This article is intended to help customers using external identity provider to configure SAML SSO for SAP Analytics Cloud.
By default, SAP Cloud Platform Identity Authentication is used by SAP Analytics Cloud. however, if required SAP Analytics Cloud can also be configured with single sign-on (SSO) using your identity provider (IdP).
Pre-Requisite to Configure SSO with External Identity Provider in SAC.
- System Owner role in SAP Analytics Cloud
- External IDP must supports SAML 2.0 protocol
Steps :-
- Login to SAC as system owner user
- In Service provider metadata section, download the metadata.
- Share this Cloud metadata file to your SAML IdP team and request to create a trust relationship between your SAML Identity Provider and your SAP Analytics Cloud system with help of this metadata
- Since you are using external IDP, you must configure your SAML IdP to map user attributes to the case-sensitive assertion attributes. Example :- NameID=email
- Once the trust is etup by your IDP team, they will share the metadata from IDP side
- In the section upload identity provider metadata section, click on upload and upload this metadata file
- As a next step choose user attribute to map your IDP , The attribute will be used to map users from your existing SAML user list to SAP Analytics Cloud. The user attribute you select must match the NameID used in your custom SAML assertion:
<NameID Format=”urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified”><Your Unique Identifier></NameID>
10. In the next step on the same page, Verify your account with the identity provider
You need to provide the login user ID as per the Attribute you map in your IDP
Once you click on verify account, you will get a URL to verify the same. Open the new browser window and ensure cleanup all the cache. In this new browser window paste the URL and verify the account.
Once the account is verified successfully, will see the “Verify your account with Identity provider” Step will get green.
Once the account is verified Save the settings. You should now be able to do a SSO to SAC based on your IDP credentials.
Hope this article will help you setting up the SSO for SAP Analytics Cloud using External an Identity Provider
Kindly share feedback, thoughts in a comment sections or ask question if you have any.