HOW TO CONFIGURE SINGLE SIGN-ON (SSO) FOR SAP CLOUD FOR CUSTOMER USING SAP CLOUD IDENTITY SERVICE

Similar documents
SAP Education: Reporting Access User Guide

Integration with SAP Hybris Marketing - Google Analytics and SAP Cloud Platform Integration

Configuration of Warehouse Management with Preconfigured Processes

Integration with SAP Hybris Marketing Cloud - Google Analytics and SAP Cloud Platform Integration

User Guide for SAP BW Note Analyzer

Integrating SAP Hybris Cloud for Customer with SAP Hybris Marketing Cloud using HANA Cloud Integration Integration Guide

Week 2 Unit 1: Security Concept

SAP Global Certification Digital Badges Step-by-Step Guide

Quick Guide - SAP Mobile Secure Cloud

SAP Banking APIs (beta)

SAP Solution Manager Focused Insights Setup for ST-OST SP4. AGS Solution Manager SAP Labs France

SAP S/4HANA How to Create and Generate Backend Security Authorizations for SAP Fiori 2.0

SAP Innovation And Optimization Pathfinder How-To-Guide

FAQs Sales Order SAP Hybris Cloud for Customer PUBLIC

Intercompany Integration Solution for SAP Business One Centralized Payment

Ariba Network Invoice Guide

FAQs Lead Management SAP Hybris Cloud for Customer PUBLIC

Release Notes. SAP Performance Management for Financial Services 2.0 SP01

Frequently Asked Questions on Secure Usage of Remote Support Platform for SAP Business One (RSP)

C4C10. SAP Hybris Cloud for Customer Administration COURSE OUTLINE. Course Version: 20 Course Duration: 3 Day(s)

C4C50. SAP Hybris Cloud for Customer Integration with On-premise SAP Solutions COURSE OUTLINE. Course Version: 20 Course Duration: 4 Day(s)

CUSTOMER Customizing Tables for Transfer Types and Enhancement Spot Container for EPC BADIs

Agentry Device Client Branding SDK. SAP Mobile Platform 3.0

SAP Library 1/24/2013. Opportunistic Cross-Docking

Manager with S/4 HANA 1610 On Premise

Week 1 Unit 1: Introducing SAP Screen Personas

SAP Learning Hub: Anytime, Anywhere Access to Cloud-Based Learning

SAP SuccessFactors Onboarding

Your Intelligent POS Solution: User-Friendly with Expert Analysis

Intercompany Integration Solution for SAP Business One Intercompany Reporting

SAP Business Client 6.5

SAP HANA Cloud Danone

SAP Best Practices for SuccessFactors Employee Central: Software and Delivery Requirements

Advanced Field Control using BRF+

SAP Banking APIs (beta)

D94 - Defects of Equipment Processing. Process Diagram

SAP SuccessFactors People Central Hub

Accessing the Open Item Analytics Dashboard using SAP Business Objects Design Studio using a pre-configured Windows System

SAP Consolidated Payables Link

THR82. SAP SuccessFactors Performance and Goals Academy COURSE OUTLINE. Course Version: 71 Course Duration: 15 Day(s)

How-To Guide SAP EWM Document Version: How to Include Navigation to Yard Management Transactions from the Shipping Cockpit

Maintain Vendor Evaluation (155.13)

S4F40 Cash Management in SAP S/4HANA

BOAN15. VBA Programming in SAP BusinessObjects Analysis Edition for Microsoft Office COURSE OUTLINE. Course Version: 17 Course Duration: 1 Day(s)

Configuration Content for Labor Management

Release Document Version: 1.4 SP What's New Guide: SAP BusinessObjects Analysis, edition for Microsoft Office

SM72D. SAP Solution Manager 7.2 Delta Training COURSE OUTLINE. Course Version: 17 Course Duration: 3 Day(s)

SAP SuccessFactors Employee Central Integration to SAP ERP rapid-deployment solution V2.0 : Software and Delivery Requirements

