2538469 - SSO configuration for Hybris and SAP Analytics Cloud integration

SAP Knowledge Base Article - Public

2538469 - SSO configuration for Hybris and SAP Analytics Cloud integration

Symptom

You want to enable Single Sign On (SSO) between Hybris Marketing Cloud Edition (S/4HANA Cloud Edition) and SAP Analytics Cloud

Environment

  • SAP Analytics Cloud 2017
  • Hybris Marketing - S/4HANA Cloud Edition

Resolution

There are currently two options available to enable SSO between Hybris and SAP Analytics Cloud.

SAML SSO

For a complete step-by-step guide, visit the complete guide on Hybris integration with SAP Analytics Cloud.

Requisites:

  • Both systems: Hybris and SAP Analytics Cloud (SAC) must use the SAP Cloud Identity Provider used by Hybris Marketing Cloud Edition.
  • During the SAML SSO configuration in SAP Analytics Cloud (SAC) you must check the box "Identity Provider will also be used for Live Data connections with SAML Single Sign On to S/4HANA Cloud Edition".

Check_for_SAML_SSO.png

  • I you already configured SAML SSO in SAC without checking this box you need to roll-back to SAP Cloud Identity (default), and save the configuration.

Rollback_SAP_CloudId.png

After saving the configuration and logging out of the application, you can login using your old username and password, stored in SAP Cloud Identity (default), and configure the SAML Single Sign-On (SSO) using Hybris or S/4HANA SAC Cloud IdP.

For more information on configuring the Hybris (S/4HANA) Cloud Identity Provider (IdP), see the KBA 2518900

Note: If you try to open SAP Analytics Cloud dashboard from your Hybris application, it will show the login window despite both applications using the same SAML IdP. This is exaplained in KBA 2538239

OAuth SSO

Requisites:

Hybris and SAP Analytics Cloud don't need to have the same SAML Identity Provider and they can use your corporate Identity Provider: Azure AD, Okta, etc.

Hybris and SAP Analytics Cloud use a SAML IdP different from the SAP Cloud Identity Provider delivered with Hybris: Azure AD, Okta, AD FS, etc.

When you configure your coroporate SAML IdP, you must not check the box: "Identity Provider will also be used for Live Data connections with SAML Single Sign On to S/4HANA Cloud Edition"

Unchecked_for_Oauth.png

If you already configured your SAML IdP checking this box, you need to roll-back to SAP Cloud Identity (default)

You can follow the guide Live Data Connection to SAP S/4HANA Cloud Edition via OAuth to complete all the steps required to enable this type of authentication with Hybris or S/4HANA Cloud Edition.

See Also

Your feedback is important to help us improve our knowledge base.
Please rate how useful you found this article by using the star rating feature at the beginning of this article.
Thank you.

Keywords

Hybris, Marketing, S/4HANA, S4HANA, Cloud for Analytics, C4P, Cloud4Analytics, CloudforAnalytics, Cloud 4 Planning, HCP, C4A, BOC, SAPBusinessObjectsCloud, BusinessObjectsCloud, BOBJ, BOBJcloud, BOCloud., BICloud, BO Cloud, connecting, conecting, SBOC, SAC, SAP BusinessObjects Cloud, Business Objects, SAC, SAP AC, Cloud-Analytics, CloudAnalytics, SAPCloudAnalytics , KBA , LOD-ANA , SAP Analytics Cloud , LOD-ANA-BI , SAP Analytics Cloud - Business Intelligence (BOC) , Problem

Product

SAP Analytics Cloud 1.0