Do you want to know how to enable Single Sign-On from SAP IAS ??
SAP IAS – Identity Authentication Service
IDP – Identity Provider
The single sign-on through SAP IdP is not turned on by default. When disabled, users can only access SAP Commissions through the SAP Commissions login page, using their user ID and password. To enable it, you need to follow the below steps to configure
Once set up, users authenticated with SAP IAS can log in to SAP Commissions without entering their ID or password. Unauthenticated Commissions users that attempt to access a Commissions URL will be redirected to the SAP Identity Access Management login page for authentication.
You will be provided with two URLs:
- Standard Commissions URL – Users can enter the user ID and password and access SAP Commissions.
- SAP IdP based Commissions URL – This URL prompts users to enter their user ID and password via IdP and redirects users to SAP Commissions.
Architecture & documentation related SAP Sales Cloud Single Sign-On(SSO) can be found here
Let’s start the configuration,
Login to SAP Identity Authentication Service[IAS] (Admin of the company)
Configure below information and save. After saving, download Metadata.xml which will be used to upload in SAP Commission
Select SAML 2.0
2. SAML 2.0 Configuration
3. Subject Name Identifier
4. Default Name ID Format
Choose either one for users login method
5. Assertion Attributes
|User Attributes||Assertion Attributes|
Update the values from the above table if incase if values are blank
Login to SAP Commission Portal to enable Single SignOn ( SSO)
Configure from below screen with corresponding sequence numbers in SAML Configuration Type Section
Admin should logout the page after SAML is configured and ask Users to login to SAP Commission Portal.
Users should able to see the login page of SAP IAS Login screen
Admin can see the Security logs in SAP Commission Portal for users Authentication mechanism (SAML)
Troubleshooting in IAS or to find audit logs ( download CSV)
SAP Cloud Identity Services: https://community.sap.com/topics/cloud-identity-services
Identity Authentication service in a nutshell: https://www.youtube.com/watch?v=uwlGrrxwRJ0
Online & Browser Tools:
➢ Allows you to validate a SAML Response for Chrome (see example in next slide, FF uses SAML Tracer) – https://www.samltool.com/validate_response.php
➢ Allows you to debug your SAML based implementation (see example in next slide, it is a way to validate if all of the related entries are valid) –
➢ https://www.base64decode.org/ – Decode from Base64 format.