Certificate SAP INTEGRATION CERTIFICATION

SAP Live Access General User Guide

ADM920 SAP Identity Management

run() MOB 101 SAP and Apple: Revolutionize the Mobile Work Experience

TM410. Charge Calculation Advanced & Internal Settlement in SAP Transportation Management COURSE OUTLINE. Course Version: 16 Course Duration: 2 Day(s)

UX100 SAP Fiori Foundation

SAP Business One Intercompany Purchasing

Golden Audit Reporting

Visual BI Extensions for SAP BusinessObjects Design Studio (VBX) - Installation Guide -

Ordina: Unlocking New Sources of Revenue with SuccessFactors Solutions

S4C01. SAP S/4HANA Cloud On-boarding Fundamentals COURSE OUTLINE. Course Version: 05 Course Duration: 3 Day(s)

S4H01. Introduction to SAP S/4HANA COURSE OUTLINE. Course Version: 03 Course Duration: 2 Day(s)

SAP EHS Regulatory Documentation OnDemand

SAP Hybris Cloud for Customer Portfolio of Services

Intercompany Integration Solution for SAP Business One Intercompany Trade

SAP SuccessFactors Compensation

S4F01. Financial Accounting in SAP S/ 4HANA COURSE OUTLINE. Course Version: 03 Course Duration: 2 Day(s)

Tabular Maintenance SAP Product Structure Management

Migration of SAP ERP WM to SAP EWM

The Supplier Enablement Service for SAP Ariba Solutions. Overview of Enablement and Transacting Statuses. SAP Ariba Solutions 1 / 5

SAP SuccessFactors Succession and Development

PUBLIC What's New Guide

Global Label Management with Product Safety and Stewardship Solutions from SAP

TM120. Optimizer Planning and Execution in SAP Transportation Management COURSE OUTLINE. Course Version: 16 Course Duration: 5 Day(s)

Building Online Portals for Your Customers & Partners with Okta. An Architectural Overview OKTA WHITE PAPER

S4F02. Management Accounting in SAP S/4HANA COURSE OUTLINE. Course Version: 05 Course Duration: 3 Day(s)

SAP BUSINESS OBJECTS INTEGRATION WITH SAP NETWEAVER BPM

Musimundo: Promoting Efficient Communication and Employee Development with SAP SuccessFactors Solutions

BIT300 Integration Technology ALE

Mobile for Android User Guide

JM Family Enterprises: Driving Procurement Efficiency with Ariba Solutions

SAP SuccessFactors Compensation

Demo Script. Resource Management Classification: Internal and for Partners. SAP Business ByDesign Reference Systems. Golden Demo. Resource Management

AC235. SAP Convergent Charging 4.1 COURSE OUTLINE. Course Version: 15 Course Duration: 5 Day(s)

Croatia Fiscalization Update FI Billing Documents with Fiscalization Data

TAKISADA-OSAKA: Accelerating On-Site Operations with Reports and Analytics powered by SAP HANA

UX412. Mobilizing SAP Fiori Standard Apps COURSE OUTLINE. Course Version: 02 Course Duration: 3 Day(s)

S4100. Business Processes in SAP S/4HANA Product Development COURSE OUTLINE. Course Version: 05 Course Duration: 5 Day(s)

EY0 - Replenishment. Process Diagram

SAP SuccessFactors Foundation

D97 - Overhaul Management. Process Diagram

How the Port of Hamburg Doubled Capacity with Digitization

MAPAL implements tool data management and IoT with SAP HANA Cloud Platform

Lifecycle Management for SAP BusinessObjects User Guide

How To Create and Use an SAP ME Process Workflow

Automotive Consulting Solution. Print Forms for the JIT/JIS process Renault L3PS

AC233. SAP Hybris Billing: Sales & Order Management in SAP CRM COURSE OUTLINE. Course Version: 15 Course Duration: 4 Day(s)

SAP Hybris Marketing Demonstration. Andy Powers, Sr. Solution Engineer, SAP Hybris June 7, 2017

ACM Reporting Access Control Management

Revolutionize B2B Payments to Increase Certainty, Simplicity, and Security

GRC300. SAP BusinessObjects Access Control Implementation and Configuration COURSE OUTLINE. Course Version: 15 Course Duration: 5 Day(s)

