Technical Articles
Live Data Connection from SAC to SAP HANA Cloud with Single-Sign-On
In this blog I will explain my experience setting up a live data connection from SAC to SAP HANA Cloud with Single-Sign-On. The whole process took around 45 minutes.
Since SAP Analytics Cloud version 2020.20, the HANA Analytics Adapter is not required anymore. A live connection can be established directly from SAC to HANA Cloud as described in the official documentation.
You can find more information about the available connections for each data source on the official SAP Analytics Cloud website.
Prerequisites
- This connection type works only in Cloud Foundry environments (non-SAP data centers). For Neo environments (SAP data centers), see Live Data Connection to SAP HANA Cloud Using a Direct Connection and SSO.
- Users need to have read access to SAP HANA Cloud database Calculation views that will be used to create and view models and stories in SAP Analytics Cloud. Learn how to grant access to an HDI Container’s Schema.
- SAC can only see Calculation views of type CUBE (which include aggregation).
You cannot use Calculation views of type dimension, nor tables, nor SQL views for analysis in SAC. See this help page to learn more about HDI containers and the way users are set up. - You must use OAuth 2.0 for authentication.
- SAML SSO must be enabled in SAP Analytics Cloud. For more information, see Enabling a Custom SAML Identity Provider.
- The following steps must be carried out by a user who has administrator-level privileges in SAP HANA Cloud and SAP Analytics Cloud, and logs on to SAP Analytics Cloud via the SAML Identity Provider. For the steps in the SAP Analytics Cloud system, the BI Admin role is required. For the steps in the SAP HANA Cloud system, the Administrator role is required.
Create a connection from SAP Analytics Cloud
Go to Main Menu > Connection > + (Add Connection).
In the Select a data source dialog, expand Connect to Live Data, and select SAP HANA.
In the dialog, enter a name and description for your connection.The connection name cannot be changed later.
Set the connection type to SAP HANA Cloud.
Add your SAP HANA Cloud host name.
Under Authentication Method, select SAML Single Sign On.
Copy the SAML Identity Provider (IdP) from the Provider Name field in the connection dialog, and also download the certificate from this dialog.
You’ll need these two items to perform the trust configuration to set up SAML SSO.
Set up the trust relationship between SAP HANA Cloud and SAP Analytics Cloud
In the SAP BTP Cockpit, navigate to SAP HANA Cloud and open the SAP HANA Cockpit.
From the SAP HANA Cockpit, go to Certificate Store.
You will now upload the certificate that you previously downloaded. Click the Import button.
Select “Import from file” to upload the certificate. Then select OK.
You will see your certificate added as below.
Now we need to create a SAML identity provider.
Go to SAML Identity Providers, and click the “Add Identity Provider” button.
Provide an Identity Provider Name. Enter the SAML provider name that you copied from the connection dialog into the Entity ID field, and select the newly added certificate.Then select Add.
You will see your SAML identity provider registered as below.
Now we need to create a certificate collection.
From the SAP HANA Cockpit, go to the Certificate Collections, and click the Add Collection button.
Type a collection name, and click OK.
Click Add Certificate. Select the new certificate, and click OK.
Select the Edit Purpose button. In the Purpose field, choose SAML. In the Providers field, select the newly created SAML provider. Click Save.
You will see your certificate collection registered as below.
You can create a new user or you can modify an existing user by providing the proper role.
Grant your user the necessary rights to access the data that you want to expose from your HANA database.
In this case, I grant the access role to an HDI container where I created 1 calculation view of type CUBE. Learn more about the different methods to grant access rights to HDI containers in A live data connection to SAP HANA Cloud in SAP Analytics Cloud
For another user from the same SAP Analytics Cloud tenant to be able to access the same SAP HANA Cloud system, you’d need to create another user in SAP HANA and map the appropriate ID, or use the same SAP HANA user and map the appropriate ID.
Test your connection from SAP Analytics Cloud
Go back to SAP Analytics Cloud, and finish creating the connection by selecting OK in the connection dialog.
Create a new model.
