SSO implementation in GROW with SAP using Microsoft Entra ID

SSO implementation in GROW with SAP using Microsoft Entra ID
Estimated read time 6 min read

The SAP Single Sign-On application enables users to log in once to gain secure access to all the software they require throughout the day with no need to log in again ,with SAP Single Sign-On

There are several process to set up setup SSO in On premise system as well as on cloud, here we will discuss SSO setup between Azure and SAP on Public Cloud using IdP

There are two primary options in which SAP Identity Authentication Services and Microsoft Entra ID can be integrated:

Microsoft Entra ID as the Identity Provider (IdP): This scenario makes Microsoft Entra ID the central authentication hub, with users logging into SAP applications using their Microsoft Entra ID credentials.

 

SAP IAS as the IdP: In this case, SAP IAS becomes the primary authentication source, with users logging into Microsoft Entra ID applications using their SAP credentials.

Recently I got opportunity to setup SSO between Microsoft Entra ID (formerly known as Microsoft Azure Active Directory or Azure AD) , SAP IAS and SuccessFactors on SAP on Public Cloud (Grow with SAP) using SAP IAS as the IdP.

 

Below are step to configure SSO between Azure ,IAS and Success Factor.

1- Configure SAP IAS

Login on IAS system go to Applications and Resources -> Tenant Settings ->Single Sign On-> SAML 2.0 Configuration the  download metadata file on you system share this file to Azure team and ask for Federation Metadata XML 

 

 

 

2- Configure Microsoft Entra ID

This setp should be perform by azure admin system by following step

Create an Application in Microsoft Entra ID: This application represents your SAP IAS instance. Login to https://portal.azure.com and setup the Microsoft Entra ID.

 

Click Add -> Enterprise Applications 

 

 

By default, Microsoft Azure supports variety of applications. Search with SAP Cloud Identity Services. Select the SAP Cloud Identity Services and click on create.

 

We will be using the SAML Metadata file to setup the trust between Microsoft Entra ID and SAP Identity Authentication service (IAS). Click on Setup Single Sign-On.

 

 

Choose SAML as the SSO method and upload the SAP IAS metadata file.

 

 

After saving the application you can download the Federation Metadata XML file which we will add to the SAP Cloud Identity Services (IAS).

 

3- Configure Federation metadata on  IAS

Login on IAS system and click identity Provider  and select Corporate identity Provider

 

Click on create

 

 

Fill are require data

 

 

Click on create it will create entry in Identity provider

 

 

 Now click on SAML2.0 Configuration

 

And upload azure xml file

 

 

 

 

All setting between Azure and IAS system has been done.You can check  SSO connection via login on IAS system ,it will pick Azure authentication and will login without asking password on IAS system

Now going to setup SSO connection between IAS and managed application system here I will setup connection between IAS to success factor, you can choose other system depend on requirement

Login on IAS system and click on Application & Resources and select SuccessFactors system

 

Now  select single Sign-on  and check Subject Name Identifier it should be as below

 

 

 

 

select single Sign-on  and check Default Name ID Format

 

 

Check attribute it should be as below

 

 

Now maintain domain in Conditional Authentication as per below

 

 

 

All setting has been completed for SF system

 

 

 

 

Now login to sf provision url and enable SSO

 

 

 

 

Now test sso from SF system it will automatically login on system without login page

 

Reference

Simplify SSO with Microsoft Entra ID (Azure AD) & … – SAP Communityhttps://learn.microsoft.com/en-us/entra/identity/saas-apps/sap-hana-cloud-platform-identity-authentication-tutorial 

​ The SAP Single Sign-On application enables users to log in once to gain secure access to all the software they require throughout the day with no need to log in again ,with SAP Single Sign-OnThere are several process to set up setup SSO in On premise system as well as on cloud, here we will discuss SSO setup between Azure and SAP on Public Cloud using IdPThere are two primary options in which SAP Identity Authentication Services and Microsoft Entra ID can be integrated:Microsoft Entra ID as the Identity Provider (IdP): This scenario makes Microsoft Entra ID the central authentication hub, with users logging into SAP applications using their Microsoft Entra ID credentials. SAP IAS as the IdP: In this case, SAP IAS becomes the primary authentication source, with users logging into Microsoft Entra ID applications using their SAP credentials.Recently I got opportunity to setup SSO between Microsoft Entra ID (formerly known as Microsoft Azure Active Directory or Azure AD) , SAP IAS and SuccessFactors on SAP on Public Cloud (Grow with SAP) using SAP IAS as the IdP. Below are step to configure SSO between Azure ,IAS and Success Factor.1- Configure SAP IASLogin on IAS system go to Applications and Resources -> Tenant Settings ->Single Sign On-> SAML 2.0 Configuration the  download metadata file on you system share this file to Azure team and ask for Federation Metadata XML    2- Configure Microsoft Entra IDThis setp should be perform by azure admin system by following stepCreate an Application in Microsoft Entra ID: This application represents your SAP IAS instance. Login to https://portal.azure.com and setup the Microsoft Entra ID. Click Add -> Enterprise Applications   By default, Microsoft Azure supports variety of applications. Search with SAP Cloud Identity Services. Select the SAP Cloud Identity Services and click on create. We will be using the SAML Metadata file to setup the trust between Microsoft Entra ID and SAP Identity Authentication service (IAS). Click on Setup Single Sign-On.  Choose SAML as the SSO method and upload the SAP IAS metadata file.  After saving the application you can download the Federation Metadata XML file which we will add to the SAP Cloud Identity Services (IAS). 3- Configure Federation metadata on  IAS Login on IAS system and click identity Provider  and select Corporate identity Provider Click on create  Fill are require data  Click on create it will create entry in Identity provider   Now click on SAML2.0 Configuration And upload azure xml file    All setting between Azure and IAS system has been done.You can check  SSO connection via login on IAS system ,it will pick Azure authentication and will login without asking password on IAS systemNow going to setup SSO connection between IAS and managed application system here I will setup connection between IAS to success factor, you can choose other system depend on requirementLogin on IAS system and click on Application & Resources and select SuccessFactors system Now  select single Sign-on  and check Subject Name Identifier it should be as below    select single Sign-on  and check Default Name ID Format  Check attribute it should be as below  Now maintain domain in Conditional Authentication as per below   All setting has been completed for SF system    Now login to sf provision url and enable SSO    Now test sso from SF system it will automatically login on system without login page ReferenceSimplify SSO with Microsoft Entra ID (Azure AD) & … – SAP Communityhttps://learn.microsoft.com/en-us/entra/identity/saas-apps/sap-hana-cloud-platform-identity-authentication-tutorial   Read More Technology Blogs by Members articles 

#SAP

#SAPTechnologyblog

Avatar for

You May Also Like

More From Author