions
  2. Open Plan for Integration tile
  3. Browse available solutions in Solutions tab
  4. Select scenario and scenario option
  5. Choose systems for integration (by customer number)
  6. Specify:
    • Target subaccount for workflow
    • SAP BTP Workflow Users (must have subaccount access)
    • Transaction name for monitoring
  7. Confirm workflow generation
  8. Access tasks in My Inbox tile

4. Work with Tasks (My Inbox)

  1. Open My Inbox tile (requires Administrator or Expert role)
  2. Click Claim to lock task for your user
  3. Follow instructions in Task Instructions tab
  4. For automation tasks: Configure parameters → Click Execute Step
  5. Click Task Completed when done
  6. Click Refresh to display next task
  7. Repeat until viewing Execution Summary

5. Create Destination for Automation

  1. In My Inbox → Confirm System Components task
  2. Click Create Destination link
  3. Configure:
    • Name: Valid identifier
    • Description: Purpose description
    • URL: Target system host URL
    • Authentication: Method + credentials
    • Type: HTTP (default)
  4. Save configuration

Always use HTTPS for secure communication.

6. Monitor Scenario Execution

  1. Open Scenario Execution Monitoring tile (requires Administrator or Monitor role)
  2. Filter workflows by status: Running, Completed, Canceled
  3. View tabs: Task Details, Targets, Roles and Users, Scope, Support Information
  4. Use Terminate Execution to remove scenarios permanently
  5. Access Logs tab for automation execution details

Service Limitations

  • Maximum 15 active workflows per subaccount
  • No self-service data deletion (submit ticket to component BC-INS-CIT-RT)
  • Logs retained for 90 days
  • OAuth2 certificate maximum validity: 1 year
  • Execution scope cannot be changed after confirmation
  • Destination cannot be changed if already used in automation task
  • Supported browsers: Google Chrome, Microsoft Edge (Chromium), Mozilla Firefox, Apple Safari (macOS)

Security Architecture

CIAS comprises six core components:

  1. Runtime: Backbone framework rendering integration tasks
  2. Planning: UI for planning integration scenarios
  3. Inbox: UI for end-user task access
  4. Monitoring: UI for scenario implementation monitoring
  5. Managed System: System configured during integration
  6. Automation Runtime: Calls configuration APIs of managed systems

Security features:

  • Role-based access via SAP BTP authorization framework
  • XSRF protection for backend connectivity calls
  • Identity provider integration (SAML assertion Name ID attribute supported)
  • Credentials stored in Credential Store service (inaccessible to external parties)

Common Error Patterns

Empty Destination Dropdown

Symptom: Destination dropdown shows no options during task execution.

Cause: No destinations exist matching the tenant's Host Base URL.

Solution:

  1. Create destination manually following Destination Creation steps
  2. Ensure destination URL matches tenant Host Base URL exactly
  3. Refresh the dropdown after creation

Workflow Conflict Lock

Symptom: Cannot proceed with task; execution lock activated.

Cause: Multiple integration workflows exist with identical system components.

Solutions:

  • Proceed: Continue without resolving (manual resolution later)
  • Terminate: End selected conflicting instances
  • Terminate Current Instance: Stop active workflow only
  • Cancel: Halt operation entirely

Application Access Denied After IdP Change

Symptom: Users cannot access CIAS application after identity provider change.

Cause: Users not managed by newly configured identity provider.

Solution:

  1. Add users to new identity provider
  2. Reassign role collections in subaccount Security settings
  3. Verify user IDs exist in configured IdP

Task Marked as Reserved

Symptom: Cannot claim task; shows "Reserved" status.

Cause: Another assigned user has already claimed the task.

Solution: Coordinate with team; only one user can work on claimed task at a time.

Support Channels

Issue Type Component Action
General CIAS support BC-INS-CIT-RT Create support ticket
Manual task instructions Check Support Information tab Submit incident to listed component
Data deletion request BC-INS-CIT-RT Include email ID and subaccount name
Service availability Consumer account Check Service Availability feature

OAuth2 API Access

For programmatic access (required for ABAP automation):

  1. Navigate to subaccount → ServicesService Marketplace
  2. Select Cloud Integration Automation Service → Create
  3. Choose OAuth2 plan
  4. Select runtime: "Other" or "Cloud Foundry"
  5. Provide instance name → Create

Create Service Key (for API calls)

With mTLS (Certificate):

{
  "xsuaa": {
    "credential-type": "x509",
    "x509": {
      "key-length": 2048,
      "validity": 365,
      "validity-type": "DAYS"
    }
  }
}

Without Certificate: Create with name only.

Use generated client ID and client secret to create OAuth JWT token for API authentication.

Data Protection

  • Email IDs and subaccount names stored in service database
  • System/tenant selection data preserved for workflow execution
  • Logs do not store user-related personal data
  • Audit logs follow SAP BTP Audit Log retention policy
  • Sensitive data stored in Credential Store service

Glossary

Term Definition
Personal Data Any information relating to identified/identifiable natural person
Sensitive Personal Data Racial/ethnic origin, political opinions, religious beliefs, genetic/biometric data
Residence Period Time between business end and end-of-purpose when data remains accessible
Retention Period Time from last business activity through data deletion
Blocking Restricting access to data whose primary business purpose has ended

Task UI Controls Quick Reference

Automation Task Controls

Control Function
Refresh Update automation statuses
Expand All Show all parameter panels
Collapse All Hide all parameter panels
Show/Hide Read-Only Parameters Toggle read-only visibility
Save Parameters Preserve current values
Logs View execution records
Information Parameter descriptions
Execute Step Run automation (async)

Error Recovery

After automation failure:

  • Only Failed Automations - Retry failed steps only
  • All Automations - Retry entire sequence

Bundled Resources

Reference Files

  1. references/setup-guide.md - Complete subscription, OAuth2, and destination configuration procedures
  2. references/security-guide.md - Security architecture, identity provider configuration, and role management
  3. references/integration-scenarios.md - Full list of 100+ supported integration scenarios with codes (1M1, 22K, 4A1, etc.)
  4. references/troubleshooting.md - Detailed error resolution procedures and common issues
  5. references/maintenance-planner.md - Maintenance Planner integration guide and workflow invocation
  6. references/task-ui-guide.md - Complete task UI controls, tabs, behaviors, and automation steps
  7. references/whats-new.md - Complete release notes from 2021-2025 with feature updates

Template Files

  1. templates/destination-config.md - Destination configuration templates by target system type
  2. templates/role-assignment.md - Role assignment procedures and checklists for different scenarios

Documentation Sources

Primary:

Related:

Reference in New Issue View Git Blame Copy Permalink