Implementing AD & Azure AD-based Authentication (part 1)

By Ashwin Venugopal -

 




To read part 2 please click here


SAP Cloud Platform Identity Authentication

Add SAP Cloud Platform Identity Authentication from the gallery

If you want to configure the integration of SAP Cloud Platform Identity Authentication into Azure AD, then firstly we have to add SAP Cloud Platform Identity Authentication from the Azure AD application gallery to the list of managed SaaS apps.

Implement Azure AD single sign-on

After that you have to configure and test Azure AD-based SSO with the help of following steps:
  • Configure Azure AD Single Sign-On - to enable your users to use this features.
  • Configure SAP Cloud Platform Identity Authentication Single Sign-On - to configure the Single Sign-On settings on application side.
  • Assign Azure AD users to SAP Cloud Platform Identity Authentication.

Configure Azure AD single sign-on

First of all select Single sign-on at the SAP Cloud Platform Identity Authentication application integration page in the Azure portal.

Next select SAML/WS-Fed mode to enable single sign-on.

After that, click on Edit icon open Basic SAML Configuration dialog.

On the Basic SAML Configuration section, to configure IDP initiated mode, you have to specify the SAP Cloud Platform IAS tenant identifier (Entity ID) and the corresponding Reply URL (Assertion Consumer Service URL).

To obtain these values, you can contact the SAP Cloud Platform Identity Authentication Client support team at https://cloudplatform.sap.com/capabilities/security/trustcenter.html

Configure the relevant claims for this application, including givenname, surname, emailaddress, name, and Unique User Identifier. 

Configure SAP Cloud Platform Identity Authentication Single Sign-On

Upload Azure AD metadata XML file or configure manually the following fields:
  • Name: the entity ID of the corporate identity provider.
  • Single Sign-On Endpoint URL: For Binding, choose the one that corresponds to respective single sign-on endpoint.
  • Single Logout Endpoint URL: For Binding, choose the one that corresponds to respective single logout endpoint.
  • Signing Certificate: The base64-encoded certificate used by the identity provider to digitally sign SAML protocol messages sent to Identity Authentication. 

  Assign Azure AD users

In the Azure portal, select Enterprise Applications, select All applications, and then finally select SAP Cloud Platform Identity Authentication. In tha applications list, select SAP Cloud Platform Identity Authentication.

Note- You don't have to create a user in SAP Cloud Platform Identity Authentication and the users who are in Azure AD user store can use the SSO functionality.  



To read part 2 please click here





Comments

Post a Comment

Popular posts from this blog

Query, Visualize, & Monitor Data in Azure Sentinel

By Ashwin Venugopal -
Image
  Azure Sentinel Workbooks Several ready for use templates are provided by the Azure Sentinel that can be used to create your own workbook and then modify them as needed for Contoso. Most of the data connectors it uses to ingest data come with their own workbooks, but better insight can be obtained by simply looking into the data that is being ingested by using tables and visualizations, including bar and pie charts. You can also make your own workbook easily by using this data from the beginning instead of using the predefined templates. Workbook Page You can easily access the workbook page from the Azure Sentinel from the navigation pane which consists of the: Workbook header- You can add a new workbook and review the saved workbooks as well as templates that are available on the workbook page. Templates section- You can access existing workbook templates on the Templates tab. You can save some of the workbooks for quick access and they will appear on the My Workbooks tab.  From the
Read more

Planning for Implementing SAP Solutions on Azure (Part 2 of 5)

By Ashwin Venugopal -
Image
  To read part 1 please click  here To read part 3 please click  here To read part 4 please click  here To read part 5 please click  here Load Balancing The load balancer uses probe ports to determine as well as route the traffic to an active DBMS node, but of there's any failover then the most common SAP application architecture can automatically reconnect against the private virtual IP address without the need for the SAP application to reconfigure it, while the load balancer redirect the traffic against the private virtual IP address without any need for the SAP application to reconfigure. The loaf balancer also offers an option of DirectServerReturn which if configured, can help in directing the traffic from the DBMS VM to the SAP application layer directly to the application layer without routing through the load balancer. But, if it isn't configured, then the return traffic to the SAP application layer is routed through the load balancer. You can also use Azure Load Balan
Read more

Work with String Data Using KQL Statements

By Ashwin Venugopal -
Image
  Extract Data from Unstructured String Fields Unstructured string fields often contains the Security log data and requires parsing to extract data. There are multiple ways of pulling information from string fields in KQL and the two primary operators used are extract and parse.  Extract It gets a match for a regular expression from a text string. You can convert the extracted substring to the indicated type.  Arguments regex- A regular expression. captureGroup- A positive int constant indicating the capture group to extract. 0 stands for the entire match, 1 for the value matched by the first '('parenthesis')' in the regular expression, 2 or more for subsequent parenthesis.  text- A string to search. typeLiteral- An optional type literal. If provided, the extracted substring is converted to this type.  Returns If regex finds a match in text- the substring matched against the indicated capture group captureGroup, optionally converted to typeLiteral. If there's no mat
Read more