# Step 2: Configuring your SAP system > To establish a communication between UiPath Test Manager and your SAP system, configure the SAP system by creating a communication user and activating the required services. To establish a communication between UiPath Test Manager and your SAP system, configure the SAP system by creating a communication user and activating the required services. ## For web service Basic authentication and RFC 1. Create a communication user in your SAP system for the integration with UiPath Test Manager. Assign the necessary roles and authorizations based on your organization's internal policies. * The integration uses standard interfaces via RFC or Web service (HTTPS). * UiPath does not require specific authorizations, except for RFC connections. :::note If you use an RFC connection, assign the `S_RFCACL` authorization object to the communication user. ::: 2. If you plan to use a Web service (HTTPS) connection for the integration, activate the necessary SAP services required to establish the connection with UiPath. :::note These services are used for read-only operations. UiPath uses only `HTTP GET` methods to retrieve information from the SAP system. ::: The following lists presents the necessary SAP services to activate for using the Heatmap and Change Impact Analysis: * **Heatmap services**: + `/sap/opu/odata/UIPATH/HEATMAP_AGGREGATES_SRV/AllAggregatesSet` + `/sap/opu/odata/UIPATH/TRANSPORT_INFO_SRV/TransportsStatusSet` + `/sap/opu/odata/UIPATH/TRANSPORT_LOOKBACK_SRV/TransportLookbackSet` + `/sap/opu/odata/UIPATH/S4_CHECK_SRV/S4Info` + `/sap/opu/odata/UIPATH/HEATMAP_OVERVIEW_SRV/FinalHeatmapSet` * **Change Impact Analysis services**: + `/sap/opu/odata/UIPATH/GET_TRANSPORT_EXES_SRV/TransportExesSet` + `/sap/opu/odata/UIPATH/TRANSPORT_STATUS_SRV/TransportStatusSet` + `/sap/opu/odata/UIPATH/EXE_ANALYSIS_SRV/GetTransportAnalysis` + `/sap/opu/odata/UIPATH/GET_TRANSPORT_ALLITEMS_SRV/TransportAnalysisSet` + `/sap/opu/odata/UIPATH/GET_TRANSPORT_ALLITEMS_SRV/DetailsSet`To activate the previous services, follow these substeps: 1. Navigate to your SAP system user interface. 2. Execute the `SICF` transaction. In the **Filter for Calling ICF Hierarchy** section, ensure `SERVICE` is entered in the **Hierarchy Type** field. Figure 1. The Filter for Calling ICF Hierarchy screen in SAP ![The Filter for Calling ICF Hierarchy screen in SAP](https://dev-assets.cms.uipath.com/assets/images/test-manager/test-manager-the-filter-for-calling-icf-hierarchy-screen-in-sap-576900-d6c9258e-29d0d974.webp) 3. Select **Execute** to finish the execution of the `SCIF` transaction. A selection screen appears, displaying various services available in your SAP system. Figure 2. The selection screen displaying all services available in SAP ![The selection screen displaying all services available in SAP](https://dev-assets.cms.uipath.com/assets/images/test-manager/test-manager-the-selection-screen-displaying-all-services-available-in-sap-576896-5eed201e-6202cb71.webp) 4. Under **Virtual Hosts/Services**, expand the following menu path: `default_host` > `sap` > `opu` > `odata` > `uipath`. If this is your first activation, the UiPath services are likely greyed out, indicating they are installed but not active. Upon activation, they will display in bold. 5. Right-click each UiPath service entry under `uipath`, and select **Activate Service**. Figure 3. Activating UiPath services ![Activating UiPath services](https://dev-assets.cms.uipath.com/assets/images/test-manager/test-manager-activating-uipath-services-576892-e27f8f5f-d8cda5a3.webp) 6. In the **Activation of ICF services** pop-up window, select **Yes** to confirm the service activation. Once a service is activated, it will display in bold. ## For web service OAuth authentication ### Rationale The transport provided includes all transportable objects (OAuth profiles, customizing entries) required for UiPath services. However, SAP does not allow full OAuth configuration to be transported for security and system-specific reasons. For this reason, after importing the transport provided, you must complete the OAuth configuration manually in your environment. ### Context The full OAuth configuration cannot be transported to protect sensitive data and maintain system integrity. * **Client Secrets are system-specific** - Secrets cannot be exported or imported for security compliance. * **Authorization Server URLs differ per environment** - Each landscape (DEV, QA, PROD) uses unique endpoints. * **Certificates and STRUST entries are local** - SSL/TLS trust must be configured manually in each system. * **User assignments and roles are client-dependent** - Technical users and authorizations vary across systems. * **Sensitive data protection** - OAuth credentials and tokens cannot be transported to prevent exposure. ### Prerequisites Each environment (DEV, QA, PROD) requires separate manual setup. Ensure you perform the following prerequisites. 