Hi,

I configured Cloud Transport Management for Integration Suite and everything works fine. However, I'm using a personal "SAP ID" user for the destinations to deploy (import transport) to Acceptance and Production subaccounts.

I want to replace it by a technical user I created in my IAS production tenant. To achieve this I followed the below steps:

• Enabled the custom IAS tenant as identity provider in the Global Account for Platform Users. This makes it automatically available for all subaccounts.
• Created a technical user in IAS.
• Created the same technical user in the transport target nodes subaccounts and assigned all the necessary roles
• Assigned the technical user to the Cloud Foundry organization and space with the IAS tenant as "origin".
• Updated the existing deployment destination replacing my personal S-User by the technical user. I tried both options "Basic Authentication" and "OAuth2Password".
• With Basic Authentication I get this error which doesn't happen with my S-User: Connection to "DestinationName" established. Response returned: "401: Unauthorized"

• I tested logging in with the technical user in the subaccount BTP cockpit and it works fine with this password and using IAS Identity as origin.
• With the OAuth2Password option is not possible to check the connection according to the documentation, so I directly tested in Cloud Transport Management. I get the following Fatal error: Error during deployment initialization: Request for get an OAuth token from URL 'https://login.cf.eu30.hana.ondemand.com' failed with response code 401.
• I tested the OAuth2Password setup in CF with the command cf login --origin IdentityProviderID and it works as you can see in the screenshot:

I have the impression that the Destination is trying to use the SAP ID to authenticate, but I don't see how to change this behaviour. Maybe there is an option to specify the --origin as in the CLI, but I didn't find how.

Anyone could help?