Skip to Content
User Experience Insights
Author's profile photo Ankit Arora

SAP Analytics Cloud and On-Premise SAP HANA SSO Setup With External Identity Provider

This article describes about the end-to-end SSO setup from SAP Analytics Cloud to SAP HANA On-Premises with external non-sap identity provider.

In SAP Analytics Cloud(SAC), Based on your business requirement you may create models from data sources available in on-premise or cloud SAP HANA databases, and you may create story based on those models to perform real time analysis without data replication and duplication. This feature allows SAP Analytics Cloud to be used in scenarios where data cannot be moved into the cloud for security or privacy reasons, or your data already exists on a different cloud system.

The connection established between SAC and SAP HANA uses Live Data Connection with CORS setup. However, every time when end user executes the report for real time analysis, live data connection needs to be manually authenticated with target SAP HANA user credentials.

This article talks about the SSO setup between SAC and SAP HANA database with which the live data connection will not ask for the credentials again while executing the story or reports in SAC rather it will use the same credentials that was used to authenticate the SAC application.


 High Level Overview of the complete setup

Limitation of this setup is that the external identity provider should be same for SAP Analytics cloud and SAP HANA. This setup doesn’t work if the IDP is different for both the participants.

The complete end to end configuration can be segregated in below 3 different sections to reduce the complexity of the configuration


Step Details
1.Setup SAP HANA XS with HTTPS
2.Setup SAML in SAP HANA with external Identity Provider
3.Setup SSO in SAC with external Identity Provider

As you finish above three step setup, you need update the live connection details. Login to home page of SAP SAC and click on live data connection button on left bottom corner of the screen

Select the the data source as SAP HANA

 Provide details about your SAP HANA and select SAML single sign on


Once you click ok, new browser window will appear for the first time that will authenticate SAP HANA  SAML connection and will disappear automatically.

Once this is done, you may try and validate the end to end setup by running some story based on this live connection which should be able to fetch the data without asking for the credentials.

Please note that the live Direct connection with CORS setup is not maintained in this article, if you need details about this setup you may follow below link for the details

Thanks for reading this article and please do share your valuable feedback in a comment section or ask questions if you have any!!!



Assigned Tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.