1. **Keep the documentation of endpoints and credentials secure**. You will need to provide the Authorization Endpoint and the Token Endpoint in step 4.5. 2. **Ensure the Authorization Endpoint check is running**. 1. Go to `Transaction SICF` and execute it. 2. Navigate to :/sap/bc/sec/oauth2. Check that the following node is active: `authorize` (Authorization Endpoint). If the node is inactive, right-click it, and from the context menu, select **Activate Service**. Figure 4. Authorization Endpoint Check ![Authorization Endpoint Check](https://dev-assets.cms.uipath.com/assets/images/test-manager/test-manager-authorization-endpoint-check-643554-218f19c2-2ef6469a.webp) 3. **Ensure the Token Endpoint check is running**. 1. Go to `Transaction SICF`. 2. Navigate to :/sap/bc/sec/oauth2. Check that the following node is active: `token` (Token Endpoint). If the node is inactive, right-click it, and from the context menu, select **Activate Service**. 4. **Observe the naming convention for the Authorization Endpoint**. Here is an example of the Authorization Endpoint: https://vhclashci.dummy.nodomain:44301/sap/bc/sec/oauth2/authorization?sap-client=100 * Part 1 is the Domain Name - `https://vhclashci.dummy.nodomain` * Part 2 is the Port Number - `44301` * Part 3 is the Static string - `/sap/bc/sec/oauth2/authorization` * Part 4 is the SAP Client - `100`To build the authorization string, do the following: 1. Part 1 - Run `transaction RZ11` and search for the entry ‘icm/host_name_full’ – this value will be the domain name for your entry in the endpoint. 2. Part 2 – Run `transaction SMICM` and select the menu path “Goto->Services”, find the HTTPS protocol and use the number associated with HTTPS. 3. Part 3 – Hardcode the value ‘/sap/bc/sec/oauth2/authorization’. 4. Part 4 – Enter the SAP client you are currently using. 5. Make sure to use the semicolons and other punctuation, as required. 5. **Observe the naming convention for the Token Endpoint**. 6. Here is an example of the Authorization Endpoint: https://vhclashci.dummy.nodomain:44301/sap/bc/sec/oauth2/token?sap-client=100 * Part 1 is the Domain Name - `https://vhclashci.dummy.nodomain` * Part 2 is the Port Number - `44301` * Part 3 is the Static string - `/sap/bc/sec/oauth2/token` * Part 4 is the SAP Client - `100`To build the authorization string, do the following: 1. Part 1 - Run `transaction RZ11` and search for the entry ‘icm/host_name_full’ – this value will be the domain name for your entry in the endpoint. 2. Part 2 – Run `transaction SMICM` and select the menu path “Goto->Services”, find the HTTPS protocol and use the number associated with HTTPS. 3. Part 3 – Hardcode the value ‘/sap/bc/sec/oauth2/token’. 4. Part 4 – Enter the SAP client you are currently using. 5. Make sure to use the semicolons and other punctuation, as required. ### Steps 1. **Verify your transport import details and availability**. 1. Check that OAuth profiles are available. Use `transaction SE80` to ensure **OAuth 2.0 Client Profiles** are available. 2. From the dropdown menu, select **Package**. 3. Enter ‘/UIPATH/HEATMAP’ in the textbox and hit Enter. OAuth 2.0 Client Profiles should appear in the dropdown menu. If profiles are not available, contact UiPath support. Figure 5. Verify transport import ![Verify transport import](https://dev-assets.cms.uipath.com/assets/images/test-manager/test-manager-verify-transport-import-643550-7fc2ef5f-b7577648.webp) 2. **Configure Client ID/User Id/System User and Client Secret**. 1. For `transaction SUO1`, contact your Security Team for user creation. 2. Create a System User with access to `/UIPATH/` services according to your company naming standards. 3. Generate a password according to your company naming standards – this will become your ‘secret’ in OAuth2 configuration later. 3. **Configure SSL/TLS Trust**. For `transaction STRUST`, contact your Basis Team for certificate verification. 4. **Create the OAuth 2.0 configuration**. 