diff --git a/roles/sap_swpm/tasks/post_install.yml b/roles/sap_swpm/tasks/post_install.yml
index 65fba3cf0..964d8e8b6 100644
--- a/roles/sap_swpm/tasks/post_install.yml
+++ b/roles/sap_swpm/tasks/post_install.yml
@@ -57,3 +57,13 @@
     - __sap_swpm_post_install_register_hdbuserstore_exists.stat.exists
   register: __sap_swpm_post_install_register_hdbuserstore_connection
   changed_when: __sap_swpm_post_install_register_hdbuserstore_connection is succeeded
+
+# Now that SWPM finished we may need to deal with SUM before continuing when sap_swpm_sum_start: 'true'
+# and if we are doing OneHost or CI/PAS installation
+# If observer mode is enabled, SWPM will wait for SUM to finish before continuing so we can't do anything here
+- name: SAP SWPM Post Install - Control SUM if required
+  ansible.builtin.include_tasks: post_install/sum_push_to_finish.yml
+  when:
+    - sap_swpm_sum_start == 'true'
+    - not sap_swpm_swpm_observer_mode
+    - "'NW_ABAP_CI:' in sap_swpm_product_catalog_id or 'NW_ABAP_OneHost:' in sap_swpm_product_catalog_id"
diff --git a/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml b/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml
new file mode 100644
index 000000000..10114e877
--- /dev/null
+++ b/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml
@@ -0,0 +1,181 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# Will keep pushing SUM through the two key manual steps until it finishes
+# This allows to fully automate the SWPM+SUM installation process
+# Based on research by @sean-freeman
+
+# Check if the SUMup process is running, give it 5 minutes to start
+- name: Check if SAPup_real process is running (wait for 5 minutes until it starts)
+  ansible.builtin.command: pgrep -c -u "{{ sap_swpm_sid | lower }}adm" -f SAPup_real
+  register: _sapup_process
+  retries: 5
+  delay: 60
+  until: _sapup_process.rc == 0 and _sapup_process.stdout|int > 0
+  failed_when: _sapup_process.rc != 0
+  changed_when: false
+
+# Check the SUM status via SUMOBSEVER.XML, wait for 60 minutes until we are in BIND_PATCH phase
+- name: Checking the status of SUM (BIND_PATCH)
+  ansible.builtin.uri:
+    url: "https://localhost:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/analysis/SUMOBSERVER.XML"
+    method: GET
+    validate_certs: false
+    return_content: true
+    status_code: 200
+    user: "{{ sap_swpm_sid | lower }}adm"
+    password: "{{ sap_swpm_sap_sidadm_password }}"
+  register: _sap_swpm_sum_push
+  until: _sap_swpm_sum_push.status == 200 and '<dialogId>SUM4ABAP|CONFIGURE|PREP_EXTENSION|BIND_PATCH|PatchSelection</dialogId>' in  _sap_swpm_sum_push.content
+  retries: 60
+  delay: 60
+  failed_when: _sap_swpm_sum_push.status != 200 or '<dialogId>SUM4ABAP|CONFIGURE|PREP_EXTENSION|BIND_PATCH|PatchSelection</dialogId>' not in _sap_swpm_sum_push.content
+
+# Get the config XML from SUM, repeat 3 times in case SUM is still busy and doesn't respond promptly
+- name: Get the config XML from SUM (BIND_PATCH)
+  ansible.builtin.uri:
+    url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config"
+    method: GET
+    validate_certs: false
+    return_content: true
+    status_code: 200
+    user: "{{ sap_swpm_sid | lower }}adm"
+    password: "{{ sap_swpm_sap_sidadm_password }}"
+    # headers:
+    #   Cookie: "{{ _sap_swpm_sum_push.cookies_string }}"
+  register: _sap_swpm_sum_push_config
+  until: _sap_swpm_sum_push_config.status == 200
+  retries: 3
+  delay: 60
+  failed_when: _sap_swpm_sum_push_config.status != 200
+
+# Get the CSRF token from SUM by calling config
+- name: Get the CSRF token from SUM (BIND_PATCH)
+  ansible.builtin.uri:
+    url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config"
+    method: GET
+    validate_certs: false
+    return_content: false
+    status_code: 200
+    user: "{{ sap_swpm_sid | lower }}adm"
+    password: "{{ sap_swpm_sap_sidadm_password }}"
+    headers:
+      Cookie: "{{ _sap_swpm_sum_push_config.cookies_string }}"
+      X-CSRF-Token: Fetch
+      # X-Requested-With: XMLHttpRequest
+  register: _sap_swpm_sum_push
+  failed_when: _sap_swpm_sum_push.status != 200
+
+# Post the config XML back to SUM unchanged as we want to keep the default patch levels as per the XML file. This will move SUM to the next step.
+- name: Move SUM to the next step (SPAUINFO)
+  ansible.builtin.uri:
+    url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config"
+    method: POST
+    validate_certs: false
+    return_content: true
+    status_code: 200
+    user: "{{ sap_swpm_sid | lower }}adm"
+    password: "{{ sap_swpm_sap_sidadm_password }}"
+    headers:
+      Cookie: "{{ _sap_swpm_sum_push_config.cookies_string }}"
+      X-CSRF-Token: "{{ _sap_swpm_sum_push.x_csrf_token }}"
+    body_format: raw
+    body: "{{ _sap_swpm_sum_push_config.content }}"
+  register: _sap_swpm_sum_push
+  until: _sap_swpm_sum_push.status == 200
+  failed_when: _sap_swpm_sum_push.status != 200
+
+# At this point SUM should be running. This will take anything between 6-12 hours to complete.