Select “Get data from a data source”, then choose “Live data connection”.
Select SAP HANA as a system type, and the connection that you just set up.
Within the Data source, you will see all calculation views of type CUBE which your user can access. In my case, I only created 1 calculation view called “calcview”.
Edit and save your model.
You can now create a new story based on that model. The data will be automatically pulled from SAP HANA Cloud, and authentication and authorizations are based on your unique user.
Thank you,
Maxime SIMON
Hi Simon, This is great! Can we do the similar SSO configuration with on premise HANA with SAC?
Thanks
Praveen
Technically the method used to reach HANA on-premise is different. The "Information Access" service is used.
Find the different connection methods available on this matrix :
https://saphanajourney.com/wp-content/uploads/2021/01/Slide3.png
Then you can learn more about the setup on the SAC help :
https://help.sap.com/viewer/2d7115b0e0aa4f78bfd9c06fdc1fe4f6/release/en-US/3ac0033a49a649299f060a68013c2bb6.html
Thanks for the information.
Does SAP HANA Info Access Service comes with additional license or it will be bundled with Native HANA ?
Hi Simon,
Thank you so much for the detailed explanation. It helped me a lot but have some doubt, Here in these steps are we trying to connect CF Hana to CF SAC, what if we need CF Hana to Neo SAC connection?
Thanks,
Heena
For Neo environments (SAP data centers), see Live Data Connection to SAP HANA Cloud Using a Direct Connection and SSO.
Thanks Simon!
Hi,
thank you for the information!
We have built an application on Hana cloud where we have established a live Hana-connection from SAC. We have used the new "SAP HANA CLOUD" connection method. However as I understand it Analysis for Office will not recognize the live connection if not the old connection type "Direct" is used between Hana and SAC?
Is there anything in the roadmap to support the new connection type in analysis for Office? Or is there any other way of connecting Analysis for Office to HANA cloud via a live connection?
Best regards
Marcus
Hello, I did not know SAP HANA Cloud connection type was not supported in Analysis for Office.
Could you ask this question on the Analysis for Office community ?
==> https://community.sap.com/topics/businessobjects-analysis-ms-office
Hi,
I have already tried that 🙂 But unfortunately I am having a very hard time getting an answer regarding this issue.
Forum Post
SAP HANA Cloud connector in SAC | SAP Community
Question in different blogs
Extending the reach of SAP Analytics Cloud data with Microsoft Office front ends | SAP Blogs
Closing the gap with Analysis for Office 2.8 SP9 | SAP Blogs
Best regards
Marcus
Hi Marcus,
I managed to connect AFO with SAC via Direct Connection, and SAC with a HANA Cloud instance on BTP via SAP HANA Cloud connection. But currently it is not possible to connect AFO with a HANA Cloud instance on BTP through SAC.
As a workaround you can connect AFO with a HANA Cloud instance on BTP via HAA.
Please check the blog post below (point 5) from Denys van Kempen :
SAP Analysis for Microsoft Office and SAP HANA Cloud | Hands-on Video Tutorials
Thanks,
Carlos
Hi,
I wanted to know if it possible to use SAC as a data source for HANA, specially for Group Reporting, in order to bring data from SAC to HANA. I red a lot about connecting SAC with HANA to visualize data in SAC, but I did not find anything about the reverse case.
Can you help me?
Thanks in advanced!
There are ways to export data out of SAC. You can find answers on questions such as this one : https://answers.sap.com/questions/772020/write-back-data-from-sap-analytics-cloud-to-sap-ha.html
Thanks, we could setup a connection that way.
Can you explain to me why we set a specific e-mail address (or user ID in our case, because we use a custom IdP) as the External Identity? I would have expected not a specific username, but rather an attribute like (E-Mail, User ID) to be set up there.
So when another user that uses this connection will log on, which user is then used to connect to HANA Cloud?
Kind regards,
Harald
Hi,
Thanks for the blog Maxime. Can we create an import data connection using SAP HANA cloud as a data source? Need to work on forecasting and predictive analysis.
Thanks,
Swapnil