Contact Us
Contact Us
Linkedin X-twitter Facebook Youtube Icon-contact

Blogs

Configuring SAP Analytics Cloud SAML with Different Identity Provider (IdP)

Purpose of the article: This article is to explain about SAML functionality by configuration of SAC SAML with Different Identity Provider.

Intended Audience: SAP Administrators, SAP Developers.

Tools and Technology: SAP Analytics Cloud, Azure cloud, Microsoft Adfs.

Keywords: Identity provider, SAML, SSO, Metadata, Integration, configuration, Analytics Cloud.

Introduction

Identity provider (IdP) saves and authenticates Identity that Users need logging into, and more depending on configuring our systems, applications, file server. In general, most IdPs are implementations of Microsoft Active Directory (AD).

The key identities are stored in the IdP for each infrastructure. Indeed, the ID provider is the user records database. Those user records contain credentials used when users have access to various resources. So, in this article, I am going to discuss how to configure SAP analytics cloud SAML with different Identity Provider services.

SAML
SAML is an open standard data format for authentication and authorization data sharing between individuals.
The following picture shows the three participants and a very easy exchange if we are to set up SSO for our SAML IDP.

The following are the criteria to set Single Sign-on for SAC systems.

  • A SAML Identity Provider (Different IdP’s)
  • Server Provider (In this case will be SAC)
  • System owner account

In this article, I would like to show how to configure a single sign-on through SAML with different IdP Vendors. Here is the list of providers for single sign-on services.

  • Okta
  • Microsoft (ADFS)
  • Microsoft Azure (Cloud)

Configuring SAC cloud SAML with Okta SSO as an Identity provider:

It provides cloud software for businesses to manage and secure user authentication in modern applications, as well as for developers in apps, Websites, and devices to create identity controls. So, okta SSO also supports to SAP Analytics cloud. It is a single-step process to establish the connection if we want to authentication for the sap analytics cloud.

a) Configuration of SSO from IDP to SAC

First, we need to login into the SAC application as an administrator and navigate to System -> Administration -> Security and enable the SSO option. Here we can download the SAP Analytics cloud Metadata that will be uploaded to Okta Identity Service Provider further. Create a (.der) format and create a certificate, include certificate code in Metadata which is generated. For reference, please find the below image.

Add a new application in our okta system and enter the okta application as requested. Make sure we must fill in the values based on the SAC application’s metadata which is downloaded previously and upload the certificate as well in the given area.

Map the application for e-mail, user authentication or customized SAML user mapping. This part will be done by our okta administrator. We will now download Metadata from okta. Also, the attribute needs to be mapped. Check for the consumer we want to connect to our new okta IdP.

b) Configuring ADFS with SAP Analytics Cloud

Active Directory Federation Services (ADFS) supports Web Single Sign-on (WSO) technologies for authenticating a user in several Web-based applications, and ADFS integrates Active Directory Domain Services, using ADFS as an identity provider, with Windows Server 2003 R2 operating systems.
Download SAP Analytics Cloud Service Provider Metadata Go to Menu-> Program-> Management-> Protection and Import ADFS metadata file from the Service Provider, Add the SAP Cloud Claim Rule

Select Sending LDAP as Claims and imported from ADFS, this file can be uploaded to SAC Analytics cloud. Sign into the URL of the verified account in another tab. This will switch to Idp authentication, enter the details of our domain users to be assigned to a SAC user account. If we have the right setup and accurate routing, if we can log in successfully, we will be checked successfully.

c) SAML integration between Microsoft Azure Portal and SAP Analytics Cloud

We are going to see how you integrate Microsoft Azure Active Directory with SAP Analytics Cloud (formerly known as SAP Business Objects Cloud). When we integrate SAP Analytics Cloud with Azure AD, we have the following benefits:

  • Utilizing a single sign-on and an Azure AD user account, users can automatically sign into our SAP Analytics Cloud.

Login the Azure portal and create a new application. In the gallery with the name SAP Analytics Cloud is available. It will be listed/made available in All Applications after adding the SAP Analytics Cloud. Now we need to add users to that application. Enter the information in SAP Analytics Cloud Domain and URLs in a SAML-base Sign-on. Click “Metadata.xml” and add our directory to our local one. This is later used for uploading into SAC. Once done with uploading the metadata file into Sap analytics cloud, we must validate the configuration before we can save the settings. The URL will be copied and opened incognito on your browser or a new browser window will be opened. For verifying the ID provider of your account, enter your e-mail address. If all the configurations are correct and verification is successful, the user will be logged in to SAP Analytics Cloud using SAML.

Reference/Source of the information referred:

https://apps.support.sap.com/sap/support/knowledge/en/2411608

Which MOURI Tech service, this article relates to: https://www.mouritech.com/services/enterprise-performance-management

Chandrasekhar Gorapalli
Analytics (EPM)
MOURI Tech

Leave A Comment

Related Post

Purpose to Contact :
Purpose to Contact :
Purpose to Contact :

Purpose to Contact :
Purpose to Contact :
Purpose to Contact :

Purpose to Contact :