Production-ready SAP BTP best practices for enterprise architecture, account management, security, and operations. Use when planning BTP implementations, setting up account hierarchies, configuring environments, implementing authentication, designing CI/CD pipelines, establishing governance, building Platform Engineering teams, implementing failover strategies, or managing application lifecycle on SAP BTP. Keywords: SAP BTP, account hierarchy, global account, directory, subaccount, Cloud Foundry, Kyma, ABAP, SAP Identity Authentication, CI/CD, governance, Platform Engineering, failover, multi-region, SAP BTP best practices
Provides production-ready SAP BTP best practices for enterprise architecture, security, and operations.
/plugin marketplace add secondsky/sap-skills/plugin install sap-btp-best-practices@sap-skillsThis skill inherits all available tools. When active, it can use any tool Claude has access to.
README.mdreferences/account-models.mdreferences/ai-development-best-practices.mdreferences/deployment-and-delivery.mdreferences/failover-and-resilience.mdreferences/governance-and-teams.mdreferences/operations-and-monitoring.mdreferences/security-and-authentication.mdreferences/templates-and-examples.mdProduction-ready SAP BTP implementation guidance based on official SAP documentation.
Quick Links:
Global Account (SAP contract)
├── Directory (optional, up to 7 levels)
│ └── Subaccount (region-specific, apps run here)
│ ├── Cloud Foundry Org → Spaces
│ └── Kyma Cluster → Namespaces
└── Subaccount
Key Points:
| Environment | Use Case | Key Features |
|---|---|---|
| Cloud Foundry | Polyglot apps | Multiple buildpacks, spaces |
| Kyma | Cloud-native K8s | Open-source, namespaces |
| ABAP | ABAP extensions | RAP, cloud-ready ABAP |
| Neo | Legacy | Migrate away - HTML5, Java, HANA XS |
Best Practice: Start with consumption-based, move to subscription for stable workloads.
Global Account
├── Dev Subaccount
├── Test Subaccount
└── Prod Subaccount
Best for: Initial implementations, single team, <3 projects
Global Account
├── Directory: HR
│ ├── hr-dev / hr-test / hr-prod
├── Directory: Sales
│ ├── sales-dev / sales-test / sales-prod
└── Directory: Central IT
├── api-management
└── shared-services
Best for: Multiple teams, cost allocation, complex governance
| Entity | Convention | Example |
|---|---|---|
| Subaccount | Natural language | "HR Development" |
| Subdomain | Lowercase, hyphens | hr-dev-acme |
| CF Org | Company prefix | acme-hr-dev |
| CF Space | Consistent across stages | hr-recruiting |
Tip: Derive CF org/Kyma names from subaccount names for consistency.
Always use SAP Cloud Identity Services - Identity Authentication
Corporate IdP → Identity Authentication (proxy) → SAP BTP
Critical Steps:
| Method | Best For | Notes |
|---|---|---|
| Provisioning | Production, many users | Centralized roles, automated offboarding |
| Federation | Simple scenarios | Real-time sync, but doesn't scale well |
| Manual | Testing only | Quick setup, not production-ready |
Recommended:
PrincipalPropagation - SAP on-premise systemsOAuth2SAMLBearerAssertion - Third-party systemsOAuth2JWTBearer - User token exchangeAvoid in Production:
BasicAuthenticationOAuth2PasswordSee: references/security-and-authentication.md for complete guidance
Note: Each subaccount needs separate Cloud Connector config.
Platform Engineering Team (Center of Excellence):
Cloud Development Teams:
SAP CAP (Cloud Application Programming Model):
ABAP Cloud:
SAP BTP provides AI capabilities through SAP AI Core for:
Key Resources:
Best Practices:
Use Cases: 20+ samples including chatbots, PDF extraction, procurement.
See: references/ai-development-best-practices.md for patterns and examples
Cloud Foundry/Neo:
Kyma:
SAP Continuous Integration and Delivery:
Project "Piper":
Best Practice: Combine CI/CD with SAP Cloud Transport Management for governance + agility.
See: references/deployment-and-delivery.md for detailed configs
Custom Domain URL
│
Load Balancer
├── Region 1 (active)
└── Region 2 (passive/active)
Four Core Principles:
Legal: Check cross-region data processing restrictions.
See: references/failover-and-resilience.md for implementation details
SAP Cloud ALM (Enterprise Support):
SAP Cloud Logging:
SAP Alert Notification:
This skill provides comprehensive reference documentation:
references/account-models.md (11K lines)
references/governance-and-teams.md (13K lines)
references/security-and-authentication.md (13K lines)
references/deployment-and-delivery.md (10K lines)
references/operations-and-monitoring.md (11K lines)
references/failover-and-resilience.md (12K lines)
references/templates-and-examples.md (18K lines)
references/ai-development-best-practices.md (6K lines)
| Tool | Use Case |
|---|---|
| SAP BTP Cockpit | GUI for all admin tasks |
| btp CLI | Terminal/automation scripting |
| REST APIs | Programmatic administration |
| Terraform Provider | Infrastructure as Code |
| SAP Automation Pilot | Low-code/no-code automation |
SAP Manages:
kyma-system namespaceYou Manage:
Last Updated: 2025-11-27 Review Progress: See SAP_SKILLS_REVIEW_PROGRESS.md Next Review: 2026-02-27 (quarterly)
This skill should be used when the user asks about libraries, frameworks, API references, or needs code examples. Activates for setup questions, code generation involving libraries, or mentions of specific frameworks like React, Vue, Next.js, Prisma, Supabase, etc.
Applies Anthropic's official brand colors and typography to any sort of artifact that may benefit from having Anthropic's look-and-feel. Use it when brand colors or style guidelines, visual formatting, or company design standards apply.
Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.