Roles in BTP, IAS and Launchpad service

I’m still new to cloud development with SAP and got confused the other day about the different roles that exist in the BTP, IAS and Launchpad service.

I want to write this blog to help people who are also just new in this environment.

Simply put:

BTP = Roles / Role Collections

IAS = Groups

Launchpad Service = Roles

Instead of going deep into the theory of why different terms for roles are used for different platforms, I want to show how to implement it.

Create Role in Launchpad Service


Role in Launchpad Service


Name Role

With this ID a role collection is automatically created in the BTP cockpit.


Role collections BTP

In the BTP Cockpit navigate to Security > Role Collections to check if the role is now created.

IAS Assertion Attributes


IAS Assertion Attributes



Now you have to navigate to the IAS and select the application. Then you can define “Groups” via Assertion Attributes, so that the user group can be saved with the user.

IAS User Groups


User Groups

Under User Groups you can add groups in IAS to which you can assign multiple users and which are automatically updated if you add a Group to user like the screenshot below.

You have to navigate in the “User Management” in the IAS to see and edit all users. Now you can assign a role to your user.



Trust Configuration

Back in the BTP, you have to navigate to the IAS Overview under Security > Trust Configuration to set Role Collections Mappings.


New Role Collection Mapping

Now you can choose the role collection (which has been created when you add the role to launchpad service) and set the attribute from the group of the IAS.

So you have users in the IAS that are part of a group and you map this group to the Role Collection in BTP. So all users of the group will have access to the respective content.

Set content in Launchpad service


add app to role

After that, you need to add the apps that you are allowed to view with this role to the role in the Launchpad service.




add role to website

In the settings of the website you have to add the roles that the site contains.
To see the changes, press Refresh in the Launchpad Service > Provider Manager and relog in to the website itself.

This blog post and the answer to one of my questions also helped me a lot.

This article was about the roles in BTP, IAS, and the Launchpad service and how they all play together. I hope you learned something new and would be happy if you add your insights in the comments.

Feel free to comment with any questions/issues as well!

Kind regards