SAP Knowledge Base Article - Public

2590755 - Is IdP-initiated SSO method supported in SAP Analytics Cloud?


  • You configured your custom SAML Identity Provider according to the product's documentation. You want to deploy the application directly in your SAML IdP "launchpad" (IdP initiated)
  • Service Provided initiate works as expected. You connect to your SAP Analytics Cloud tenant and you are redirected correctly to your SAML Identity Provider.


  • SAP Analytics Cloud
  • SAP SAML 2.0 Identity Provider

Reproducing the Issue

  1. Access IdP Login Portal / Homepage
  2. Access SAP Analytics Cloud Application
  3. Observe "HTTP 400 - Bad Request" error when redirected to authn.<region>.hana.ondemand URL 


SAP Analytics Cloud does not support Identity Provider initiated SSO yet, due to the missing features on the SAP Cloud Platform:

  • The Assertion Consumer Service (ACS), central redirect node (authn.<region>.hana.ondemand) does not support IdP redirection and fails.
  • Altering the ACS endpoint in the IdP for SAC could make SSO work (Suggested by SCP documentation and Community), but will fail the SP-initiated flow and the Single Logout (SLO) as well.


  • You can raise this requirement on the Customer Influence site for SAP Analytics Cloud
  • In some of the other IdP's a simple link can be added to your application in the IdP's launchpad (F5 for example). This will work as expected as the user is already authenticated.

See Also



SAML, initiate, sp initiated, initiated, Idp, SBOC, SAC, SAP BusinessObjects Cloud, Business Objects, SAC, SAP AC, Cloud-Analytics, CloudAnalytics, SAPCloudAnalytics , KBA , LOD-ANA , SAP Analytics Cloud , LOD-ANA-BI , SAP Analytics Cloud - Business Intelligence (BOC) , LOD-ANA-PL , SAP Analytics Cloud – Planning (BOC) , LOD-ANA-BR , SAP Analytics Cloud - Digital Boardroom , LOD-ANA-PR , SAP Analytics Cloud – Predictive (BOC) , Problem


SAP Analytics Cloud 1.0