Implementing AD & Azure AD-based Authentication (part 1)

 




To read part 2 please click here


SAP Cloud Platform Identity Authentication

Add SAP Cloud Platform Identity Authentication from the gallery

If you want to configure the integration of SAP Cloud Platform Identity Authentication into Azure AD, then firstly we have to add SAP Cloud Platform Identity Authentication from the Azure AD application gallery to the list of managed SaaS apps.

Implement Azure AD single sign-on

After that you have to configure and test Azure AD-based SSO with the help of following steps:
  • Configure Azure AD Single Sign-On - to enable your users to use this features.
  • Configure SAP Cloud Platform Identity Authentication Single Sign-On - to configure the Single Sign-On settings on application side.
  • Assign Azure AD users to SAP Cloud Platform Identity Authentication.

Configure Azure AD single sign-on

First of all select Single sign-on at the SAP Cloud Platform Identity Authentication application integration page in the Azure portal.

Next select SAML/WS-Fed mode to enable single sign-on.

After that, click on Edit icon open Basic SAML Configuration dialog.

On the Basic SAML Configuration section, to configure IDP initiated mode, you have to specify the SAP Cloud Platform IAS tenant identifier (Entity ID) and the corresponding Reply URL (Assertion Consumer Service URL).

To obtain these values, you can contact the SAP Cloud Platform Identity Authentication Client support team at https://cloudplatform.sap.com/capabilities/security/trustcenter.html

Configure the relevant claims for this application, including givenname, surname, emailaddress, name, and Unique User Identifier. 

Configure SAP Cloud Platform Identity Authentication Single Sign-On

Upload Azure AD metadata XML file or configure manually the following fields:
  • Name: the entity ID of the corporate identity provider.
  • Single Sign-On Endpoint URL: For Binding, choose the one that corresponds to respective single sign-on endpoint.
  • Single Logout Endpoint URL: For Binding, choose the one that corresponds to respective single logout endpoint.
  • Signing Certificate: The base64-encoded certificate used by the identity provider to digitally sign SAML protocol messages sent to Identity Authentication. 

  Assign Azure AD users

In the Azure portal, select Enterprise Applications, select All applications, and then finally select SAP Cloud Platform Identity Authentication. In tha applications list, select SAP Cloud Platform Identity Authentication.

Note- You don't have to create a user in SAP Cloud Platform Identity Authentication and the users who are in Azure AD user store can use the SSO functionality.  



To read part 2 please click here





Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)