Test Manager user guide

DELIVERY:

Last updated Feb 18, 2026

Step 2: Configuring your SAP system

To establish a communication between UiPath Test Manager and your SAP system, configure the SAP system by creating a communication user and activating the required services.

For web service Basic authentication and RFC

Create a communication user in your SAP system for the integration with UiPath Test Manager. Assign the necessary roles and authorizations based on your organization's internal policies.
- The integration uses standard interfaces via RFC or Web service (HTTPS).
- UiPath does not require specific authorizations, except for RFC connections.
Note: If you use an RFC connection, assign the S_RFCACL authorization object to the communication user.
If you plan to use a Web service (HTTPS) connection for the integration, activate the necessary SAP services required to establish the connection with UiPath.
Note: These services are used for read-only operations. UiPath uses only HTTP GET methods to retrieve information from the SAP system.
The following lists presents the necessary SAP services to activate for using the Heatmap and Change Impact Analysis:
- Heatmap services:
  - /sap/opu/odata/UIPATH/HEATMAP_AGGREGATES_SRV/AllAggregatesSet
  - /sap/opu/odata/UIPATH/TRANSPORT_INFO_SRV/TransportsStatusSet
  - /sap/opu/odata/UIPATH/TRANSPORT_LOOKBACK_SRV/TransportLookbackSet
  - /sap/opu/odata/UIPATH/S4_CHECK_SRV/S4Info
  - /sap/opu/odata/UIPATH/HEATMAP_OVERVIEW_SRV/FinalHeatmapSet
- Change Impact Analysis services:
  - /sap/opu/odata/UIPATH/GET_TRANSPORT_EXES_SRV/TransportExesSet
  - /sap/opu/odata/UIPATH/GET_TRANSPORT_DETAILS_SRV/DetailsSet
  - /sap/opu/odata/UIPATH/GET_TRANSPORT_DETAILS_SRV/TransportAnalysisSet
  - /sap/opu/odata/UIPATH/EXE_ANALYSIS_SRV/GetTransportAnalysis
  - /sap/opu/odata/UIPATH/GET_TRANSPORT_ALLITEMS_SRV/TransportAnalysisSet
  - /sap/opu/odata/UIPATH/GET_TRANSPORT_ALLITEMS_SRV/DetailsSet
To activate the previous services, follow these substeps:
1. Navigate to your SAP system user interface.
2. Execute the SICF transaction.
  In the Filter for Calling ICF Hierarchy section, ensure SERVICE is entered in the Hierarchy Type field.
  
  Figure 1. The Filter for Calling ICF Hierarchy screen in SAP
3. Select Execute to finish the execution of the SCIF transaction.
  A selection screen appears, displaying various services available in your SAP system.
  
  Figure 2. The selection screen displaying all services available in SAP
4. Under Virtual Hosts/Services, expand the following menu path: default_host > sap > opu > odata > uipath.
  If this is your first activation, the UiPath services are likely greyed out, indicating they are installed but not active. Upon activation, they will display in bold.
5. Right-click each UiPath service entry under uipath, and select Activate Service.
  Figure 3. Activating UiPath services
6. In the Activation of ICF services pop-up window, select Yes to confirm the service activation.
  Once a service is activated, it will display in bold.

For web service OAuth authentication

Rationale

The transport provided includes all transportable objects (OAuth profiles, customizing entries) required for UiPath services. However, SAP does not allow full OAuth configuration to be transported for security and system-specific reasons. For this reason, after importing the transport provided, you must complete the OAuth configuration manually in your environment.

Context

The full OAuth configuration cannot be transported to protect sensitive data and maintain system integrity.

Client Secrets are system-specific - Secrets cannot be exported or imported for security compliance.
Authorization Server URLs differ per environment - Each landscape (DEV, QA, PROD) uses unique endpoints.
Certificates and STRUST entries are local - SSL/TLS trust must be configured manually in each system. 
User assignments and roles are client-dependent - Technical users and authorizations vary across systems. 
Sensitive data protection - OAuth credentials and tokens cannot be transported to prevent exposure.

