Skip to Content

Connect SAP Business Application Studio (SAP BAS) and SAP S/4HANA Cloud ABAP Environment

Beginner
25 min.
SAP S/4HANA Cloud, ABAP environment, ABAP Extensibility, Beginner, Tutorial, ABAP Development
Connect SAP Business Application Studio and SAP S/4HANA Cloud, ABAP Environment system using SAML assertion authentication to develop custom UIs.
You will learn
  • How to assign role collections
  • How to configure destinations
  • How to create communication systems
mervey45Merve TemelNovember 4, 2025
Created by
mervey45
March 4, 2024
Contributors
mervey45
julieplummer20

Prerequisites

  • You have a license for SAP S/4HANA Cloud and have a developer user in it
  • Trial: You need an SAP BTP trial user
  • Business Catalog SAP_CORE_BC_COM must be assigned to business user

Hint: The administrator receives an welcome e-mail after provisioning. This e-mail includes the system URL. By removing /ui you can log into the SAP S/4HANA Cloud ABAP Environment system. Further information can be found here.

Connect SAP Business Application Studio and SAP S/4HANA Cloud, ABAP Environment system using SAML assertion authentication to develop custom UIs.

Prerequisites

  • You have a license for SAP S/4HANA Cloud and have a developer user in it
  • Trial: You need an SAP BTP trial user
  • Business Catalog SAP_CORE_BC_COM must be assigned to business user

You will learn

  • How to assign role collections
  • How to configure destinations
  • How to create communication systems

Intro

Hint: The administrator receives an welcome e-mail after provisioning. This e-mail includes the system URL. By removing /ui you can log into the SAP S/4HANA Cloud ABAP Environment system. Further information can be found here.

  1. Select your subaccount trial.

    assign role collection

  2. In the navigation pane expand the Connectivity section and select Destinations. Click New Destination.

    assign role collection

    Configure the new destination with the following standard field values.

Field Name Value
Name System_###_SAML_ASSERTION
Type HTTP
Description SAML Assertion Destination to SAP S/4HANA ABAP Environment system_###
URL In the SAP S/4HANA Cloud tenant, navigate to the Communication Systems app and copy the Host Name from Own System = Yes
Own System Host Name in Communication Systems App
and paste it with prefix https:// for example https://my12345-api.s4hana.ondemand.com.
Proxy Type Internet
Authentication SAMLAssertion
Audience Enter the URL of your system and remove -api, for example https://my12345.s4hana.ondemand.com.
AuthnContextClassRef urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession 
Select **New Property** and maintain the following **Additional Properties** and values.
Field Name Value Remark
HTML5.DynamicDestination true  
HTML5.Timeout 60000 value stated in milliseconds. 60000 equals 1 minute. Required as deployment needs longer than the standard of 30 seconds.
WebIDEEnabled true  
WebIDEUsage odata_abap,dev_abap  
nameIDFormat urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress Required in case your subaccount sends mail address as SAML Name ID for authentication ( Subject Name Identifier in Identity Authentication tenant ), although SAP S/4HANA Cloud tenant expects user login by default. That is the case with a trial Account. This also requires the mail address to be maintained for SAP S/4HANA Cloud tenant business users.
Make sure that the **Use default JDK truststore** checkbox is ticked.

  ![Configure Destination](new.png)

Click **Save**.
  1. Click Download Trust.

    assign role collection

  • Step 1

    1. Open SAP Fiori launchpad and select Communication Systems under Communication Management.

      dev

    2. Click New.

      dev

    3. Create a new communication system:

      • System ID: BAS_TRIAL_###
      • System Name: BAS_TRIAL_###

      Click Create.

      dev

    4. Click the arrow and select Technical Data.

      dev

    5. Check Inbound Only in the general section. Set SAML Bearer Assertion Provider ON and click Upload Signing Certificate.

      dev

    6. Click Browse and select your trust configuration, then click Upload.

      dev

    7. Copy everything after CN= of your signing certificate subject and past it in SAML Bearer Issuer. Click Save.

      dev

      Now your communication system is set up.

  • Step 2

    1. Login to SAP BTP Trial cockpit and click Enter Your Trial Account.

      assign role collection

    2. Select your subaccount trial.

      assign role collection

    3. Now you are in the trial overview page. Click Users and >.

      assign role collection

    4. Select the menu and click Assign Role Collection.

      assign role collection

      Hint: If you are using a licensed system, make sure you have the trust administrator role assigned to your user.

    5. Select Business_Application_Studio_Developer and click Assign Role Collection.

      assign role collection

    6. Check your result. Now your user should have the Business_Application_Studio_Developer role collection assigned.

      assign role collection
  • Step 3
Back to Top
Back to top