Log in with the btp CLI is on global account level.
-
Your global account must be on feature set B. See Cloud Management Tools — Feature Set Overview.Your global account must be on feature set B. See Cloud Management Tools — Feature Set Overview.
-
You have to enter the subdomain of your global account. You can find it in the cockpit in the global account view or under Switch Global Account.
-
You have to enter the correct CLI server URL. Usually, it is proposed during login and you can confirm with [ENTER]:
https://cpcli.cf.eu10.hana.ondemand.com. If your operator has provided you with a different server URL, you'll have to enter that one. -
Your user is assigned to the
Global Account Vieweror theGlobal Account Administratorrole collection. See Role Collections and Roles in Global Accounts, Directories, and Subaccounts [Feature Set B].
When you log in to your global account with the btp CLI, a token is created and stored on your computer that allows to close and reopen the command line without losing your login. With each command call, this token is renewed and valid for 24 hours. So, if you take a longer break from working with the btp CLI, you’ll have to log in again. If you want to end your login earlier, you can use btp logout.
We recommend using single sign-on and authenticating directly at your identity provider through a web browser:
btp login --sso
See Log in with Single Sign-On.
To login with a custom identity provider, use:
btp login --sso --idp <TENANT>
See Log in with a Custom Identity Provider.
-
To log in manually, use
btp login. The btp CLI prompts for all login information, but optionally, you can provide the required information as parameters.Usage:
btp [OPTIONS] login [PARAMS]--idp<TENANT>This parameter is only needed to work with a custom identity provider.
If trust is configured between your global account and a custom identity provider, use this parameter to log in through this identity provider by providing its tenant ID. You find the correct value in the cockpit under Security → Trust Configuration → Custom Platform Identity Providers
To work with users from a custom identity provider, you need to specify the
--of-idpparameter by providing the origin key of the custom identity provider. This is applicable to the following commands:btp list security/user,btp get security/user,btp delete security/user,btp assign security/role-collection,btp unassign security/role-collection, and you find this origin key in the cockpit under Security.For more information about using a custom identiy provider, see Establish Trust and Federation of Custom Identity Providers for Platform Users [Feature Set B].
--url<URL>The client proposes this URL:
https://cpcli.cf.eu10.hana.ondemand.com, which you can confirm by pressing [ENTER]. If your operator has provided you with a different server URL, you can specify it here. Note that when you enter a new server URL for the first time, you’re asked to confirm that you trust it.There is just one central CLI server, independent of the regions of your subaccounts. Unless you're in a private cloud and have received a CLI server URL from your operator, you should not change the proposed URL.
--subdomain<GLOBALACCOUNT>The subdomain of the global account you want to log in to. You should have obtained the subdomain from your operator; but you can also find it in the cockpit in the global account view or under Switch Global Account dialog.
If you don't find the subdomain of the global account in your cockpit, your global accoiunt is probably not on SAP BTP feature set B, which means you cannot access it with the btp CLI. See Cloud Management Tools — Feature Set Overview.
--user<USER>Your user name, usually an email address.
--password<PASSWORD>Your password. Note that if two-factor authentication is enabled, concatenate your password, followed by the passcode, in a single string.
We don’t recommend to provide the password with this parameter, as it appears in plain text and may be recorded in your shell history. Rather, enter it when you’re prompted.
--ssoOpens a browser for single sign-on at the identity provider. To suppress automatic browser opening, use
--sso manual. To use a custom identity provider, you need to add the--idpparameter.To log on with SAP Universal ID, you need to use this parameter. Otherwise log on with the password associated with your account (S-user or P-user) in the default identity provider, SAP ID service. If you've forgotten this password and this user is associated with your SAP Universal ID user, reset your password.
For more information, see SAP Note 3085908 and Log in with Single Sign-On.
btp login --url https://cpcli.cf.eu10.hana.ondemand.com --subdomain my-global-account --user name@example.comIf you've logged in before, the server URL, the subdomain, and the user from the last login are suggested. You can then press [Enter] to confirm, or type in different values.
CLI server URL [https://cpcli.cf.eu10.hana.ondemand.com]> Subdomain [my-global-account]> User [name@example.com]>
Upon successful login, the btp CLI creates a folder (btp) and a configuration file (config.json) in the default location of your user data directory:
-
Microsoft Windows:
C:\Users<i class="varname"><username>\AppData\Roaming\SAP\btp\config.json -
Apple macOS ;
~/Library/Application Support/.btp/config.json -
Linux:
~/.config/.btp/config.json
To change this location, use the --config option or the environmnet variable. See Specify the Location of the Configuration File.
You’ve logged in to the global account and all commands are executed in this global account, unless you provide a subaccount or directory ID with the command. To change this default context for subsequent commands, you can target a subaccount or directory of this global account by using
btp target. See Set a Target for Subsequent Commands with btp target.
Related Information