AX1: Secure tunnel with SCP


Preparation menu

Task: Set up Secure Tunnel between SAP Cloud Connector and SAP Cloud Platform (CF)

In this lab, you will set up a your SAP Cloud Platform account and the Cloud Connector to establish a secure tunnel between SAP Cloud Platform and the SAP Application Server ABAP in your system landscape.

With this setup you will learn:

  • How to connect the Cloud Connector to your trial cloud foundry account on SAP Cloud Platform
  • How to connect the Cloud Connector to your ABAP system


Before you can access data from the Cloud Connector in an application on SAP Cloud Platform, you must establish a trust between your SAP Cloud Platform subaccount and the Cloud Connector that is installed in your system landscape. To do so, you need your subaccount ID.

  1. Go to Your SAP Cloud Platform Trial | Cloud Foundry Trial, and navigate to your subaccount.

Preparation menu

  1. Click the info icon as shown below to get your subaccount information. This information card will show the sub-account name trial by default. Copy the information listed in the ID

Preparation menu

  1. Log on to the Cloud Connector administration UI and choose Connector | Define Subaccount (if you already have defined a subaccount for another purpose, choose Connector | Add Subaccount). Enter the following information

Subaccount: The subaccount ID you copied in the last step. 
Display Name : Desired name (example Alexa)
Subaccount User: Email address of your subaccount user. You can find it in the User Information of SCP. => See below screen shot
Password : Your SCP password
Location Id: not required for this lab 

  • Getting user information from SCP.

Preparation menu

  1. Choose Save.

Preparation menu

  1. After a while you should get the following success message:

Preparation menu

  1. Synchronize the IdP for Principal Propagation. Having created a mapping to a system successfully, when you click on the Principal Propagation tab, you will notice it to be devoid of any content. This is a security feature. The cloud connector is delivered without trusting any IdP by default.

Press the synchronise button to populate a list of IdP’s.