S4EA1. SAP S/4HANA Asset Management - Functions and Innovations COURSE OUTLINE. Course Version: 05 Course Duration: 1 Day(s)

Transcription:

HOW TO CONFIGURE SINGLE SIGN-ON (SSO) FOR SAP CLOUD FOR CUSTOMER USING SAP CLOUD IDENTITY SERVICE

HOW TO GUIDE TABLE OF CONTENTS Overview... 3 Chapter 1: Configure SAP Cloud Identity service... 5 Creating a New Application in SAP Cloud Identity Administration Console... 5 Defining the Identity Federation on SAP Cloud Identity service... 7 Chapter 2: Configure SAP Cloud for Customer... 9 Configure Single Sign-On on the SAP Cloud for Customer system to SAP Cloud Identity... 9 Page 2, How To Guide

Configuring SAP Cloud Identity as Identity Provider for SAP Cloud for Customer OVERVIEW SAP Cloud Identity service provides services for authentication, single sign-on and on premise integration as well as self-services such as registration or password reset for employees, customers and partners. To use SAP Cloud Identity services you must obtain a tenant. The tenant represents a single instance of the SAP Cloud Identity service that has a specific configuration and data separation. For configuration of most features administrators use the administration console for SAP Cloud Identity service. You can find detailed information under https://help.hana.ondemand.com/cloud_identity. In this document we describe the implementation steps necessary for the integration between SAP Cloud Identity service as an identity provider and the SAP Cloud for Customer system as a service provider. The authentication mechanism is based on the standard SAML 2.0 (Security Assertion Markup Language) protocol defined by OASIS. In our scenario the SAP Cloud for Customer provides applications. The applications are restricted to the users that are authorized to consume them (no strangers accepted). The identity of a user is verified by the identity provider (IdP), as specified by SAML 2.0. The IdP (SAP Cloud Identity) stores a list of all users that are allowed to access the service provider (SAP Cloud for Customer) along with their credentials. The simplest credential is the user's password but there may also be others for stronger security protection. The integration between the SAP Cloud for Customer (SP) and the SAP Cloud Identity (IdP) is based on trust configuration. When a user attempts to access SAP Cloud for Customer for the first time, the system redirects the user to the identity provider for identification. From then on, the user session is kept active, and the user is no longer prompted for credentials (Single Sign-On). How is the workflow for Single Sign-On? Step 1: A user accesses a protected web resource on the Service Provider. In our case it could be an application of the SAP Cloud for Customer system (for example SAP Cloud for Sales). How To Guide, Page 3

HOW TO GUIDE Step 2: The SAP Cloud for Customer system sends a SAML authentication request via HTTP redirect to the trusted Identity Provider. In our case your corporate tenant in the SAP Cloud Identity service. Step 3: The Sap Cloud Identity service prompts the user for authentication if the user is not already authenticated (e.g via Single Sign-On to the SAP Cloud Identity or a previous successful authentication). Step 4: Upon successful authentication on the SAP Cloud Identity service, the SAP Cloud Identity service sends a SAML Response to the SAP Cloud for Customer system containing the necessary data to logon the user to the SAP Cloud for Customer system. If the user accesses another application of the SAP Cloud for Customer system that also uses SAP Cloud Identity service for authentication, the above message exchange starts again. However, this time the user is already authenticated at the identity provider (SAP Cloud Identity) and does not need to perform step 3 again. Thus, the SAP Cloud Identity can immediately send the SAML Response with the authentication statement back to the Web application, and the user is automatically signed-on. This guide explains how to configure the SAP Cloud Identity service and SAP Cloud for Customers to use the authentication and single sign-on capabilities based on the industry standard SAML 2.0. Chapter 1 guides you through the necessary configuration steps on the SAP Cloud Identity and chapter 2 explains the configuration for the SAP Cloud for Customer system. Page 4, How To Guide

