Agent SkillsAgent Skills
secondsky

sap-btp-cias

@secondsky/sap-btp-cias
secondsky
173
40 forks
Updated 3/31/2026
View on GitHub

SAP BTP Cloud Integration Automation Service (CIAS) skill for guided integration workflows. Use when: setting up CIAS subscriptions, configuring destinations, assigning roles (CIASIntegrationAdministrator, CIASIntegrationExpert, CIASIntegrationMonitor), planning integration scenarios, working with My Inbox tasks, monitoring scenario execution, troubleshooting CIAS errors, creating OAuth2 instances, configuring identity providers for CIAS, understanding CIAS security architecture, or integrating SAP products (S/4HANA, SuccessFactors, BTP services, SAP Build, IBP).

Installation

$npx agent-skills-cli install @secondsky/sap-btp-cias
Claude Code
Cursor
Copilot
Codex
Antigravity

Details

Repositorysecondsky/sap-skills
Pathplugins/sap-btp-cias/skills/sap-btp-cias/SKILL.md
Branchmain
Scoped Name@secondsky/sap-btp-cias

Usage

After installing, this skill will be available to your AI coding assistant.

Verify installation:

npx agent-skills-cli list

Skill Instructions

name: sap-btp-cias description: | SAP BTP Cloud Integration Automation Service (CIAS) skill for guided integration workflows. Use when: setting up CIAS subscriptions, configuring destinations, assigning roles (CIASIntegrationAdministrator, CIASIntegrationExpert, CIASIntegrationMonitor), planning integration scenarios, working with My Inbox tasks, monitoring scenario execution, troubleshooting CIAS errors, creating OAuth2 instances, configuring identity providers for CIAS, understanding CIAS security architecture, or integrating SAP products (S/4HANA, SuccessFactors, BTP services, SAP Build, IBP). license: GPL-3.0 metadata: version: "1.0.1" last_verified: "2025-11-27" sap_product: "Cloud Integration Automation Service" source_docs: "https://github.com/SAP-docs/btp-cloud-integration-automation-service"

SAP BTP Cloud Integration Automation Service (CIAS)

Cloud Integration Automation Service provides guided workflows to integrate SAP cloud solutions with on-premise and other SAP cloud solutions. It offers both manual task instructions and automated configuration capabilities.

Table of Contents

Quick Reference

Service Plans

PlanTypePurpose
StandardApplicationUI access for scenario planning, task monitoring, integration management
OAuth2ServiceAPI access for programmatic operations (required for ABAP automation)

Role Collections

RoleCollectionCapabilities
Integration AdministratorCIASIntegrationAdministratorFull access: Plan for Integration, My Inbox, Monitoring; terminate scenarios
Integration ExpertCIASIntegrationExpertMy Inbox access; work on assigned tasks
Integration MonitorCIASIntegrationMonitorRead-only access to Scenario Execution Monitoring

Supported Regions

AWS: EU10 (Frankfurt), EU11 (Frankfurt EU Access), US10 (Virginia), AP10 (Sydney), JP10 (Tokyo), CA10 (Montreal) Azure: EU20 (Netherlands), CN20 (China North 3) Alibaba: CN40 (Shanghai)

Core Workflows

1. Subscribe to CIAS (Standard Plan)

  1. Navigate to SAP BTP Cockpit → Global Account → Subaccount
  2. Go to ServicesService Marketplace
  3. Filter by "Cloud Integration Automation Service"
  4. Click tile → Create → Select Standard plan
  5. Confirm creation
  6. Access via Instances and Subscriptions → "Go to Application" icon

2. Assign Roles to Users

  1. Navigate to SecurityRole Collections in subaccount
  2. Select role collection (e.g., CIASIntegrationAdministrator)
  3. Click EditUsers tab
  4. Add users by email ID or login user ID
  5. Save changes

Multiple users can be assigned per role using comma-separated user IDs.

3. Plan Integration Scenario

  1. Access CIAS application from Instances and Subscriptions
  2. Open Plan for Integration tile
  3. Browse available solutions in Solutions tab
  4. Select scenario and scenario option
  5. Choose systems for integration (by customer number)
  6. Specify:
    • Target subaccount for workflow
    • SAP BTP Workflow Users (must have subaccount access)
    • Transaction name for monitoring
  7. Confirm workflow generation
  8. Access tasks in My Inbox tile

4. Work with Tasks (My Inbox)

  1. Open My Inbox tile (requires Administrator or Expert role)
  2. Click Claim to lock task for your user
  3. Follow instructions in Task Instructions tab
  4. For automation tasks: Configure parameters → Click Execute Step
  5. Click Task Completed when done
  6. Click Refresh to display next task
  7. Repeat until viewing Execution Summary

5. Create Destination for Automation

  1. In My Inbox → Confirm System Components task
  2. Click Create Destination link
  3. Configure:
    • Name: Valid identifier
    • Description: Purpose description
    • URL: Target system host URL
    • Authentication: Method + credentials
    • Type: HTTP (default)
  4. Save configuration

Always use HTTPS for secure communication.

