SAP Knowledge Base Article - Public

2674588 - SSO - Manage SAML SSO Settings


 Unsure of the functionality contained within Manage SAML SSO Settings

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."


SAP SuccessFactors HXM Suite


Manage SAML SSO Settings

  • Required permissions
  1. Go to "Admin Tools" > "Manage Permission Roles" and select the role to which you want to grant permission
  2. Go to "Administrator Permissions" > "Manage Security"
  3. Select the "Manage SAML SSO Settings" permission
  4. Save your changes

Manage SAML SSO Settings.png

  • This area does not add Asserting Parties to the SSO setup in Provisioning
  • In ‘Manage SAML SSO Settings’, we are adding Corporate IDP Setups to the IAS Tenant like covered in KBA 2674264 referenced below
  • This configuration of the Corporate IDP can also be done from your IAS Tenant
  • If your SSO setup does not incorporate the use of an IAS Tenant, you do not need to use this feature
  • It is expected behaviour that the functionality in this area is greyed out initially
  • Support can assist you in enabling the functionality if you wish

Manage SAML SSO Settings2.png

Manage SAML SSO Settings3.png

  • Support Engineer / Partner enables 'SAP IAS Integration' in the SSO settings in Provisioning
  • As seen in the screenshot, if there is a Corporate IDP already setup in IAS, then it will now populate in the area
  • Additionally, all the functionality is no longer “greyed out”
  • However, while the functionality is now “clickable”, there is still a permissions issue throwing an error (see screenshot below) when ‘Adding an Asserting Party’ or enabling the other features which we need to resolve

Manage SAML SSO Settings4.png

  • To do this, we need to import a certificate into a System Admin User in the IAS Tenant
  • The cert can be applied to any System User, it does not have to be named SAP HANA Cloud Platform like in the screenshot below
  • SAP HANA Cloud Platform is just an example System User I have in my Demo IAS Tenant
  • Creating a new System User in your IAS Tenant and applying the certificate to that also works
  • The certificate that’s imported is based on whether the IAS Tenant was created in the Prod or QA Landscape
  • Customers tenants are always created in Prod landscape. Therefore, it's the Prod certificate we should give to customers for this request
  • The QA certificate would only be used Internally. For instance, my Demo IAS Tenant was created in QA landscape so it was the QA cert I required
  • These Certificates must be retrieved by Support - They have access to Confluence (For SAP Support please see Internal Memo with link to Confluence)

Upload Certificate to IAS Tenant System User

Manage SAML SSO Settings5.png

  • Navigate to Users & Authorizations > Administrators > SAP HANA Cloud Platform > Certificate
  • Once the certificate has been uploaded, all functionality within ‘Manage SAML SSO Settings’ is fully operational
  • You can find the certificate in the attachment section.


Manage, SAML, SSO, IAS, Tenant, Corporate, IDP, configuration , KBA , LOD-SF-PLT , Platform Foundational Capabilities , LOD-SF-PLT-SAM , SAML SSO First Time Setup , LOD-SF-PLT-SEL , SSO Errors & Logs , How To


SAP SuccessFactors HXM Suite all versions