1. For `transaction OA2C_CONFIG`, select **Create** and, in the popup, select the transported profile you want use. (You will eventually use every listed profile.) 2. Enter the Profile Name. 3. Enter the Username for Client Name. 4. Hit OK. 5. Configure the fields and save your configuration: 1. **Client Secret**: Select the corresponding scope (server) for each client and hit Enter. 2. **Authorization Endpoint URL** (check the **Prerequisites** section of this topic). 3. **Token Endpoint URL** (check the **Prerequisites** section of this topic). 4. **Client Authentication**: Select the **Basic** radio button. 5. **Selected Grant Type**: Select the **Client Credentials** radio button. 6. **Refresh Token Validity**: Enter `-1` in textbox. 7. **Clock Skew Tolerance**: Enter `5` in textbox. 6. Check the **Summary** screen, which should look like the screenshots below. Figure 6. OAuth summary page 1 ![OAuth summary page 1](https://dev-assets.cms.uipath.com/assets/images/test-manager/test-manager-oauth-summary-page-1-643546-ddb59781-eee8cd25.webp) Figure 7. OAuth summary page 2 ![OAuth summary page 2](https://dev-assets.cms.uipath.com/assets/images/test-manager/test-manager-oauth-summary-page-2-643542-01d56547-ecee096a.webp) 5. **Configure transaction SOAUTH2 OAuth2 Clients**. 1. For `transaction SOAUTH2`, select **Create** and in the first screen, enter the following information: * **Client Type:**Confidential * **Client Id:**Enter the same Username as above (step 4.3 - 4.c) * **Description:**Enter the service name or profile name. * **Token Lifetime:**3600 Seconds 2. Select **Next** and, in the second screen, enter the following information: * **Client User Id and Password** - Checked * **SSL Certificate** - Checked * **Check Parameter**: “Client Id” – Checked 3. Select **Next** and, in the third screen, enter the following information: * **Grant Type Client Credentials Active** – Checked 4. Select **Next** and, in the fourth screen, enter the following information: * Under **OAuth2 Scope Id**, find the first empty line and click on the drop-down list at the end of the blank row. * Select each of the scopes associated with UiPath until all have been selected. + `/UIPATH/ANALYZED_YES_OR_NO_SRV_0001` + `/UIPATH/EXE_ANALYSIS_SRV_0001` + `/UIPATH/GET_TRANSPORT_ALLITEMS_SRV_0001` + `/UIPATH/GET_TRANSPORT_DETAILS_SRV_0001` + `/UIPATH/GET_TRANSPORT_EXES_SRV_0001` + `/UIPATH/HEATMAP_AGGREGATES_SRV_0001` + `/UIPATH/HEATMAP_OVERVIEW_SRV_0001` + `/UIPATH/TRANSPORT_INFO_SRV_0001` + `/UIPATH/TRANSPORT_LOOKBACK_SRV_0001` + `/UIPATH/TRANSPORT_STATUS_SRV_0001` + `/UIPATH/ZS4_CHECK_SRV_0001` 5. Select **Summary**. The screen should look like the example below. Figure 8. OAuth2 Client summary page ![OAuth2 Client summary page](https://dev-assets.cms.uipath.com/assets/images/test-manager/test-manager-oauth2-client-summary-page-643538-696e77b5-7e0c2c78.webp) 6. **Test the connection for Non-RISE compliant systems**. 1. Run `transaction SE38` and enter the program name ‘/UIPATH/TEST_OAUTH2_SERVICE’ for Non-RISE compliant S4 systems. 2. Hit **Execute**. A selection/parameter screen appears. 3. Update the following parameters to match your system/user/password. * **Port** – HTTPS Port * **Client** – The current Client should default into a variable. * **Secret** – Enter the password for Client_ID/User. * **System Name** – The current System Name should default into a variable. * **Client ID** – Enter the User ID for UiPath Services. 4. Hit **Execute**. The results appear on the next screen. Look for Service Status to be equal to ‘200’. Any other return code indicates an error. Figure 9. Test Non-RISE compliant connection ![test non-rise compliant connection](https://dev-assets.cms.uipath.com/assets/images/test-manager/test-manager-test-non-rise-compliant-connection-643534-9490e1ab-512921b3.webp) 7. **Test the connection for RISE compliant systems**. 1. Run `transaction SE38` and enter the program name ‘/UIPATH/TEST_OAUTH2_SRV_RISE’ for RISE compliant S4 systems. 2. Hit **Execute**. A selection/parameter screen appears. 3. Update the following parameters to match your system/user/password. * **Port** – HTTPS Port * **Client** – The current Client should default into a variable. * **Secret** – Enter the password for Client_ID/User. * **System Name** – The current System Name should default into a variable. * **Client ID** – Enter the User ID for UiPath Services. 4. Hit **Execute**. The results appear on the next screen. Look for Service Status to be equal to ‘200’. Any other return code indicates an error.