6. Monitor Scenario Execution

  1. Open Scenario Execution Monitoring tile (requires Administrator or Monitor role)
  2. Filter workflows by status: Running, Completed, Canceled
  3. View tabs: Task Details, Targets, Roles and Users, Scope, Support Information
  4. Use Terminate Execution to remove scenarios permanently
  5. Access Logs tab for automation execution details

Service Limitations

  • Maximum 15 active workflows per subaccount
  • No self-service data deletion (submit ticket to component BC-INS-CIT-RT)
  • Logs retained for 90 days
  • OAuth2 certificate maximum validity: 1 year
  • Execution scope cannot be changed after confirmation
  • Destination cannot be changed if already used in automation task
  • Supported browsers: Google Chrome, Microsoft Edge (Chromium), Mozilla Firefox, Apple Safari (macOS)

Security Architecture

CIAS comprises six core components:

  1. Runtime: Backbone framework rendering integration tasks
  2. Planning: UI for planning integration scenarios
  3. Inbox: UI for end-user task access
  4. Monitoring: UI for scenario implementation monitoring
  5. Managed System: System configured during integration
  6. Automation Runtime: Calls configuration APIs of managed systems

Security features:

  • Role-based access via SAP BTP authorization framework
  • XSRF protection for backend connectivity calls
  • Identity provider integration (SAML assertion Name ID attribute supported)
  • Credentials stored in Credential Store service (inaccessible to external parties)

Common Error Patterns

Empty Destination Dropdown

Symptom: Destination dropdown shows no options during task execution.

Cause: No destinations exist matching the tenant's Host Base URL.

Solution:

  1. Create destination manually following Destination Creation steps
  2. Ensure destination URL matches tenant Host Base URL exactly
  3. Refresh the dropdown after creation

Workflow Conflict Lock

Symptom: Cannot proceed with task; execution lock activated.

Cause: Multiple integration workflows exist with identical system components.

Solutions:

  • Proceed: Continue without resolving (manual resolution later)
  • Terminate: End selected conflicting instances
  • Terminate Current Instance: Stop active workflow only
  • Cancel: Halt operation entirely

Application Access Denied After IdP Change

Symptom: Users cannot access CIAS application after identity provider change.

Cause: Users not managed by newly configured identity provider.

Solution:

  1. Add users to new identity provider
  2. Reassign role collections in subaccount Security settings
  3. Verify user IDs exist in configured IdP

Task Marked as Reserved

Symptom: Cannot claim task; shows "Reserved" status.

Cause: Another assigned user has already claimed the task.

Solution: Coordinate with team; only one user can work on claimed task at a time.

Support Channels

Issue TypeComponentAction
General CIAS supportBC-INS-CIT-RTCreate support ticket
Manual task instructionsCheck Support Information tabSubmit incident to listed component
Data deletion requestBC-INS-CIT-RTInclude email ID and subaccount name
Service availabilityConsumer accountCheck Service Availability feature

OAuth2 API Access

For programmatic access (required for ABAP automation):

  1. Navigate to subaccount → ServicesService Marketplace
  2. Select Cloud Integration Automation Service → Create
  3. Choose OAuth2 plan
  4. Select runtime: "Other" or "Cloud Foundry"
  5. Provide instance name → Create

Create Service Key (for API calls)

With mTLS (Certificate):

{
  "xsuaa": {
    "credential-type": "x509",
    "x509": {
      "key-length": 2048,
      "validity": 365,
      "validity-type": "DAYS"
    }
  }
}

Without Certificate: Create with name only.

Use generated client ID and client secret to create OAuth JWT token for API authentication.

Data Protection

  • Email IDs and subaccount names stored in service database
  • System/tenant selection data preserved for workflow execution
  • Logs do not store user-related personal data
  • Audit logs follow SAP BTP Audit Log retention policy
  • Sensitive data stored in Credential Store service

Glossary

TermDefinition
Personal DataAny information relating to identified/identifiable natural person
Sensitive Personal DataRacial/ethnic origin, political opinions, religious beliefs, genetic/biometric data
Residence PeriodTime between business end and end-of-purpose when data remains accessible
Retention PeriodTime from last business activity through data deletion
BlockingRestricting access to data whose primary business purpose has ended

Task UI Controls Quick Reference

Automation Task Controls

ControlFunction
RefreshUpdate automation statuses
Expand AllShow all parameter panels
Collapse AllHide all parameter panels
Show/Hide Read-Only ParametersToggle read-only visibility
Save ParametersPreserve current values
LogsView execution records
InformationParameter descriptions
Execute StepRun automation (async)

