In continuation with my earlier blog on SAML integration between SAP Analytics Cloud and ADFS.
In this blog, we will see how to integrate SAP Analytics Cloud (formerly known as SAP Business Objects Cloud) with Microsoft Azure Active Directory.
You get the following benefits when you integrate SAP Analytics Cloud with Azure AD:
- In Azure AD, you can control who has access to SAP Analytic Cloud.
- You can automatically sign in your users to SAP Analytics Cloud by using single sign-on and a user’s Azure AD account.
- You can manage your accounts in one, central location, the Azure portal.The scenario outlined in this blog consists of two main building blocks:
- Add SAP Business Object Cloud from the gallery.
- Set up and test Azure AD single sign-on.
Let’s see step by step configuration.
We will start with Microsoft Azure portal configuration.
Microsoft Azure Portal Configuration
- Access and login into Azure portal
- Goto Azure Active Directory –> Enterprise Applications –> All Applications
- New Application – In the All Applications window, click on New Application
- New Application – SAP Analytics Cloud is available in gallery with name SAP BusinessObjects Cloud.
Goto Add from the gallery and search SAP, it will list all the SAP applications available in the gallery, select SAP BusinessObjects Cloud
- Add an Application – Provide application name and click on Add.
Ex- SAP Analytics Cloud
- Assign user – After adding the SAP Analytics Cloud it will be listed / available in All Applications.
Click on SAP Analytics Cloud –> Users and groups – Add user
Assign the Azure directory user / Domain user to the application
- SAML configuration
Click on Single Sign-on and select SAML-base Sign-on from the drop down for Single Sign- on Mode
Enter the information in SAP Analytics Cloud Domain and URLs
Select user.mail from User Identifier
Click on “Metadata.xml” and download it your local directory. This will be used later to upload to SAC
SAP Analytics Cloud Configuration
Login into SAP Analytics Cloud and select SAML
Upload IDP (Azure portal metadata) into SAC
Under User Attribute, select Email in the drop down
- Before we can save the configuration we need to validate the configuration.
- You will copy the URL from the validate window and open an Incognito tab in your browser or open a new browser window.
- For Verify your account with the identity provider, enter e-mail ID (First.Last@…….onmicrosoft.com) of the user created within Azure
Test Azure AD single sign-on configuration by using the access panel.
Goto user access portal using below URL and login
When you select the SAP Analytics Cloud tile in the access panel, you should be automatically signed in to your SAP Analytics Cloud application.
If all the configurations are correct and verification is successful, user will be logged into SAP Analytics Cloud using SAML.
- Paul Dhrubajyoti
- Mohammed Ashraf