KEMBAR78
Configuring SAP Analytics Cloud With IAS | PDF | Software | Computing
Scribd
Upload
565 views3 pages

Configuring SAP Analytics Cloud With IAS

This document provides a detailed guide for configuring SAP Analytics Cloud (SAC) with SAP Identity Authentication Service (IAS) for secure Single Sign-On (SSO). It outlines prerequisites, step-by-step configuration processes, and troubleshooting tips to ensure successful authentication. The summary flow highlights the interaction between SAC and IAS during the configuration process.

Uploaded by

ganesh.bhadury
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
565 views3 pages

Configuring SAP Analytics Cloud With IAS

This document provides a detailed guide for configuring SAP Analytics Cloud (SAC) with SAP Identity Authentication Service (IAS) for secure Single Sign-On (SSO). It outlines prerequisites, step-by-step configuration processes, and troubleshooting tips to ensure successful authentication. The summary flow highlights the interaction between SAC and IAS during the configuration process.

Uploaded by

ganesh.bhadury
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Configuring SAP Analytics Cloud (SAC) with SAP Identity Authentication Service (IAS)

for authentication involves a series of steps both in SAC and in IAS to ensure secure Single
Sign-On (SSO) and identity management.

Here’s a step-by-step guide to configure SAC with IAS authentication:

🔧 Prerequisites:
1. You must have:
o Admin access to SAP Analytics Cloud (SAC)
o Admin access to SAP Identity Authentication Service (IAS)
2. SAC tenant and IAS tenant are available.
3. IAS should already be subscribed or provisioned (via BTP or directly).

✅ Step-by-Step Configuration:

Step 1: Identify SAC Custom SAML Identity Provider

1. Login to your SAC tenant as an administrator.


2. Navigate to:
o System > Administration > Security tab.
3. Under Single Sign-On (SSO) section:
o Click on "Use custom SAML Identity Provider".
4. Download the SAC SAML Metadata File (SAMLMetadata.xml).
o This file will be imported into IAS.

Step 2: Create SAML Trust in IAS

1. Login to your IAS admin console:


o URL format: https://<tenant ID>.accounts.ondemand.com/admin
2. Navigate to Applications & Resources > Applications.
3. Click “Add” to create a new application.
4. Enter:
o Name: e.g., SAC_Authentication
o Type: SAML 2.0
5. Once the app is created:
o Go to SAML 2.0 Configuration
o Click "Upload Metadata File" and upload the SAMLMetadata.xml from
SAC.
6. Save.
Step 3: Configure Subject Name Identifier (NameID)

1. In the same IAS application (e.g., SAC_Authentication):


o Go to SAML 2.0 Configuration > Subject Name Identifier
o Select the attribute SAC should use for authentication (e.g., E-Mail, User ID)
2. Ensure that this value matches with users created in SAC (case-sensitive).

Step 4: Configure Assertion Attributes

1. In the same SAML config page:


o Go to Assertion Attributes
2. Add the following attributes if required by SAC:
o UserID → mail or loginName
o Email → mail
o FirstName → givenName
o LastName → familyName
3. Click Save.

Step 5: Download IAS IdP Metadata

1. Still in IAS:
o Go to Tenant Settings > SAML 2.0 Configuration
o Download the Metadata File of IAS (Identity Provider metadata)

Step 6: Configure IAS as IdP in SAC

1. Go back to SAC > System > Administration > Security tab.


2. Under Single Sign-On (SSO):
o Click on “Use Custom SAML Identity Provider”
3. Upload the IAS IdP Metadata File downloaded in Step 5.
4. Select:
o Name ID Format (e.g., emailAddress or persistent)
o User attribute mapping based on what you configured in IAS.
5. Click Save.

Step 7: Test the SSO Connection

1. In SAC:
o Go to the SAML Login URL provided in the SSO section (you’ll find it at the
bottom).
2. Try logging in with a user configured in IAS.
3. Verify if authentication is successful and the user is redirected correctly.

Step 8: Manage SAC Users (Optional)

 You can choose:


o Manual user creation in SAC.
o Or enable Automatic User Creation from IAS (if you configure SCIM or
auto-provisioning).

👤 Optional: Custom Branding & Login Page in IAS


 You can customize the login page and enable branding via:
o IAS > Branding and Layout

🚧 Troubleshooting Tips:
 401 Unauthorized: Usually means NameID mismatch or user doesn’t exist in SAC.
 Metadata Error: Ensure metadata files are correctly imported and up to date.
 User not found: Ensure the IAS attribute (like mail) matches the SAC user ID/email.
 Clock Sync Issues: Ensure both SAC and IAS servers are time-synced.

✅ Summary Flow:
1. SAC exports SP metadata →
2. IAS creates application and imports metadata →
3. IAS configures subject and attributes →
4. SAC imports IAS metadata as IdP →
5. Users login via IAS using SAML → redirected to SAC

Would you like a diagram or exportable PDF of this configuration?

Ask ChatGPT

You might also like