Configuring SAP Cloud Identity as Identity Provider for SAP Cloud for Customer CHAPTER 1: CONFIGURE SAP CLOUD IDENTITY SERVICE Administrators can create a new application and customize the services for user login, registration, authentication, and access to the application. This chapter describes how to configure the service provider (SAP Cloud for Customer) in the SAP Cloud Identity tenant and to define the Identity Federation. Creating a New Application in SAP Cloud Identity Administration Console 1. Open the SAP Cloud Identity Administration Console: Access the tenant s administration console for SAP Cloud Identity service by using the console s URL. The URL has the https:// <tenant ID >.accounts.ondemand.com/admi n pattern. 2. After successful logon choose the Application tile. 3. Choose the +Add button on the bottom of the left hand panel to add a new application. Enter the name of your SAP Cloud for Customer system and press Save. 4. Within the new application choose the Trust tab. Then choose SAML 2.0 Configuration under SAML 2.0.. How To Guide, Page 5

HOW TO GUIDE 5. There are two ways to do the SAML 2.0 Configuration:upload the service provider s metadata XML file or manually enter the communication settings. The easiest way is to use the metadata of the SAP Cloud for Customer system. In order to do this you have to download the metadata XML file of your SAP Cloud for Customer system. Therefore 6. logon to your SAP Cloud for Customer system as an administrator. 7. Choose Adapt and select Launch in Microsoft Silverlight. 8. Choose ADMINISTRATOR and under Common Tasks select Configure Single Sign-On. 9. Choose on the next screen under General the link SP Metadata. Page 6, How To Guide

Configuring SAP Cloud Identity as Identity Provider for SAP Cloud for Customer 10. Enter a filename to store the Metadata of your SAP Cloud for Customer system. Then click on Save. 11. Go back to the administration console of the SAP Cloud Identity service. 12. Choose Browse to upload the metadata file of your SAP Cloud for Customer system. 13. Select your Metadata file and click on Open. If you scroll down, you can see that all necessary fields for the manually configuration of the Service Provider even the certificate are automatically filled. 14. Click on the button Save to store the configuration of your Service Provider (the SAP Cloud for Customer system). Defining the Identity Federation on SAP Cloud Identity service The last thing what needs to be configured on the SAP Cloud Identity service is the Identity Federation. 1. Therefore click under SAML 2.0 on Name ID Attribute. How To Guide, Page 7

HOW TO GUIDE 2. Choose the necessary kind of Name ID Attribute what is necessary in your scenario. That means what does your SAP Cloud for Customer expects as a valid system user. Email address is not supported by the SAP Cloud for Customer system. 3. Select Save to save your identity federation settings. Page 8, How To Guide

Configuring SAP Cloud Identity as Identity Provider for SAP Cloud for Customer CHAPTER 2: CONFIGURE SAP CLOUD FOR CUSTOMER Configure Single Sign-On on the SAP Cloud for Customer system to SAP Cloud Identity Go back to the Single Sign-On Administration screen on the SAP Cloud for Customer system. 1. Click on the tab Identity Provider. 2. Select the button New Identity Provider to add the SAP Cloud Identity system as the Identity Provider for the SAP Cloud for Customer system. 3. Call on the SAP Cloud Identity the URL https:// <tenant ID >.accounts.ondemand.com/saml 2/metadata pattern to get the metadata. 4. Save the page. 5. Enter this filename from Step 4 into the field File name and click on Open. Now the new Identity Provider is listed and active. How To Guide, Page 9

HOW TO GUIDE 5. Click on Activate Single Sign-On to use your configuration on the SAP Cloud for Customer system. 6. Click OK. 7. Select Save to save the Single Sign-On configuration. 8. The SSO URL field shows the URL which should be used, if Single Sign-On via SAP Cloud Identity to SAP Cloud for Customer system is wanted. Page 10, How To Guide

Configuring SAP Cloud Identity as Identity Provider for SAP Cloud for Customer 2015 by SAP AG or an SAP affiliate company. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by SAP AG and its affiliated companies ( SAP Group ) for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Please see http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark for additional trademark information and notices. How To Guide, Page 11

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback