Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
cancel
Showing results for 
Search instead for 
Did you mean: 
PolySonika
Explorer
7,421

Managing diverse identities across cloud environments can be a juggling act. Microsoft Entra ID (formerly known as Azure AD) and SAP Cloud Platform Identity Authentication Service (IAS) join forces to simplify access and boost security for your SAP landscape.


Connecting Microsoft Entra ID and IAS empowers you to:




  • Boost user productivity with SSO

  • Simplify identity management

  • Strengthen security with integrated MFA and threat detection

  • Streamline deployment and integration

  • Enjoy unmatched scalability and flexibility


There are two primary options in which SAP Identity Authentication Services and Microsoft Entra ID can be integrated:

  • Microsoft Entra ID as the Identity Provider (IdP): This scenario makes Microsoft Entra ID the central authentication hub, with users logging into SAP applications using their Microsoft Entra ID credentials.

  • SAP IAS as the IdP: In this case, SAP IAS becomes the primary authentication source, with users logging into Microsoft Entra ID applications using their SAP credentials.


In this blog we will be describing how to perform the integration between Microsoft Entra ID as the Identity Provider (IdP).

Connecting the Dots: How to Integrate Microsoft Entra ID and SAP IAS:

Configure SAP IAS

Create a Corporate Identity Provider (Corp IdP): This represents your Microsoft Entra ID instance. Click on Identity Provider -> Corporate Identity Providers.


Provide a Display Name and Select the Identity provider as Microsoft ADFS/Azure AD (SAML 2.0) 


Download the SAML Metadata File from the SAP Cloud Identity Services by going to Applications and Resources -> Tenant Settings -> SAML 2.0 Configuration -> Download Metadata File 


In SAP Cloud Identity Services go to Identity Providers -> Corporate Identity Providers -> Microsoft Entra ID Identity Provider that you created -> SAML 2.0 Configuration -> Upload Metadata File 

Note: You must complete the steps from Configure Microsoft Entra ID before proceeding with this step,


Configure Microsoft Entra ID

Create an Application in Microsoft Entra ID: This application represents your SAP IAS instance. Login to https://portal.azure.com and setup the Microsoft Entra ID.



Click Add -> Enterprise Applications 



By default, Microsoft Azure supports variety of applications. Search with SAP Cloud Identity Services. Select the SAP Cloud Identity Services and click on create.


We will be using the SAML Metadata file to setup the trust between Microsoft Entra ID and SAP Identity Authentication service (IAS). Click on Setup Single Sign-On.


 

Choose SAML as the SSO method and upload the SAP IAS metadata file.



After saving the application you can download the Federation Metadata XML file which we will add to the SAP Cloud Identity Services (IAS).


You may also define which users and groups can access SAP applications.

Test and verify

Thoroughly test the integration to ensure seamless logins and access control.

Conclusion: Integrating Microsoft Entra ID (Azure AD) with SAP Identity Authentication is a strategic move for organizations looking to streamline identity management processes, enhance security, and provide a seamless experience for users. By following the outlined steps and leveraging the capabilities of both platforms, businesses can create a robust and future-ready identity management ecosystem. This collaboration sets the stage for improved efficiency, heightened security, and a more productive user experience in today's digital era.
5 Comments
matevam
Explorer
0 Kudos
super insightful blog. Very informative seeing all the steps.
fraseggar
Explorer

Hi,

After following all the steps to configure SSO, how can I do to test the integration to ensure seamless logins and access control ? Could I test the connection to SAP Identity Authentication using my user id in AD Azure for example ?

Thanks in advance

Francesc

DavidRod
Explorer

Hi

Nice blog but one thing is missing

at the end go to application&resources > "delected application" > Conditional Authentication >  Default Authenticating Identity Provider

and change the Default Identity Provider to azure.

more inforamation can be found here: https://developers.sap.com/tutorials/cp-ias-azure-ad.html

see image below

Capture.PNG

 

Martin-Pankraz
Active Contributor
0 Kudos

Thanks for sharing @PolySonika. I'd like to add the reference to the best-practices guide for Entra ID (formerly Azure AD) with SAP IAS. Find it on Microsoft Learn here.

NitishKommara
Newcomer
0 Kudos

Hello All,

Just wondering what would be the SSO endpoint to be updated in the Azure AD?

Thank You!

Labels in this area