User Experience Insights
SAP Analytics Cloud and On-Premise SAP HANA SSO Setup With External Identity Provider
This article describes about the end-to-end SSO setup from SAP Analytics Cloud to SAP HANA On-Premises with external non-sap identity provider.
In SAP Analytics Cloud(SAC), Based on your business requirement you may create models from data sources available in on-premise or cloud SAP HANA databases, and you may create story based on those models to perform real time analysis without data replication and duplication. This feature allows SAP Analytics Cloud to be used in scenarios where data cannot be moved into the cloud for security or privacy reasons, or your data already exists on a different cloud system.
The connection established between SAC and SAP HANA uses Live Data Connection with CORS setup. However, every time when end user executes the report for real time analysis, live data connection needs to be manually authenticated with target SAP HANA user credentials.
This article talks about the SSO setup between SAC and SAP HANA database with which the live data connection will not ask for the credentials again while executing the story or reports in SAC rather it will use the same credentials that was used to authenticate the SAC application.
Limitation of this setup is that the external identity provider should be same for SAP Analytics cloud and SAP HANA.This setup doesn’t work if the IDP for is different for both the participants.
The complete end to end configuration can be segregated in below 3 different sections to reduce the complexity of the configuration
|1.Setup SAP HANA XS with HTTPS||https://blogs.sap.com/2022/05/04/setup-sap-hana-xs-with-https/|
|2.Setup SAML in SAP HANA with external Identity Provider||https://blogs.sap.com/2022/05/06/setup-saml-in-sap-hana-with-external-identity-provider/|
|3.Setup SSO in SAC with external Identity Provider||https://blogs.sap.com/2022/05/10/sso-setup-for-sap-analytics-cloud-using-external-an-identity-provider/|
Provide details about your SAP HANA and select SAML single sign on
Once you click ok, new browser window will appear for the first time that will authenticate SAP HANA SAML connection and will disappear automatically.
Once this is done, you may try and validate the end to end setup by running some story based on this live connection which should be able to fetch the data without asking for the credentials.
Please note that the live Direct connection with CORS setup is not maintained in this article, if you need details about this setup you may follow below link for the details
Thanks for reading this article and please do share your valuable feedback in a comment section or ask questions if you have any!!!