Hello,

There are two parts to onboarding users in SAP Cloud ALM
The first thing to keep in mind is that SAP cloud ALM does not authenticate users.
The Identify Authentication Service (IAS) authenticates the users
In the SAP BTP subaccount for SAP Cloud ALM the Custom IAS that is specified in the Trust Configuration under security will be the IAS that is performing the authentication.

The user must exist in the IAS or the user in SAP Cloud ALM will not be able to logon.
You need to have the administor(s) of that IAS add the users
If you are not the administrator and do not know who they are you can find out by entering https://iamtenants.accounts.cloud.sap
The user ID should be their email address
The administrator can send an activation email to the user and they can set their own password.
Then in the SAP Cloud ALM service in the Administration group, you want to select User Management
That person will need to have either the 'Cross Global Administrator' role collection or the 'User Administrator'
role collection to be able to access the User Management application.
Based on the role the user will be performing the administrator will provide the appropriate role collections

At this point the user has been added to the IAS so they can be authenticated.
The user has been added as a user in SAP Cloud ALM and assigned the role collections they need to perform their ALM tasks. And they have received the activation email so they can set their password. At this point they can logon to SAP Cloud ALM.

The user can be added to SAP cloud ALM first and then added to the IAS, but keep in mind that if they do not have a user in the IAS they will not be authenticated and will not be able to logon. If they use the "Forgot Password" option, they will not receive a reset email"
Lastly if your company has a corporate IDP it can be used, but you need to setup a reverse proxy in the Productive IAS tennant. If you re using a corporate IDP please refer to this Help Documentation

Regards,

Paul