SAP Knowledge Base Article - Public

2987604 - SAP_COM_0200 - Error validating user in HCP (401, Unauthorized)

Symptom

When setting up the Communication Arrangement SAP_COM_0200, you get the following error:

Error validating user <user ID> in HCP (401, Unauthorized)

error.png

Environment

  • SAP S/4 HANA Cloud
  • SAP Cloud Platform, Neo environment

Cause

Invalid communication user and/or password.

Resolution

Access the subaccount in the SAP Cloud Platform Cockpit and identify which Platform Identity Provider is configured. For details, see SAP KBA 2752896 - How to identify the Platform Identity Provider configured in a subaccount on SAP Cloud Platform?

  • If it is SAP ID Service, you need to add the S-uer ID as a member of the subaccount with Administrator role.

    To validate the credentials, go to accounts.sap.com and try to login with user ID and password. If needed, reset the password according to the latest password policy. For instructions, see SAP KBA 1808560.

    Note: users created in the Technical Users application cannot be used in this communication scenario. Reason: these users are not stored in the SAP ID Service. They are only used in SAP Solution Manager's Support Hub Connectivity.
  • If it is SAP Cloud Platform Identity Authentication Service (IAS), you need to add a user from the IAS tenant as a member of the subaccount (the ID is in the format PXXXXXX) and assign the Administrator role to it. Make sure to select the correct User Base when adding the user to the subaccount (<tenantID>.accounts.ondemand.com).

    To validate the credentials, open https://account-<subaccount-name>.<region>.hana.ondemand.com/cockpit on the browser and click on Log On. You should be redirected to the IAS tenant (<tenantID>.accounts.ondemand.com). If you get an error, the trust is probably broken. The IAS tenant needs to have an application configured with name similar to "https://<region>.hana.ondemand.com/<subaccount-name>/admin". If it is not there, go to the SAP Cloud Platform Cockpit > Security > Trust > Platform Identity Provider, delete the existing IAS tenant entry from there and add it again.

    Try to log in to the IAS tenant with the same user and password. If you get an authentication error even with the right password, check the Allowed Logon Identifiers that are configured on IAS. In the Communication Arrangement, you will have to enter one of the user's identifiers that has status "On".

Keywords

s4hana s4 hana scp s-user , KBA , BC-SRV-APS-COM , Maintain Communication System and Arrangement , BC-NEO-SEC-IAM , Authentication, Authorization(Cloud Platform Neo) , Problem

Product

SAP S/4HANA Cloud 2008