Prerequisites

Each environment (DEV, QA, PROD) requires separate manual setup. Ensure you perform the following prerequisites.

Keep the documentation of endpoints and credentials secure. You will need to provide the Authorization Endpoint and the Token Endpoint in step 4.5.
Ensure the Authorization Endpoint check is running.
1. Go to Transaction SICF and execute it.
2. Navigate to :/sap/bc/sec/oauth2. Check that the following node is active: authorize (Authorization Endpoint). If the node is inactive, right-click it, and from the context menu, select Activate Service.
Figure 4. Authorization Endpoint Check
Ensure the Token Endpoint check is running.
1. Go to Transaction SICF.
2. Navigate to :/sap/bc/sec/oauth2. Check that the following node is active: token (Token Endpoint). If the node is inactive, right-click it, and from the context menu, select Activate Service.
Observe the naming convention for the Authorization Endpoint.
Here is an example of the Authorization Endpoint: https://vhclashci.dummy.nodomain:44301/sap/bc/sec/oauth2/authorization?sap-client=100
- Part 1 is the Domain Name - https://vhclashci.dummy.nodomain
- Part 2 is the Port Number - 44301
- Part 3 is the Static string  - /sap/bc/sec/oauth2/authorization
- Part 4 is the SAP Client - 100
To build the authorization string, do the following:
1. Part 1 - Run transaction RZ11 and search for the entry ‘icm/host_name_full’ – this value will be the domain name for your entry in the endpoint.
2. Part 2 – Run transaction SMICM and select the menu path “Goto->Services”, find the HTTPS protocol and use the number associated with HTTPS.
3. Part 3 – Hardcode the value ‘/sap/bc/sec/oauth2/authorization’.
4. Part 4 – Enter the SAP client you are currently using.
5. Make sure to use the semicolons and other punctuation, as required.
Observe the naming convention for the Token Endpoint.
Here is an example of the Authorization Endpoint: https://vhclashci.dummy.nodomain:44301/sap/bc/sec/oauth2/token?sap-client=100
- Part 1 is the Domain Name - https://vhclashci.dummy.nodomain
- Part 2 is the Port Number - 44301
- Part 3 is the Static string  - /sap/bc/sec/oauth2/token
- Part 4 is the SAP Client - 100
To build the authorization string, do the following:
1. Part 1 - Run transaction RZ11 and search for the entry ‘icm/host_name_full’ – this value will be the domain name for your entry in the endpoint.
2. Part 2 – Run transaction SMICM and select the menu path “Goto->Services”, find the HTTPS protocol and use the number associated with HTTPS.
3. Part 3 – Hardcode the value ‘/sap/bc/sec/oauth2/token’.
4. Part 4 – Enter the SAP client you are currently using.
5. Make sure to use the semicolons and other punctuation, as required.

Steps

Verify your transport import details and availability.
1. Check that OAuth profiles are available. Use transaction SE80 to ensure OAuth 2.0 Client Profiles are available.
2. From the dropdown menu, select Package.
3. Enter ‘/UIPATH/HEATMAP’ in the textbox and hit Enter. OAuth 2.0 Client Profiles should appear in the dropdown menu. If profiles are not available, contact UiPath support.
Figure 5. Verify transport import
Configure Client ID/User Id/System User and Client Secret.
1. For transaction SUO1, contact your Security Team for user creation.
2. Create a System User with access to /UIPATH/ services according to your company naming standards.
3. Generate a password according to your company naming standards – this will become your ‘secret’ in OAuth2 configuration later.
Configure SSL/TLS Trust. For transaction STRUST, contact your Basis Team for certificate verification.
Create the OAuth 2.0 configuration.
1. For transaction OA2C_CONFIG, select Create and, in the popup, select the transported profile you want use. (You will eventually use every listed profile.)
2. Enter the Profile Name.
3. Enter the Username for Client Name.
4. Hit OK.
5. Configure the fields and save your configuration:
  1. Client Secret: Select the corresponding scope (server) for each client and hit Enter.
  2. Authorization Endpoint URL (check the Prerequisites section of this topic).
  3. Token Endpoint URL (check the Prerequisites section of this topic).
  4. Client Authentication: Select the Basic radio button.
  5. Selected Grant Type: Select the Client Credentials radio button.
  6. Refresh Token Validity: Enter -1 in textbox.
  7. Clock Skew Tolerance: Enter 5 in textbox.
6. Check the Summary screen, which should look like the screenshots below.
Figure 6. OAuth summary page 1

