SAP Cloud for Customer SSO with QlikSense Integration via IDP
In a recent engagement we integrated SAP Cloud for Customer with QlikSense and IDP as Azure.
QlikSense being the primary reporting tool for the customer, the ask was to have a seamless access to Qlik from SAP Cloud for Customer. This was achieved using SSO at Cloud for Customer and QlikSense. IDP used in the scenario was Microsoft Azure.
There are 3 steps to achieve this requirement:
- Enable Single Sign On in SAP Cloud for Customer
- Create URL MashUps in SAP Cloud for Customer
- Create and Configure virtual proxy in QlikSense
First Step – Enable SSO in Cloud for Customer using Azure: SSO can be enabled from Administrator>Common Tasks>Configure Single Sign On
Download the SP Metadata and share it with Azure
Upload the Metadata received from Azure using New Identity Provider. In the supported Name Id maintain email address as default. Email address is the primary identifier for authentication across Azure and Qlik.
Second Step – Create URL Mashup from Mashup Authoring as shown in the snapshot below
Using Adaptation expose the URL Mashup as a tile on the Home screen. Once the user clicks on the tile it would navigate to QlikSense application in a new browser.
Third Step – QlikSense application team needs to create a virtual proxy and do metadata exchange with Azure. Once the virtual proxy set up is done and user license has been allocated the user would navigate seamlessly from SAP Cloud for Customer to Qlik application. The authentication key here is email address. Azure (IDP) authenticates SSO in Cloud for Customer using email address and pass on authentication success to Qlik. Qlik then provides authorization via virtual proxy to the report or the app exposed.
Snapshot mentioned is the example of the sample Qlik report.