The SAP Cloud Identityprovides services for authentication, single sign-on, and on-premise integration as well as self-services such as registration or password reset for employees, customer partners, and consumers. Users can access multiple cloud applications in the current session by authenticating just once in the SAP Cloud Identity service. In this blog, I will describe how to configure one of the most widely adopted standard in the industry, the Security Assertion Markup Language (SAML) 2.0 via the SAP Cloud Identity as Identity Provider(IdP).
1. Choose Identity Provider for an Application.
select the configured identity provider as the authenticating identity provider for the application.
a.https://<tenant ID>.accounts.ondemand.com/admin
b.Choose the Applicationstile. If you do not have a created application in your list, you can create one.
c. Choose Identity Provider
d. Under DEFAULT IDENTITY PROVIDER mark SAP Cloud Identity
Also see in the step 4 how to download the metadata.xml to the Identity Provider chosen.
2. Configure the Name ID Attribute Sent to the Application
Configure the profile attribute that SAP Cloud Identity service sends to the application as a name ID. The application then uses this attribute to identify the user.
a.https://<tenant ID>.accounts.ondemand.com/admin pattern.
b. Choose the Applications tile.
c. Choose the list item of the application that you want to edit.
d. In the Trust tab under SAML 2.0, choose Name ID Attribute.
e. Select the checkbox for the attribute “E-Mail”.
f. Save your selection.
3. Configure Service Provider
a. https://<tenant ID>.accounts.ondemand.com/admin pattern.
b. Choose the Applications tile.
c. Choose the list item of the application that you want to edit.
d. In the Trust tab under SAML 2.0, choose SAML 2.0 Configuration.
e. Browse the metadata.xml file downloaded from Service Provider(SP).
4. Default Identity Provider
The service provider requests identity information from the IdP, which you configure the service provider to trust. In the steps below you can download the IdP metadata XML that can be used during the configuration in the Service Provider.
a.https://<tenant ID>.accounts.ondemand.com/admin
b. Choose the Tenant Settings tile.
c. Choose SAML 2.0 Configuration.
d. Download the corporate identity provider metadata XML file
e. Copy certificate text in the “Insert as Text” and save in file with .crt extension