Skip to Content
Technical Articles
Author's profile photo Yogananda Muthaiah

How to enable Single Sign On(SSO) from SAP Commissions

Dear Readers

In this blog, you will follow the steps on how to enable Commissions SAML Single sign-on (SSO) using Commissions Sales Portal Home (SPH)


IdP.xml File (Identity Provider XML Configuration File) (Reach out to customer IT team)

Below are the steps to be followed :

Step 1. Log into the SAP Commissions portal, from the Home page, Administration screen, select Global Settings.


2. Go to SAML Authentication Settings and select Set Up New SAML Configuration Option.
Turn on FSSO SAML.

3. Enter the following under Service Provider Parameters

  • SP EntityID: (Replace xxxx with tenant id and yyy with the environment) — for oracle customers (Replace xxxx with tenant id) — for HANA customers  
  • Name ID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified

NOTE: We normally suggest that an unspecified Name ID Format be entered as mentioned above. However, if you have a specific Name ID Format that is different, like:


Please go ahead and enter that. Please note if the give Name ID Format does not work, we will request that you set up your system to use unspecified (urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified) as the Name ID Format.

4. Turn on Use Name ID as SP User ID option


5. Upload IdP.xml file ( SAML 2.0 – Microsoft Azure, Okta, or any other identity providers)


6. Do not fill any other section or field at this point. If you do, please exit this page, and start the configuration process again and do not save anything.

– There are instances where your browser may fill additional fields automatically. Please stop your browser from doing this, and try again. If you fill out any fields and remove the information later, the configuration may not work.


7. Click Save SAML Authentication Settings to save to configuration and turn on your SAML SSO. Please review step number 6 before clicking Save SAML Authentication Settings.

8. Follow the steps 1 and then 2 from below screenshot..
Click Save SAML Authentication Settings and then click Mark configuration Validated after clicking.

Once you have validated that everything is working, and you want to turn on trusted mode, which will disable the ability to log in directly into the Commission Portal

If you need Non-Trusted Mode..
Please do not proceed with 2 step, if you also want to be able to login directly through the Commissions Portal, or if you also plan on using Salesforce Commissions Integration (Not SAML SSO Based.)  Admins can login through SSO with SP initiated (Reach out to me on how to setup)..


9. Click Save

10. After making these changes, the sp.xml file will be available to be downloaded from the same page.

11.  After completed, you will see from below screenshot




If you had previously configured SAML SSO, and it was not through the portal, there is an important change you will have to make.

The previous POST URL that you were using will change from the following pattern:

to the following pattern:

You will have to update this on your source system, so the request is sent to the correct location.

Conclusion: you can configure on our own from above without reaching out to the Customer IT team or SAP Commission Support team. Once it’s enabled, users are secured to access the application.

Troubleshooting Resources

Online & Browser Tools:

➢ Allows you to validate a SAML Response for Chrome (see example in next slide, FF uses SAML Tracer) –

➢ Allows you to debug your SAML based implementation (see example in next slide, it is a way to validate if all of the related entries are valid) –

➢  – Decode from Base64 format.

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Saurabh Kabra
      Saurabh Kabra

      Thanks, Yogananda for sharing such a nice step by step blog for setting up SAML based SSO for SAP Commissions.

      Author's profile photo Vishnu Sandeep Yadavalli
      Vishnu Sandeep Yadavalli

      Hello Yougananda,


      Is there any way to force login using Username/Password if a login attempt fails through SSO after enabling Trusted SSO?