This article is intended to help customers using external identity provider  to configure SAML SSO for SAP Analytics Cloud.

By default, SAP Cloud Platform Identity Authentication is used by SAP Analytics Cloud. however, if required SAP Analytics Cloud can also be configured with  single sign-on (SSO) using your identity provider (IdP).

Pre-Requisite to Configure SSO with External Identity Provider in SAC.

  •  System Owner role in SAP Analytics Cloud
  • External  IDP must supports SAML 2.0 protocol

Steps :-

 

  1. Login to SAC as system owner user
  2. From the side navigation, go to  System > Administration > Security.
  3. Select Edit and In the Authentication Method area, select SAML Single Sign-On (SSO) as By default, SAP Cloud Identity is used for authentication.
  4. In Service provider metadata section, download the metadata.
  5. Share this Cloud metadata file to your SAML IdP team and request to create a trust relationship between your SAML Identity Provider and your SAP Analytics Cloud system with help of this metadata
  6. Since you are using external IDP, you must configure your SAML IdP to map user attributes to the case-sensitive assertion attributes.    Example :- NameID=email
  7. Once the trust is etup by your IDP team, they will share the metadata from IDP side
  8. In the section upload identity provider metadata section, click on upload and upload this metadata file
  9. As a next step choose user attribute to map your IDP , The attribute will be used to map users from your existing SAML user list to SAP Analytics Cloud. The user attribute you select must match the NameID used in your custom SAML assertion:

<NameID Format=”urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified”><Your Unique                 Identifier></NameID>

10. In the next step on the same page, Verify your account with the identity provider

You need to provide the login user ID as per the Attribute you map in your IDP

Once you click on verify account, you will get a URL to verify the same. Open the new browser window and ensure cleanup all the cache. In this new browser window paste the URL and verify the account.

Once the account is verified successfully, will see the “Verify your account with Identity provider” Step will get green.

Once the account is verified Save the settings. You should now be able to do a SSO to SAC based on your IDP credentials.

Hope this article will help you setting up the SSO for SAP Analytics Cloud using External an Identity Provider

Kindly share feedback, thoughts in a comment sections or ask question if you have any.

Sara Sampaio

Sara Sampaio

Author Since: March 10, 2022

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x