In this blog steps to add user to access your SAP Integration Suite Open Connectors capability has been captured. If you use the SAP Open Connectors in Neo platform, please refer to the blog: Add users to your SAP Cloud Platform Open Connectors tenant. 

SAP BTP Integration Suite tenant 

SAP BTP Intergration Suite Open Connectors tenant 

The SAP Open Connectors tenant has been created with the first Integration Suite provisioner as initial admin user, whatever who activates the Open Connectors capability. Please check the chapter below to find who is the first Integration Suite provisioner. 

You have the two main steps to add the user to SAP Open Connectors tenant. The first step is to grant the Open Connectors tile visibility of SAP Integration Suite to the user. And the second step, to add the user as a member of Open Connectors tenant. 

The user who wants to see the Open Connectors tile from SAP Integration Suite, must have been added into the “Integration_Provisioner” or “OpenConnectors_User” role collection in BTP. Below is an example of how to add user into “OpenConnectors_User” role collection. 

1. Open your BTP account and go to “Security->Role Collections” page.
2. Click “OpenConnectors_User” role collection and add the user in the shown page from the right (see below).

1. Ask the admin user to login with the SAP Open Connectors tenant. If you don’t know who the admin user of your SAP Open Connectors tenant is, please check the chapter below to find who is the first Integration Suite provisioner (the initial admin user of your SAP Open Connectors tenant).  
2. Open “Security->Identity->Members” page and click the “Add Member” button (see below).
3. Add the user as a member with the selection role.

          Note: 

          If you used the default SAP Identity provider (https://accounts.sap.com) as your corporate identity provider, please pay attention for below points: 

• Only S-User ID, P-User ID, D-User ID and I-User ID can be used as value of the member, instead of mail address. 
• The S-USER ID (leading character S, P, D and I) must be in Capital Letter. 
• [Optional] If you used the custom identity provider, the value of member depends on how to configure in your IAS. Please check the chapter (Get the ID value of the current logged user) below to find the value. 

1. Logged into SAP Integration Suite and click “Manage Capabilities” tile.
2. The first Integration provisioner is shown in popup window (Provisioned By).

1. Ask the user who wants to be added into Open Connectors tenant to login to the SAP Integration Suite. 
2. Open the developer tools of the browser, see example below.
3. Click the “Preserve log” and “Disable cache” checkboxes in the Network tab.
4. Click the “Extend Non-SAP Connectivity” tile. The browser will do a single sign on to the Open Connectors. You will get the error message “No authorized user found”. Don’t worry about it because it is expected that you haven’t been added into the SAP Open Connectors tenant. 
5. Filter “assert” http request in the browser and copy the “SAMLResponse” text from the request.
6. Decode this text with SAML decoder (see example below), and you will get the text in xml format.
7. Format the xml text and copy the value of “NameID” attribute of the “Subject” node.
8. Ask your admin user to add a member with this value into Open Connectors tenant. 

References: 

1. KBA: 3035458 – “No authorized user found” error in Open Connectors 
2. Configuring user access for Integration Suite capabilities