Error Recovery

After automation failure:

  • Only Failed Automations - Retry failed steps only
  • All Automations - Retry entire sequence

Bundled Resources

Reference Files

  1. references/setup-guide.md - Complete subscription, OAuth2, and destination configuration procedures
  2. references/security-guide.md - Security architecture, identity provider configuration, and role management
  3. references/integration-scenarios.md - Full list of 100+ supported integration scenarios with codes (1M1, 22K, 4A1, etc.)
  4. references/troubleshooting.md - Detailed error resolution procedures and common issues
  5. references/maintenance-planner.md - Maintenance Planner integration guide and workflow invocation
  6. references/task-ui-guide.md - Complete task UI controls, tabs, behaviors, and automation steps
  7. references/whats-new.md - Complete release notes from 2021-2025 with feature updates

Template Files

  1. templates/destination-config.md - Destination configuration templates by target system type
  2. templates/role-assignment.md - Role assignment procedures and checklists for different scenarios

Documentation Sources

Primary:

Related:

More by secondsky

View all
sap-abap
173

Comprehensive ABAP development skill for SAP systems. Use when writing ABAP code, working with internal tables, structures, ABAP SQL, object-oriented programming, RAP (RESTful Application Programming Model), CDS views, EML statements, ABAP Cloud development, string processing, dynamic programming, RTTI/RTTC, field symbols, data references, exception handling, or ABAP unit testing. Covers both classic ABAP and modern ABAP for Cloud Development patterns.

sap-btp-business-application-studio
173

This skill provides comprehensive guidance for SAP Business Application Studio (BAS), the cloud-based IDE on SAP BTP built on Code-OSS. Use when setting up BAS subscriptions, creating dev spaces, connecting to external systems, deploying MTA applications, troubleshooting connectivity issues, managing Git repositories, configuring runtime versions, or using the layout editor. Keywords: SAP Business Application Studio, BAS, SAP BTP, dev space, Cloud Foundry, MTA, multitarget application, SAP Fiori, CAP, HANA, destination, WebIDEEnabled, Cloud Connector, Service Center, Storyboard, Layout Editor, ABAP, OData, subscription, entitlements, role collection, Business_Application_Studio_Developer, Git, clone, push, pull, Gerrit, PAT, OAuth, asdf, runtime, Node.js, Java, Python, Task Explorer, CI/CD, Yeoman, generator, template wizard, mbt, mtar, debugging, breakpoint

sap-abap-cds
173

Comprehensive SAP ABAP CDS (Core Data Services) reference for data modeling, view development, and semantic enrichment. Use when creating CDS views or view entities in ABAP, defining data models with annotations (@AbapCatalog, @AccessControl, @EndUserText, @Semantics, @UI, @Consumption, @ObjectModel), working with associations and cardinality, implementing input parameters, using built-in functions (string, numeric, date/time), writing CASE expressions and conditional logic, implementing access control with DCL (Data Control Language), handling CURR/QUAN data types with reference fields, troubleshooting CDS errors (SD_CDS_ENTITY105), querying CDS views from ABAP, or displaying data with SALV IDA. Covers ABAP 7.4+ through ABAP Cloud with production-tested patterns. Keywords: ABAP CDS, Core Data Services, CDS view, CDS view entity, define view, define view entity, DDL, Data Definition Language, DCL, Data Control Language, annotations, @AbapCatalog, @AccessControl, @EndUserText, @Semantics, @UI, @Consumption, @ObjectModel, @Metadata, associations, cardinality, TO ONE, TO MANY, path expressions, input parameters, WITH PARAMETERS, built-in functions, CASE expression, CAST, session variables, $session, aggregate functions, GROUP BY, HAVING, joins, INNER JOIN, LEFT OUTER JOIN, access control, DEFINE ROLE, pfcg_auth, authorization, SALV IDA, cl_salv_gui_table_ida, Eclipse ADT, ABAP Development Tools, CDS annotations, Fiori Elements, OData, RAP, ABAP RESTful Application Programming Model, currencyCode, unitOfMeasure, SD_CDS_ENTITY105

sap-btp-cloud-logging
173

This skill provides comprehensive guidance for SAP Cloud Logging service on SAP BTP. Use when setting up Cloud Logging instances, configuring log ingestion from Cloud Foundry or Kyma runtimes, implementing OpenTelemetry observability, analyzing logs/metrics/traces in OpenSearch Dashboards, configuring SAML authentication, managing certificates, or troubleshooting ingestion issues. Covers service plans (dev/standard/large), all 4 instance creation methods (BTP Cockpit, CF CLI, BTP CLI, Service Operator), all 4 ingestion methods (Cloud Foundry, Kyma, OpenTelemetry, JSON API), and security best practices.