SAP BTP Cockpit supported features

• Users created in Okta are initially created in SAP Cloud Identity Services. A user can sign in to SAP BTP Cockpit only after they're added to a user group that's mapped to a role collection in SAP BTP Cockpit.
• Roles can't be directly assigned to individual users in SAP BTP. Access is managed by adding user groups to role collections in the BTP Cockpit.
• Once a user is in SAP Cloud Identity Services and assigned to a group that's mapped to a role collection, they can sign in using their Cloud Identity Services credentials.
• As an alternative, a user can sign in after they're added to the Identity Service and mapped to the BTP Global Account.

• Updates to the Okta user profile are pushed to SAP Cloud Identity Services. Only first name and last name updates are reflected in SAP BTP Cockpit.
• Updating the username isn't recommended. If a username update is required, both the username and email address fields must be updated simultaneously.
• The first name and last name fields can't be empty.
• Profile updates are visible in SAP BTP Cockpit only after the user re-authenticates.

Users created in the Cloud Identity Services admin console are imported into Okta. All user attributes and organizational data are maintained during import.

• You can manage app entitlements for SAP BTP Cockpit in Okta. If the app supports Okta Identity Governance, then you need to enable it to manage entitlements.
• Roles are maintained by assigning users to user groups. These user groups are then mapped to role collections in SAP BTP Cockpit to control user access levels.

• Groups and their members can be pushed to integrated apps. See Manage Group Push.
• Group members can be added or removed at any time.
• The display name can be updated at any time.
• If the description field is updated to an empty value in Okta, the integration sets the description to null in SAP BTP Cockpit. All other text-based updates to the description field are pushed as entered.