SAP Knowledge Base Article - Public

2571892 - How to configure SAP Analytics Cloud SAML SSO using Azure Active Directory Services

Symptom

You want to use your Azure Active Directory (AD) to authenticate users in SAP Analytics Cloud (SAC).

Environment

  • SAP Analytics Cloud
  • Azure Active Directory services

Resolution

Warning: It is strongly recommended to discuss these steps with your AD administrators.

Refer to the article by Microsoft: Tutorial: Azure Active Directory integration with SAP BusinessObjects Cloud.

1. Download XML Service Provider Metadata:

You need to download the Service Provider metadata for your SAC tenant.

  1. Log on to your SAP Analytics Cloud tenant using System Owner account.
  2. Go to the menu System > Administration > Security.
  3. Click the pencil icon to edit.
  4. Select SAML Single Sign-On (SSO).
  5. Click the Download button that appears in the menu.
  6. Download Service Provider metadata.
  7. Open the downloaded metadata XML file, search for entityID tag . Copy the value for later use. Example: EntityID.png
  8. Look for tag AssertionConsumerService and Copy the link https://authn.xxx.hana.ondemand.com/saml2/sp/acs/xxxxxx/xxxxxx after Location for later use. Example: ACS.png

2. Add SAP Analytics Cloud / SAP BusinessObjects Cloud application to Azure Active Directory

  1. Logon to the Azure Portal.
  2. Select Azure Active Directory from left Menu.

          Select directory.png

    3. Select Enterprise Applications.

          Enterprise_app.png

     4. Select All Applications.

          All_App.png

     5. Click +New Application.

            New_app.png

     6. Search for SAP and select SAP BusinessObjects Cloud from the list, and then select Add.

           Search_and_select.png

 

3. Set up Azure AD single sign-on

  1. Click Single sign-on.

            Single_Sign_On.png

    2. Select SAML-base Sign-on from the dropdown menu for Single Sign-on Mode.

         SAML.png

    3. Enter the information under SAP BusinessObjects Cloud Domain and URLs.

              ReplyURL.png

     4. Check Show advanced URL Settings and enter Reply URL. This information is collected in Step 1, location.

              location.png

      5. Select user.mail for User Identifier

              user_mail.png

       6. Click "Metadata.xml" and download it your local directory. This will be used later to upload to your SAC Tenant

               metadataxml.png

         7. Click Save on Top.

               save.png

          

4. Create User in Azure Portal

  1. Logon to your Azure Portal
  2. Select Azure Active Directory from left Menu

          Select directory.png

    3. Select Users and groups

         user_and_group.png

    4. Select All Users

          All_Users.png

    5. Select +New User

          new_user.png

    6. Enter Details for new user and click Create

 

5. Configure SAML Single Sign-on (SSO) within SAC

  1. Log on to your SAP Analytics Cloud tenant using System Owner account.
  2. Go to the menu System > Administration > Security.
  3. Click the pencil icon to edit
  4. Select SAML Single Sign-On (SSO).
  5. Click the Upload... button and when prompted select "Metadata.xml" file saved from Azure Portal. See Step 3.6.
  6. Under User Attribute, select Email in the drop down.
  7. For Verify your account with the identity provider, enter e-mail ID (First.Last@..microsoft.com) of the user created within Azure. 
  8. Validating the account.
    • Before we can save the configuration we need to validate the configuration.
    • You will copy the URL from the validate window and open an Incognito tab in your browser or open a browser in another machine.

See Also

Your feedback is important to help us improve our knowledge base.
Please rate how useful you found this article by using the star rating feature at the beginning of this article.
Thank you.

Keywords

EPM, SAP Cloud for Planning, sc4p, c4p, cforp, cloudforplanning, Hana Cloud for Planning, EPM-ODS, Cloud for Analytics, C4P, Cloud4Analytics, CloudforAnalytics, Cloud 4 Planning, HCP, C4A, BOC, SAPBusinessObjectsCloud, BusinessObjectsCloud, BOBJ, BOBJcloud, BOCloud., BICloud, BO Cloud, connecting, conecting, conectando, conexão, modelo, SBOC, SAC, SAP BusinessObjects Cloud, Business Objects, SAC, SAP AC, Cloud-Analytics, CloudAnalytics, SAPCloudAnalytics , KBA , LOD-ANA , SAP Analytics Cloud , LOD-ANA-BI , SAP Analytics Cloud - Business Intelligence (BOC) , LOD-ANA-PL , SAP Analytics Cloud – Planning (BOC) , LOD-ANA-BR , SAP Analytics Cloud - Digital Boardroom , LOD-ANA-PR , SAP Analytics Cloud – Predictive (BOC) , How To

Product

SAP Analytics Cloud 1.0