In IDPTENANT App: Download IDP metadata and create users
In SACDEMO App: Download SAC metadata and upload IDP metadata
In IDPTENANT App: Upload SAC metadata and set user mappings
In SACDEMO App: Test authentication against IDP into SAC
In IDPTENANT App: Edit profiles with C4C login names
In C4CDEMO App: Download C4C metadata and upload IDP metadata
In IDPTENANT App: Upload C4C metadata and set user mappings
In C4CDEMO App: Test authentication against IDP into C4C
Name | Short Name | Fictitious business user |
Custom SAML Identity Provider | IDPTENANT | Michael Johnes |
SAP Analytics Cloud Tenant DEMO | SACDEMO | |
SAP Cloud for Customer Tenant DEMO | C4CDEMO |
3. Click on Download Metadata File. Rename the resulting XML file to IDPTENANT_metadata.xml
4. Create users (Users & Authorizations > User Management) Make sure the E-Mail addresses are the same as the E-Mail addresses you will later create in the SACDEMO app
5. Click on Add User. As an example, create user Michael Johnes as fictitious US employee responsible for Sales operations
6. After you click on Save, Michael Johnes receives an email to activate his account on IDPTENANT.
Michael Johnes is then asked to set a password for himself on IDPTENANT, then he clicks on Save to successfully launch the IDPTENANT Profile screen.
2. Download Service Provider SACDEMO metadata as xml file and name it SACDEMO_metadata.xml
3. Upload Identity Provider metadata file IDPTENANT_metadata.xml created via IDPTENANT App below
4. Choose a user attribute to map to your identity provider IDPTENANT. Select Email to map your SACDEMO and IDPTENANT users via their Email attribute. Verify your account with the identity provider and Save your settings
2. SAML 2.0 Configuration: upload application trust metadata in xml format
Upload Service Provider metadata file SACDEMO_metadata.xml created via SACDEMO App above.
3. Make sure you set the Name ID Attribute and Default Name ID format to E-Mail as displayed above. This will ensure the SACDEMO users and the IDPTENANT users are mapped via their assigned E-Mail attribute.
1. Connect to SACDEMO App as Administrator. Go to Security > Users, and click on the New button to create a user in SACDEMO App for employee Michael Johnes.
2. Michael Johnes receives an activation email. He clicks on Log In and is redirected to the IDPTENANT logon screen.
3. He enters his newly created IDPTENANT E-Mail/Password and is logged into the SACDEMO App.
2. Click on on the Administrator tab and select Configure Single Sign-On in the Common Tasks subtab.
3. Click on “SP Metadata” to download Service Provider C4CDEMO metadata as xml file and rename the file to C4CDEMO_metadata.xml
4. Click on the Identity Provider tab and select New Identity Provider to add the SAP Cloud Identity system as the Identity Provider for the SAP Cloud for Customer system. Browse and open Identity Provider metadata file IDPTENANT_metadata.xml created via IDPTENANT App in Step 2
5. Notice that the new Identity Provider is now listed and active.
6. Click on Activate Single Sign-On, and OK to the displayed message: we will explain later how to map C4CDEMO users to IDPTENANT users via their Login Name attribute.
Finally click on Save to save your configuration.
7. Go back to the My System tab. Notice that the SSO URL field shows the URL which should be used, if Single Sign-On via SAP Cloud Identity to SAP Cloud for Customer system is wanted.
8. We will now explain how to specify the Email address of a C4CDEMO user. In the Administrator tab, select General Settings subtab. Select Employees in the Users section.
9. Search for the employee name for which you need to set the proper Email attribute. In our case “Michael Johnes”.
10. Click on Edit. The Maintain Employee dialog is displayed. Notice that employee Michael Johnes is mapped to business user USSALESOPS. Enter the proper email address for Michael Johnes.
Click on Save and Close.
2. SAML 2.0 Configuration: upload application trust metadata in xml format. Upload Service Provider metadata file C4CDEMO_metadata.xml created via C4CDEMO App above.
3. Make sure you set the Name ID Attribute to Login Name and the Default Name ID format to Unspecified. This will ensure the C4CDEMO users and the IDPTENANT users are mapped via their assigned Login Name attribute.
2. Notice that you are logged onto C4CDEMO as expected, as employee Michael Johnes.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
5 | |
2 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |