Scribd
Upload
21 views

SSO Configuration - Entra ID with SAP BTP

This document outlines the steps to create an Enterprise application in Azure Active Directory (Azure AD) and integrate it with SAP Cloud Identity Services (CIS) and SAP Business Technology Platform (BTP). It details the process of setting up single sign-on using SAML 2.0, configuring identity providers, and establishing trust between Azure AD and the Identity Authentication Service. Finally, it instructs on adding users to the CIS application and testing the connection to ensure successful login functionality.

Uploaded by

aditya.rajak2024
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
21 views

SSO Configuration - Entra ID with SAP BTP

This document outlines the steps to create an Enterprise application in Azure Active Directory (Azure AD) and integrate it with SAP Cloud Identity Services (CIS) and SAP Business Technology Platform (BTP). It details the process of setting up single sign-on using SAML 2.0, configuring identity providers, and establishing trust between Azure AD and the Identity Authentication Service. Finally, it instructs on adding users to the CIS application and testing the connection to ensure successful login functionality.

Uploaded by

aditya.rajak2024
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 29

Step 1: Create an Enterprise application in Azure AD

Login to Azure Portal by going to https://portal.azure.com and provide your credentials. (trial Account)

Create an Enterprise Application in Microsoft Entra ID


Search for Microsoft Entra ID in the search bar on the top of the page and select from the results below.
Select Microsoft Entra ID –
Step 2: Open Microsoft Entra ID which we created in step

2
Step 3: Click on Add button and then click on Enterprise Applications and search for SAP Cloud
Identity Services.

3
Step 4: Provide name to your SAP CIS and click on create, once application is created go to Enterprise
application in your Entra ID.

4
Step 5: Your application will be hosted here, now open the application and go to Single sign on
options.

5
Step 6: Select SAML 2.0 and maintain all the relevant and required fields. Once maintained
download the Federation Metadata XML as shown below

6
Step 7: Now create an SAP BTP trial account and go to your subaccount.

7
Step 8: Now got Service Marketplace and select Cloud Identity Services and select plan as default click
on create. (Selecting Subscription creates a new free IAS tenant for you)

8
9
Step 9: Once service is created it will appear as below –

10
Step 10: Once created, it creates your user as first Administrator and triggers and email to set the
password to your registered email id (which you used to setup the BTP trial access).

11
Step 11: Once you click on the link received in email, it will ask you to setup the password for your User. Fill in
your required details and then click on continue- it will take you to IAS admin console.

12
Step 12: Now we need to create a corporate Identity provider. Navigate to Identity Providers and
click Corporate Identity Providers.

13
Step 13: Now Click Add at the bottom of the page and define a name for the Identity Provider.
Click Save to finally create the Identity Provider.

14
Step 14: Now we need to upload the federation metadata xml file which we downloaded recently from
Azure to the corporate Identity provider as below –

15
Step 15: Now Change Identity provider type to Microsoft ADFS/ Azure AD (SAML 2.0) and click on save

16
Step 16: Now Download IAS tenant metadata go to the Tenant Settings under application and resources in
SAP Cloud Platform Identity Authentication Service and navigate to the SAML 2.0 Configuration.

17
Step 17: Now Download IAS tenant metadata go to the Tenant Settings under application and resources in
SAP Cloud Platform Identity Authentication Service and navigate to the SAML 2.0 Configuration.

18
Step 18: Now upload the recently downloaded IAS tenant metadata to Azure Active Directory

You have already uploaded the metadata file from Azure Active Directory to Identity Authentication service.
It’s time to do it the other way round now and upload the metadata of Identity Authentication service to
Azure Active Directory.
Go back to the https://portal.azure.com and search for Enterprise application in the search bar on top of the
page. Select the according result.

All the details are now taken from the


metadata file. There’s nothing to do for
you other than saving the details.
Therefore, click Save.
You have successfully connected Azure
Active Directory with your Identity
Authentication tenant. Furthermore, the
SAP BTP, Cloud Foundry subaccount can
now: leverage all the capabilities of
Identity Authentication service, for
instance users can login with their mail
address of Azure Active Directory (as long
as their account is part of the Azure Active
Directory and the enterprise application).
19
Step 19: Register SAP BTP Subaccount in Identity Authentication Service

Add trust configuration in SAP BTP


1. Navigate to your SAP BTP, Cloud Foundry subaccount. Therefore, go to the SAP BTP cockpit and click Enter Your
Trial Account.
2. Click the tile of your subaccount where you want to establish trust with the Identity Authentication service.
3. Open the security submenu Trust Configuration in the Security section and click New SAML Trust Configuration.

20
Step 20: Register SAP BTP Subaccount in Identity Authentication Service

Upload the metadata file of the Identity Authentication tenant, which you downloaded in the previous steps.
A message Metadata parsed successfully should appear.
Enter Identity Authentication service tenant as the name for the trust configuration.
Set Login message as Link Text for User Logon. This will appear on the login screen once a user tries to log in.
Continue with Save. You should now see an additional trust configuration.

21
Step 21: Now download SAP BTP SAML Metadata

Download the SAML Metadata file of your subaccount. Go to Connectivity of your subaccount,
Click on download SAML metadata.

22
Step 22: Now Create a new SAML service provider in IAS tenant.

1. Go back to the administration console


for Identity Authentication service
through your URL.
2. Choose Applications in the Applications
& Resources Applications menu
section to go to the service provider
configuration.
3. Create a new application by using
the create button to add a new SAML
service provider.
4. Enter SAP Cloud Platform CF
subaccount as the name for the
application that clearly identifies it as
your new service provider. Save your
changes.

23
Step 23: Now Upload SAP BTP subaccount metadata file in the newly created application on IAS

1. Choose SAML 2.0 Configuration in the


recently created application.
2. Import the relevant metadata XML
file of the SAP BTP subaccount.
3. Click Save.

24
Step 24: Now Configure Default name ID format in the newly created application in IAS

1. Choose Default Name ID Format in the


list of configurations.
2. Select E-Mail as a unique attribute.
3. Save the changes.

25
Step 25: Now add users in your CIS enterprise application service in Microsoft Entra ID
Now as we have created two connection one between Azure AD and IAS second with SAP BTP and IAS.
Now let’s check if the connection with our AD and IAS is successfully connected or not, for this we need to login into the
application hosted in subaccount of SAP BTP via users created in Azure AD.
Let’s create users in Azure AD under our enterprise application –

26
Step 25: Now add users in your CIS enterprise application service in Microsoft Entra ID
Create one or two test users as mentioned above.
Now copy the link of the application hosted in you BTP and open a new incognito tab then paste the link. Now login via
the user which you created recently in Azure AD.

27
28
29

You might also like