2571892 - How to configure SAP Analytics Cloud SAML SSO using Azure Active Directory Services

SAP Knowledge Base Article - Public

2571892 - How to configure SAP Analytics Cloud SAML SSO using Azure Active Directory Services

Symptom

You want to use your Azure Active Directory to autheticate users in SAP Analytics Cloud

Environment

  • SAP Analytics Cloud 2017
  • Azure Active Directory

Resolution

Warning: It is strongly recommended to discuss these steps with your AD administrators.

Refer to the article by Microsoft: Tutorial: Azure Active Directory integration with SAP Business Object Cloud

1. Download XML Service Provider Metadata:

You need to download the Service Provider metadata for your tenant.

  1. Log on to your SAP Analytics Cloud tenant using System Owner account
  2. Go to the menu System > Administration > Security
  3. Click on the pencil icon to edit
  4. Select SAML Single Sign-On (SSO)
  5. Click on Download button that appears in menu
  6. Download Service Provider metadata
  7. Open the downloaded metadata XML file, search for entityID tag . Copy the value for later use. Example: EntityID.png
  8. Look for tag Location under X509Certicate and Copy the value for later use. Example: Location1.png

2. Add SAP Business Object Cloud application to Azure Active Directory

  1. Login to your Azure Portal
  2. Select Azure Active Directory from left Menu

          Select directory.png

    3. Select Enterprise Applications

          Enterprise_app.png

     4. Select All Applications

          All_App.png

     5. Click on +New Application

            New_app.png

     6. Search for SAP and select SAP Business Object Cloud from the list, and then select Add.

           Search_and_select.png

 

3. Set up Azure AD single sign-on

  1. Click on Single sign-on

            Single_Sign_On.png

    2. Select SAML-base Sign-on from the drop down for Single Sign-on Mode

         SAML.png

    3. Enter the information under SAP BusinessObjects Cloud Domain and URLs

              domain_info.png

     4. Check Show advanced URL Settings and enter Reply URL. This information is collected in Step 1, location

              location.png

      5. Select user.mail for User Identifier

              user_mail.png

       6. Click on "Metadata.xml" and download it your local directory. This will be used later to upload to your SAC Tenant

               metadataxml.png

         7. Click Save on Top.

               save.png

          

4. Create User in Azure Portal

  1. Login to your Azure Portal
  2. Select Azure Active Directory from left Menu

          Select directory.png

    3. Select Users and groups

         user_and_group.png

    4. Select All Users

          All_Users.png

    5. Select +New User

          new_user.png

    6. Enter Details for new user and click Create

         add_user.png

5. Configure SAML Single Sign-on (SSO) within SAC

  1. Log on to your SAP Analytics Cloud tenant using System Owner account
  2. Go to the menu System > Administration > Security
  3. Click on the pencil icon to edit
  4. Select SAML Single Sign-On (SSO)
  5. Click on Upload... button and when prompted select "Metadata.xml" file saved from Azure Portal. See Step 3.6
  6. Under User Attribute, select Email in the drop down
  7. For Verify your account with the identity provider, enter e-mail ID (First.Last@.......onmicrosoft.com) of the user created within Azure 
  8. Validating the account
    • Before we can save the configuration we need to validate the configuration.
    • You will copy the URL from the validate window and open an Incognito tab in your browser or open a browser in another machine.

See Also

Your feedback is important to help us improve our knowledge base.
Please rate how useful you found this article by using the star rating feature at the beginning of this article.
Thank you.

Keywords

EPM, SAP Cloud for Planning, sc4p, c4p, cforp, cloudforplanning, Hana Cloud for Planning, EPM-ODS, Cloud for Analytics, C4P, Cloud4Analytics, CloudforAnalytics, Cloud 4 Planning, HCP, C4A, BOC, SAPBusinessObjectsCloud, BusinessObjectsCloud, BOBJ, BOBJcloud, BOCloud., BICloud, BO Cloud, connecting, conecting, conectando, conexão, modelo, SBOC, SAC, SAP BusinessObjects Cloud, Business Objects, SAC, SAP AC, Cloud-Analytics, CloudAnalytics, SAPCloudAnalytics , KBA , LOD-ANA , SAP Analytics Cloud , LOD-ANA-BI , SAP Analytics Cloud - Business Intelligence (BOC) , LOD-ANA-PL , SAP Analytics Cloud – Planning (BOC) , LOD-ANA-BR , SAP Analytics Cloud - Digital Boardroom , LOD-ANA-PR , SAP Analytics Cloud – Predictive (BOC) , How To

Product

SAP Analytics Cloud 1.0