SAP BusinessObjects Cloud – Setup SAML 2.0 Single Sign-On with Remote HANA Systems

Update Oct 11, 2016: with the introduction of Simple URL to SAP BusinessObjects Cloud in the recent release, significant architectural changes have been brought into the BOC landscape that have implications on the reverse proxy configuration. I have written a new blog post that covers the necessary changes. The scenario in this blog and how-to guide stays valid, but the reverse proxy settings are impacted. Check out the new blog for more details: What’s Changed – Setup Remote HANA Connection with SAML SSO in SAP BusinessObjects Cloud

Many customers enjoy the benefits of live HANA connection in SAP BusinessObjects Cloud. One of the key benefits is that the data-level security/authorization is handled by the backend HANA system, so the BusinessObjects Cloud administrator does not have to handle data-level security. In this scenario, each live connection session is under the end user’s own HANA user context; however, nobody likes to manually type in their HANA user credential after logging in to BusinessObjects Cloud. SAP BusinessObjects Cloud supports SAML 2.0-based Single Sign-On (SSO), which streamlines the login process and eliminates the need of typing in backend HANA user credentials repeatedly.

The configuration of SAML 2.0 SSO for SAP BusinessObjects Cloud and SAP HANA involves a lot of steps on various infrastructure components, so I’ve written an end-to-end how-to guide to help you understand the concept and the necessary steps. The guide is based on Apache reverse proxy and SAP NetWeaver SSO SAML 2 Identity Provider. If you have not setup your reverse proxy for the live HANA connection, check out my blog SAP BusinessObjects Cloud – Setup Connection to Remote HANA Systems via Apache Reverse Proxy first.

Without further ado, you can find the how-to guide here:

http://go.sap.com/documents/2016/06/4ee45ace-777c-0010-82c7-eda71af511fa.html

If you are looking for information on setting up SAML 2.0 SSO against Microsoft Active Directory Federation Service (ADFS), read this very informative blog How to setup SAML with ActiveDirectory (ADFS) written by my colleague Greg Wcislo.

I hope you find the document helpful, and feel free to raise questions below.

Cheers 🙂