Managing diverse identities across cloud environments can be a juggling act. Microsoft Entra ID (formerly known as Azure AD) and SAP Cloud Platform Identity Authentication Service (IAS) join forces to simplify access and boost security for your SAP landscape.
Connecting Microsoft Entra ID and IAS empowers you to:
- Boost user productivity with SSO
- Simplify identity management
- Strengthen security with integrated MFA and threat detection
- Streamline deployment and integration
- Enjoy unmatched scalability and flexibility
There are two primary options in which SAP Identity Authentication Services and Microsoft Entra ID can be integrated:
- Microsoft Entra ID as the Identity Provider (IdP): This scenario makes Microsoft Entra ID the central authentication hub, with users logging into SAP applications using their Microsoft Entra ID credentials.
- SAP IAS as the IdP: In this case, SAP IAS becomes the primary authentication source, with users logging into Microsoft Entra ID applications using their SAP credentials.
In this blog we will be describing how to perform the integration between Microsoft Entra ID as the Identity Provider (IdP).
Connecting the Dots: How to Integrate Microsoft Entra ID and SAP IAS:
Configure SAP IAS
Create a Corporate Identity Provider (Corp IdP): This represents your Microsoft Entra ID instance.
Click on Identity Provider -> Corporate Identity Providers.
Provide a Display Name and Select the Identity provider as Microsoft ADFS/Azure AD (SAML 2.0)
Download the SAML Metadata File from the SAP Cloud Identity Services by going to Applications and Resources -> Tenant Settings -> SAML 2.0 Configuration -> Download Metadata File
In SAP Cloud Identity Services go to Identity Providers -> Corporate Identity Providers -> Microsoft Entra ID Identity Provider that you created -> SAML 2.0 Configuration -> Upload Metadata File
Note: You must complete the steps from
Configure Microsoft Entra ID before proceeding with this step,
Configure Microsoft Entra ID
Create an Application in Microsoft Entra ID: This application represents your SAP IAS instance.
Login to https://portal.azure.com and setup the Microsoft Entra ID.
Click Add -> Enterprise Applications
By default, Microsoft Azure supports variety of applications. Search with SAP Cloud Identity Services. Select the SAP Cloud Identity Services and click on create.
We will be using the SAML Metadata file to setup the trust between Microsoft Entra ID and SAP Identity Authentication service (IAS). Click on Setup Single Sign-On.
Choose SAML as the SSO method and upload the SAP IAS metadata file.
After saving the application you can download the Federation Metadata XML file which we will add to the SAP Cloud Identity Services (IAS).
You may also define which users and groups can access SAP applications.
Test and verify
Thoroughly test the integration to ensure seamless logins and access control.
Conclusion: Integrating Microsoft Entra ID (Azure AD) with SAP Identity Authentication is a strategic move for organizations looking to streamline identity management processes, enhance security, and provide a seamless experience for users. By following the outlined steps and leveraging the capabilities of both platforms, businesses can create a robust and future-ready identity management ecosystem. This collaboration sets the stage for improved efficiency, heightened security, and a more productive user experience in today's digital era.