Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
Showing results for 
Search instead for 
Did you mean: 
Active Contributor

Part 1 – Overall Solution

Part 2 – Setting up Business Rules in SAP Cloud Platform

Part 3 – Modeling workflows in SAP Cloud Platform

Part 4 – Testing you workflow using monitoring tools

Part 5 – Triggering the workflow using a Start UI

Part 6 – Configuring trust between SAP Cloud Platform account and Identity Provider

Part 7 – Mapping user groups and roles in SAP Cloud Platform Portal


In this portion of the blog series, I will show you how to configure trust between SAP Cloud Platform (SAP CP) and Cloud Identity.

In SAP CP, navigate to Trust menu. SAP CP is by default configured to authenticate users based on SAP ID service. So if you have an S user and are setup in an account, you can use your S user to login. I am now going to change this to refer to SAP Cloud Identity. Click on Edit button and select “custom” as configuration type.

Download the metadata file as we will be using this within SAP Cloud Identity.

Assuming you are administrator of Cloud Identity, login and navigate to “Applications” menu. Click on “Add” to create an entry which would refer to SAP CP account. In this scenario, SAP CP is a service provider.

Navigate to SAML 2.0 configuration to configure the trust between Cloud Identity and SAP CP account.

Upload the metadata file downloaded earlier from SAP CP account and save the changes.

Since we are going to map IdP groups configured in Cloud Identity with SAP CP groups, we need to add “groups” as an assertion attribute.

Add groups as an assertion attribute and save your changes.

If you would like to change the display name and logo (which are provided in the login screen), you can make the changes here. I have just uploaded a new image which will be displayed to external vendors when they try to login.

Finally, you  would need to download the metadata file from SAP Cloud Identity which will be used within SAP CP account.

Navigate to “Tenant Settings” menu and under “SAML 2.0 configuration”, you should be able to find a button “download metadata file”. Download this file for use in the next step.

Switch back to SAP CP account and in the Trust setting, click on “Add Trusted Identity Provider” under “Application Identity Provider”.

Upload the metadata file downloaded earlier from SAP Cloud Identity and save your changes.

With this we have established a trust between SAP Cloud Platform account and Cloud Identity. If you try to launch the Portal service as an administrator, you will be challenged with the below login screen from Cloud Identity. In order to proceed, make sure you add your userID (as shown in Cloud Identity) to the TENANT_ADMIN role in Portal configuration service.

In the next blog, I will show you how to map the Cloud Identity Groups with SAP Cloud Platform Groups and roles. I will also quickly walk through the steps to create Portal site with Apps for each vendor


1 Comment
Labels in this area