SAP Knowledge Base Article - Public

2674588 - SSO - Manage SAML SSO Settings - BizX Platform

Symptom

 Unsure of the functionality contained within Manage SAML SSO Settings

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."

Environment

SAP SuccessFactors HCM Suite

Resolution

Manage SAML SSO Settings

  • Required permissions
  1. Go to "Admin Tools" > "Manage Permission Roles" and select the role to which you want to grant permission
  2. Go to "Administrator Permissions" > "Manage Security"
  3. Select the "Manage SAML SSO Settings" permission
  4. Save your changes

Manage SAML SSO Settings.png

  • This area does not add Asserting Parties to the SSO setup in Provisioning
  • In ‘Manage SAML SSO Settings’, we are adding Corporate IDP Setups to the IAS Tenant like covered in KBA 2674264 referenced below
  • This configuration of the Corporate IDP can also be done from your IAS Tenant
  • If your SSO setup does not incorporate the use of an IAS Tenant, you do not need to use this feature
  • It is expected behaviour that the functionality in this area is greyed out initially
  • Support can assist you in enabling the functionality if you wish

Manage SAML SSO Settings2.png

Manage SAML SSO Settings3.png

  • Support Engineer / Partner enables 'SAP IAS Integration' in the SSO settings in Provisioning
  • As seen in the screenshot, if there is a Corporate IDP already setup in IAS, then it will now populate in the area
  • Additionally, all the functionality is no longer “greyed out”
  • However, while the functionality is now “clickable”, there is still a permissions issue throwing an error (see screenshot below) when ‘Adding an Asserting Party’ or enabling the other features which we need to resolve

Manage SAML SSO Settings4.png

  • To do this, we need to import a certificate into a System Admin User in the IAS Tenant
  • The cert can be applied to any System User, it does not have to be named SAP HANA Cloud Platform like in the screenshot below
  • SAP HANA Cloud Platform is just an example System User I have in my Demo IAS Tenant
  • Creating a new System User in your IAS Tenant and applying the certificate to that also works
  • The certificate that’s imported is based on whether the IAS Tenant was created in the Prod or QA Landscape
  • Customers tenants are always created in Prod landscape. Therefore, it's the Prod certificate we should give to customers for this request
  • The QA certificate would only be used Internally. For instance, my Demo IAS Tenant was created in QA landscape so it was the QA cert I required
  • These Certificates must be retrieved by Support - They have access to Confluence (For SAP Support please see Internal Memo with link to Confluence)

Upload Certificate to IAS Tenant System User

Manage SAML SSO Settings5.png

  • Navigate to Users & Authorizations > Administrators > SAP HANA Cloud Platform > Certificate
  • Once the certificate has been uploaded, all functionality within ‘Manage SAML SSO Settings’ is fully operational
  • You can find the certificate in the attachment section.

Keywords

Manage SAML SSO, IAS Tenant, Corporate IDP configuration , KBA , LOD-SF-PLT , Platform Foundational Capabilities , LOD-SF-PLT-SAM , SAML SSO First Time Setup , LOD-SF-PLT-SEL , SSO Errors & Logs , How To

Product

SAP SuccessFactors HXM Suite all versions

Attachments

certificate.cer