Skip to Content
avatar image
Former Member

SAP Analytics Cloud to Azure AD user mapping

Hello,

We are working on setting up SSO between SAP Analytics Cloud & Azure AD using SAML. If the name ID or email case in Azure AD doesn't match the case defined in Analytics cloud, how else can the user attribute be mapped?

In our case, user ids are defined as <FIRSTNAMEFIRSTLETTER><Lastname> and email is defined as <FIRSTNAMEFIRSTLETTER><Lastname>@<DOMAIN>.COM in Azure AD. However in Analytics cloud, username is all uppercase <FIRSTNAMEFIRSTLETTER><LASTNAME> while the email is all lower case <firstnamefirstletter><lastname>@<domain>.com.

I am trying to come up with a way on how the user can be mapped between IDP & SAC. The existing user identifiers in Azure AD - userprincipalname, user.mail, Join(), ExtractMailPrefix() doesn't seem to help in my scenario due to the case mismatch.

Is there anyway we can achieve this mapping for SAML to work?

Regards,

Sid

Add comment
10|10000 characters needed characters exceeded

  • Hi Sid,

    Were you able to get this working?

  • Former Member John Leggio

    Hi John,

    We haven't turned this on yet. Working thru on some other issues. I had follow up questions that I just posted below. Hoping someone is able to answer that as well.

  • Get RSS Feed

1 Answer

  • Best Answer
    Apr 26 at 08:29 AM

    Hi Sid,

    You can always select Custom SAML User Mapping. There are three methods to map your users: USER ID, email and "SAML User Mapping". That will open a new column in your Security > Users that will allow you to type whatever you want. You can type whatever you need to match the "Name ID" claim returned by Azure AD.

    Cheers,

    Julian

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Julian - just following up with couple more questions based on your answer

      1) Can we switch the IDP back to SAP cloud from Azure in future if there are any configuration issues? I read someplace that once we switch the IDP to use custom SAML mapping, then we cannot switch back.

      2) Also, in one of your blog post questions, you did mention that the SAP team is coming up with a workaround to login into SAC if the IDP is down (for any reason). Is that workaround available yet?

      Regards,

      Sid