+# Patiently check every 10 minutes to see if SUM has completed all the steps and is now in the SPAUINFO step.
+# Check the SUM status via SUMOBSEVER.XML
+- name: Checking the status of SUM (SPAUINFO)
+  ansible.builtin.uri:
+    url: "https://localhost:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/analysis/SUMOBSERVER.XML"
+    method: GET
+    validate_certs: false
+    return_content: true
+    status_code: 200
+    user: "{{ sap_swpm_sid | lower }}adm"
+    password: "{{ sap_swpm_sap_sidadm_password }}"
+  register: _sap_swpm_sum_push
+  until: _sap_swpm_sum_push.status == 200 and ('<dialogId>SUM4ABAP|POST-EXECUTE|MAIN_POSTPROC|SPAUINFO|FinishSPAU</dialogId>' in _sap_swpm_sum_push.content or '<dialogId>SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard</dialogId>' in _sap_swpm_sum_push.content)
+  retries: 72 # 12 hours
+  delay: 600  # 10 minutes
+  failed_when: _sap_swpm_sum_push.status != 200 or
+        ('<dialogId>SUM4ABAP|POST-EXECUTE|MAIN_POSTPROC|SPAUINFO|FinishSPAU</dialogId>' not in _sap_swpm_sum_push.content and
+        '<dialogId>SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard</dialogId>' not in _sap_swpm_sum_push.content)
+
+# If SUM is already in MAIN_POSTCLEAN|EXIT phase it has skipped SPAUINFO and has finished
+# No need to do anything else
+- name: Check if SUM has skipped SPAUINFO and has finished
+  when: "'<dialogId>SUM4ABAP|POST-EXECUTE|MAIN_POSTPROC|SPAUINFO|FinishSPAU</dialogId>' not in _sap_swpm_sum_push.content"
+  block:
+    # Get the config XML from SUM, repeat 3 times in case SUM is still busy and doesn't respond promptly
+    # Need to get config XML even through we are not going to use it. This is to get the diagtime cookie.
+    - name: Get the config XML from SUM (SPAUINFO)
+      ansible.builtin.uri:
+        url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config"
+        method: GET
+        validate_certs: false
+        return_content: true
+        status_code: 200
+        user: "{{ sap_swpm_sid | lower }}adm"
+        password: "{{ sap_swpm_sap_sidadm_password }}"
+        # headers:
+        #   Cookie: "{{ _sap_swpm_sum_push.cookies_string }}"
+      register: _sap_swpm_sum_push_config
+      until: _sap_swpm_sum_push_config.status == 200
+      retries: 3
+      delay: 60
+      failed_when: _sap_swpm_sum_push_config.status != 200
+
+    # Get the CSRF token from SUM by calling config
+    - name: Get the CSRF token from SUM (SPAUINFO)
+      ansible.builtin.uri:
+        url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config"
+        method: GET
+        validate_certs: false
+        return_content: false
+        status_code: 200
+        user: "{{ sap_swpm_sid | lower }}adm"
+        password: "{{ sap_swpm_sap_sidadm_password }}"
+        headers:
+          Cookie: "{{ _sap_swpm_sum_push_config.cookies_string }}"
+          X-CSRF-Token: Fetch
+          # X-Requested-With: XMLHttpRequest
+      register: _sap_swpm_sum_push
+      failed_when: _sap_swpm_sum_push.status != 200
+
+    # Post confirmation to SUM that no SPAU is required. This will move SUM to the next step.
+    - name: Move SUM to the next step (Past SPAUINFO)
+      ansible.builtin.uri:
+        url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config"
+        method: POST
+        validate_certs: false
+        return_content: true
+        status_code: 200
+        user: "{{ sap_swpm_sid | lower }}adm"
+        password: "{{ sap_swpm_sap_sidadm_password }}"
+        headers:
+          Cookie: "{{ _sap_swpm_sum_push_config.cookies_string }}"
+          X-CSRF-Token: "{{ _sap_swpm_sum_push.x_csrf_token }}"
+        body_format: raw
+        body: '<config xmlns="http://www.sap.com/lmsl/slp"><Parameter><id>DialogueValue</id><type>slp.parameter.type.SCALAR</type><required>1</required><secure>0</secure><value>yes</value><structure></structure><tuplevalue></tuplevalue><tablevalue></tablevalue><validationResult/></Parameter></config>'
+      register: _sap_swpm_sum_push
+      failed_when: _sap_swpm_sum_push.status != 200
+
+    # Finally wait for SUM to finish the final steps. This shouldn't take more than 1 hour.
+    # Check the SUM status via SUMOBSEVER.XML, wait for 60 minutes until the status is 'MAIN_POSTCLEAN|EXIT'
+    - name: Checking the status of SUM and making sure it has finished (MAIN_POSTCLEAN|EXIT)
+      ansible.builtin.uri:
+        url: "https://localhost:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/analysis/SUMOBSERVER.XML"
+        method: GET
+        validate_certs: false
+        return_content: true
+        status_code: 200
+        user: "{{ sap_swpm_sid | lower }}adm"
+        password: "{{ sap_swpm_sap_sidadm_password }}"
+      register: _sap_swpm_sum_push
+      until: _sap_swpm_sum_push.status == 200 and '<dialogId>SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard</dialogId>' in  _sap_swpm_sum_push.content
+      retries: 60
+      delay: 60
+      failed_when: _sap_swpm_sum_push.status != 200 or '<dialogId>SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard</dialogId>' not in _sap_swpm_sum_push.content