Figure 7. OAuth summary page 2
Configure transaction SOAUTH2 OAuth2 Clients.
1. For transaction SOAUTH2, select Create and in the first screen, enter the following information:
  - Client Type: Confidential
  - Client Id: Enter the same Username as above (step 4.3 - 4.c)
  - Description: Enter the service name or profile name.
  - Token Lifetime: 3600 Seconds
2. Select Next and, in the second screen, enter the following information:
  - Client User Id and Password - Checked
  - SSL Certificate - Checked
  - Check Parameter: “Client Id” – Checked
3. Select Next and, in the third screen, enter the following information:
  - Grant Type Client Credentials Active – Checked
4. Select Next and, in the fourth screen, enter the following information:
  - Under OAuth2 Scope Id, find the first empty line and click on the drop-down list at the end of the blank row.
  - Select each of the scopes associated with UiPath until all have been selected.
    - /UIPATH/ANALYZED_YES_OR_NO_SRV_0001
    - /UIPATH/EXE_ANALYSIS_SRV_0001
    - /UIPATH/GET_TRANSPORT_ALLITEMS_SRV_0001
    - /UIPATH/GET_TRANSPORT_DETAILS_SRV_0001
    - /UIPATH/GET_TRANSPORT_EXES_SRV_0001
    - /UIPATH/HEATMAP_AGGREGATES_SRV_0001
    - /UIPATH/HEATMAP_OVERVIEW_SRV_0001
    - /UIPATH/TRANSPORT_INFO_SRV_0001
    - /UIPATH/TRANSPORT_LOOKBACK_SRV_0001
    - /UIPATH/TRANSPORT_STATUS_SRV_0001
    - /UIPATH/ZS4_CHECK_SRV_0001
5. Select Summary. The screen should look like the example below.
Figure 8. OAuth2 Client summary page
Test the connection for Non-RISE compliant systems.
1. Run transaction SE38 and enter the program name ‘/UIPATH/TEST_OAUTH2_SERVICE’ for Non-RISE compliant S4 systems.
2. Hit Execute. A selection/parameter screen appears.
3. Update the following parameters to match your system/user/password.
  - Port – HTTPS Port
  - Client – The current Client should default into a variable.
  - Secret – Enter the password for Client_ID/User.
  - System Name – The current System Name should default into a variable.
  - Client ID – Enter the User ID for UiPath Services.
4. Hit Execute. The results appear on the next screen. Look for Service Status to be equal to ‘200’. Any other return code indicates an error.
Figure 9. Test Non-RISE compliant connection
Test the connection for RISE compliant systems.
1. Run transaction SE38 and enter the program name ‘/UIPATH/TEST_OAUTH2_SRV_RISE’ for RISE compliant S4 systems.
2. Hit Execute. A selection/parameter screen appears.
3. Update the following parameters to match your system/user/password.
  - Port – HTTPS Port
  - Client – The current Client should default into a variable.
  - Secret – Enter the password for Client_ID/User.
  - System Name – The current System Name should default into a variable.
  - Client ID – Enter the User ID for UiPath Services.
4. Hit Execute. The results appear on the next screen. Look for Service Status to be equal to ‘200’. Any other return code indicates an error.