Global Access gives your customers a consistent user experience, regardless of their physical location, every time they interact with your brand. With Global Access, when a customer travels to different parts of the world and logs in to your localized sites, they log into their existing account and continue their relationship with your brand. User data is stored at the data center they used to create their account, so that data residency regulations are upheld without compromising experience.
Global Access is based on storing user data for a site or site group in different data centers, i.e., a single user database with users from multiple regions.
Global Site Groups
Where previously site groups could exist on one data center, global site groups transcend that limitation and can contain sites from any of the SAP Customer Data Cloud data centers. Global site groups are site groups that can belong to more than one data center, allowing users to log in to all the sites in the group from different locations. In addition, you can provide global users with a single sign-on experience.
Before implementing Global Site Groups, we recommend that you familiarize yourself with site groups and how they work.
For more information about site groups, see Site Groups and Single Sign-On.
Before creating your global site, you should know which data centers you wish to include there, and which datacenter to select as primary. If the site will be part of a site group, all sites in the group must share the same data centers and the same primary data center (identical data center configuration).
For performance optimization, the primary datacenter should be the one that holds the majority of the user database (and therefore handles the majority of your SAP Customer Data Cloud traffic for this global site or site group).
To create a global site:
- In the Sites section of the Console, select Create Site.
- In the Add Site window, specify the following:
- Enter the Site Domain.
- Under Data Residency, select Global Data Center.
- Select the data centers to be included in the site:
- Select the primary location.
- Click OK.
- When creating a site group, repeat the process to create additional sites. All sites in the group must share the same data centers and the same primary data center. When finished, move on to the next section.
- Global API keys are relatively short and start with 4_.
- When a global site configurations are saved, SAP Customer Data Cloud creates a replica of the site configurations in all the site data centers: site settings, schema, policies, permission groups, user keys, screen-sets. However, the user database is never replicated between data centers.
Global Site Group
To create a global site groups, after the sites have been created on SAP Customer Data Cloud, aggregate them into a group as follows:
- Open the Site Groups manager from the Admin menu of the Console.
- Click Create Site Group.
- Select the Parent site for this group.
- To enable single sign-on between the group sites, select SSO enabled.
- Click Add Sites, select all the sites to include in this group, and select Add.
- Click Create.
Global Registration Flow
Setting the Residency
With Global Access, when a user registers, their data residency is also set. The default is the data center from which they performed their registration; however best practice is to call the setAccountResidency API prior to the registration to manually set the data center. For example, you can display to users a choice of their residency / nationality, then call the setAccountResidency API to pass their selected residency. This will also route the request to the specified data center. The dataCenter is then passed on to the registration flow (via the registration screen-sets, or accounts.initRegistration or socialize.login APIs).
The user account includes a dataCenter field that reflects the data center on which their data is stored.
Local Consent Collection
Different countries and regions mandate different data compliance regulations. If you are using Customer Consent, you can configure different terms and conditions for each site, and add them to the relevant registration flows.
Making API Calls
When using Global Access, only the following validation types may be used with SAP Customer Data Cloud APIs:
- Validate A JWT from SAP Customer Data Cloud - validate the Web SDK response using an id_token. UIDSignature is not supported.
- Signing Requests to SAP Customer Data Cloud - sign requests using a bearer token. Signing with a user or application key is not supported.
In addition to a screen-set based implementation, Global Access supports a REST API implementation. Set the registering user's residency using the dataCenter parameter of the relevant API, such as accounts.initRegistration.
Global Access Site Management
In sites that use Global Access, some features of site management in the SAP Customer Data Cloud Console are affected.
Features that are not yet supported for use with Global Access sites, will not appear in the Console menu.
When Global Access is enabled for your partner, Identity Access includes a new "Data Center" column that displays the relevant flag. In addition, the user record shows the Data Center:
Audited records are stored on the resident data center for the relevant account.
Currently, some SAP Customer Data Cloud features are not supported with Global Access:
- Link accounts flow
- Phone Number Login
- Lite Accounts
- Federation (SAML, OIDC)
- Limited social provider support: Facebook, Google, Twitter and WeChat are supported.
- CIAM for B2B